Merge pull request #337 from nextcloud/backport/336/stable15

[stable15] token instead of uuid
nextcloud · Oct 6, 2019 · e4a233d · e4a233d
2 parents 62369ef + 3b3e56d
commit e4a233d
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 22 deletions.
diff --git a/lib/Circles/FileSharingBroadcaster.php b/lib/Circles/FileSharingBroadcaster.php
@@ -181,14 +181,13 @@ public function createShareToMember(SharingFrame $frame, Member $member) {
 				$password = '';
 
 				if ($this->configService->enforcePasswordProtection()) {
-					$password = $this->miscService->uuid(15);
+					$password = $this->miscService->token(15);
 				}
 				$token = $this->tokensRequest->generateTokenForMember($member, $share->getId(), $password);
 				if ($token !== '') {
 					$this->sharedByMail($circle, $share, $member->getUserId(), $token, $password);
 				}
-			} catch (TokenDoesNotExistException $e) {
-			} catch (NotFoundException $e) {
+			} catch (Exception $e) {
 			}
 		}
 
@@ -465,7 +464,11 @@ private function generateEmailTemplate($subject, $text, $fileName, $link, $autho
 	private function sendMailExitingShares(array $unknownShares, $author, Member $member, $circleName) {
 		$password = '';
 		if ($this->configService->enforcePasswordProtection()) {
-			$password = $this->miscService->uuid(15);
+			try {
+				$password = $this->miscService->token(15);
+			} catch (Exception $e) {
+				return;
+			}
 		}
 
 		$data = [];

diff --git a/lib/Db/TokensRequest.php b/lib/Db/TokensRequest.php
@@ -109,7 +109,6 @@ public function getTokensFromMember(Member $member) {
 	}
 
 
-
 	/**
 	 * @param Member $member
 	 * @param int $shareId
@@ -119,11 +118,12 @@ public function getTokensFromMember(Member $member) {
 	 * @return string
 	 */
 	public function generateTokenForMember(Member $member, int $shareId, string $password = '') {
-		$token = $this->miscService->uuid(15);
-
-		$hasher = \OC::$server->getHasher();
-		$password = ($password !== '') ? $hasher->hash($password) : '';
 		try {
+			$token = $this->miscService->token(15);
+
+			$hasher = \OC::$server->getHasher();
+			$password = ($password !== '') ? $hasher->hash($password) : '';
+
 			$qb = $this->getTokensInsertSql();
 			$qb->setValue('circle_id', $qb->createNamedParameter($member->getCircleId()))
 			   ->setValue('user_id', $qb->createNamedParameter($member->getUserId()))

diff --git a/lib/Service/MiscService.php b/lib/Service/MiscService.php
@@ -307,23 +307,18 @@ public function asyncAndLeaveClientOutOfThis($result = '') {
 	 * @param int $length
 	 *
 	 * @return string
+	 * @throws Exception
 	 */
-	public function uuid(int $length = 0): string {
-		$uuid = sprintf(
-			'%04x%04x-%04x-%04x-%04x-%04x%04x%04x', mt_rand(0, 0xffff), mt_rand(0, 0xffff),
-			mt_rand(0, 0xffff), mt_rand(0, 0xfff) | 0x4000, mt_rand(0, 0x3fff) | 0x8000,
-			mt_rand(0, 0xffff), mt_rand(0, 0xffff), mt_rand(0, 0xffff)
-		);
-
-		if ($length > 0) {
-			if ($length <= 16) {
-				$uuid = str_replace('-', '', $uuid);
-			}
+	public function token(int $length = 0): string {
+		$chars = 'qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890';
 
-			$uuid = substr($uuid, 0, $length);
+		$str = '';
+		$max = strlen($chars);
+		for ($i = 0; $i <= $length; $i++) {
+			$str .= $chars[random_int(0, $max)];
 		}
 
-		return $uuid;
+		return $str;
 	}
 
 }