Fix random string generator (#384)

* Remove unused custom-alphabet feature of random string generator Fix random string generator Random string generator should return error if it fails to read random data via crypto/rand * Fixes variable (un)initialization mixed assign Update test GetRandomString
2016-12-20 14:32:02 +02:00 · 2016-12-20 14:32:02 +02:00 · 380e32e129
commit 380e32e129
parent 952587dbae
11 changed files with 94 additions and 35 deletions
--- a/models/migrations/migrations.go
+++ b/models/migrations/migrations.go
@ -457,8 +457,12 @@ func generateOrgRandsAndSalt(x *xorm.Engine) (err error) {
 	}

 	for _, org := range orgs {
-		org.Rands = base.GetRandomString(10)
-		org.Salt = base.GetRandomString(10)
+		if org.Rands, err = base.GetRandomString(10); err != nil {
+			return err
+		}
+		if org.Salt, err = base.GetRandomString(10); err != nil {
+			return err
+		}
 		if _, err = sess.Id(org.ID).Update(org); err != nil {
 			return err
 		}
--- a/models/org.go
+++ b/models/org.go
@ -109,8 +109,12 @@ func CreateOrganization(org, owner *User) (err error) {
 	}

 	org.LowerName = strings.ToLower(org.Name)
-	org.Rands = GetUserSalt()
-	org.Salt = GetUserSalt()
+	if org.Rands, err = GetUserSalt(); err != nil {
+		return err
+	}
+	if org.Salt, err = GetUserSalt(); err != nil {
+		return err
+	}
 	org.UseCustomAvatar = true
 	org.MaxRepoCreation = -1
 	org.NumTeams = 1
--- a/models/user.go
+++ b/models/user.go
@ -532,7 +532,7 @@ func IsUserExist(uid int64, name string) (bool, error) {
 }

 // GetUserSalt returns a ramdom user salt token.
-func GetUserSalt() string {
+func GetUserSalt() (string, error) {
 	return base.GetRandomString(10)
 }

@ -604,8 +604,12 @@ func CreateUser(u *User) (err error) {
 	u.LowerName = strings.ToLower(u.Name)
 	u.AvatarEmail = u.Email
 	u.Avatar = base.HashEmail(u.AvatarEmail)
-	u.Rands = GetUserSalt()
-	u.Salt = GetUserSalt()
+	if u.Rands, err = GetUserSalt(); err != nil {
+		return err
+	}
+	if u.Salt, err = GetUserSalt(); err != nil {
+		return err
+	}
 	u.EncodePasswd()
 	u.MaxRepoCreation = -1

--- a/models/user_mail.go
+++ b/models/user_mail.go
@ -122,7 +122,9 @@ func (email *EmailAddress) Activate() error {
 	if err != nil {
 		return err
 	}
-	user.Rands = GetUserSalt()
+	if user.Rands, err = GetUserSalt(); err != nil {
+		return err
+	}

 	sess := x.NewSession()
 	defer sessionRelease(sess)