From db0d72a4f23d74fe28a291546ab401ad82db53e1 Mon Sep 17 00:00:00 2001 From: Sebastian Pravda Date: Fri, 16 Dec 2022 17:42:50 +0100 Subject: [PATCH] feat: 12 character code --- api/src/routes/admin.rs | 4 +-- core/src/crypto.rs | 37 +++++++++++++++----------- core/src/services/candidate_service.rs | 2 +- 3 files changed, 24 insertions(+), 19 deletions(-) diff --git a/api/src/routes/admin.rs b/api/src/routes/admin.rs index c8e807e..cdc7333 100644 --- a/api/src/routes/admin.rs +++ b/api/src/routes/admin.rs @@ -1,7 +1,7 @@ use std::net::{SocketAddr, IpAddr, Ipv4Addr}; use portfolio_core::{ - crypto::random_8_char_string, + crypto::random_12_char_string, services::{admin_service::AdminService, candidate_service::CandidateService, application_service::ApplicationService, portfolio_service::PortfolioService}, models::candidate::{BaseCandidateResponse, CreateCandidateResponse, ApplicationDetails}, sea_orm::prelude::Uuid, Query, error::ServiceError, utils::csv, }; use requests::{AdminLoginRequest, RegisterRequest}; @@ -90,7 +90,7 @@ pub async fn create_candidate( let db = conn.into_inner(); let form = request.into_inner(); - let plain_text_password = random_8_char_string(); + let plain_text_password = random_12_char_string(); ApplicationService::create_candidate_with_parent( db, diff --git a/core/src/crypto.rs b/core/src/crypto.rs index cc6f0a4..61d8924 100644 --- a/core/src/crypto.rs +++ b/core/src/crypto.rs @@ -15,22 +15,27 @@ use crate::error::ServiceError; /// Foolproof random 8 char string /// only uppercase letters (except for 0 and O) and numbers -pub fn random_8_char_string() -> String { - let iterator = rand::thread_rng() +pub fn random_12_char_string() -> String { + let random_chars_12: Vec = rand::thread_rng() .sample_iter(&rand::distributions::Alphanumeric) - .map(char::from); + .map(char::from) + .filter(is_usable_char) + .take(12) + .collect(); + + random_chars_12 + .iter() + .map(|c| c.to_string()) + .collect::>() + .join("") +} - let mut s = String::new(); - for c in iterator { - // add all characters except for: lowercase chars, 0 and O - if ('1'..='9').contains(&c) || ('A'..='N').contains(&c) || ('P'..'Z').contains(&c) { - s.push(c); - if s.len() == 8 { - break; - } - } - } - s +/// Exclude O and 0, lowercase letters +fn is_usable_char(c: &char) -> bool { + ('1'..='9').contains(&c) || + ('A'..='N').contains(&c) || + ('P'..'Z').contains(&c) || + ['@', '#', '$', '%'].contains(&c) } pub async fn hash_password(password_plain_text: String) -> Result { @@ -336,7 +341,7 @@ mod tests { #[test] fn test_random_8_char_string() { for _ in 0..1000 { - let s = super::random_8_char_string(); + let s = super::random_12_char_string(); // Is 8 chars long assert_eq!(s.len(), 8); // Does not contain possibly confusing characters @@ -388,7 +393,7 @@ mod tests { ); assert!(key_2.len() >= 32); - let key_3 = super::convert_key_aes256(&super::random_8_char_string()); + let key_3 = super::convert_key_aes256(&super::random_12_char_string()); assert!(key_3.len() >= 32); } diff --git a/core/src/services/candidate_service.rs b/core/src/services/candidate_service.rs index d38d365..dc0639a 100644 --- a/core/src/services/candidate_service.rs +++ b/core/src/services/candidate_service.rs @@ -105,7 +105,7 @@ impl CandidateService { let parents = Query::find_candidate_parents(db, &candidate).await?; - let new_password_plain = crypto::random_8_char_string(); + let new_password_plain = crypto::random_12_char_string(); let new_password_hash = crypto::hash_password(new_password_plain.clone()).await?; let (pubkey, priv_key_plain_text) = crypto::create_identity();