Better password generation (Fixes: #1803)

2019-06-25 21:01:57 +02:00 · 2019-06-25 21:01:57 +02:00 · b4ec8eaeeb
parent 3d1be3e7e5
commit b4ec8eaeeb
4 changed files with 15 additions and 4 deletions
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Ext2F.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Ext2F.pm
@ -3,6 +3,7 @@ package Lemonldap::NG::Portal::2F::Ext2F;
 use strict;
 use Mouse;
 use String::Random;
+use Crypt::URandom;
 use Lemonldap::NG::Portal::Main::Constants qw(
  PE_BADCREDENTIALS
  PE_ERROR
@ -38,7 +39,13 @@ sub init {
            $self->error("Missing 'ext2FSendCommand' parameter, aborting");
            return 0;
        }
-        $self->random( String::Random->new );
+        $self->random(
+            String::Random->new(
+                rand_gen => sub {
+                    return unpack( "Q", Crypt::URandom::urandom(8) ) % $_[0];
+                }
+            )
+        );
        $self->logo( $self->conf->{ext2fLogo} )
          if ( $self->conf->{ext2fLogo} );
        return $self->SUPER::init();
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Mail2F.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Mail2F.pm
@ -3,6 +3,7 @@ package Lemonldap::NG::Portal::2F::Mail2F;
 use strict;
 use Mouse;
 use String::Random;
+use Crypt::URandom;
 use Lemonldap::NG::Portal::Main::Constants qw(
  PE_BADCREDENTIALS
  PE_ERROR
@ -23,7 +24,9 @@ has prefix => ( is => 'ro', default => 'mail' );
 has random => (
    is      => 'rw',
    default => sub {
-        return String::Random->new;
+        return String::Random->new( rand_gen =>
+              sub { return unpack( "Q", Crypt::URandom::urandom(8) ) % $_[0] }
+        );
    }
 );

--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm
@ -8,7 +8,6 @@ use Lemonldap::NG::Common::UserAgent;
 use Lemonldap::NG::Common::FormEncode;
 use XML::Simple;
 use MIME::Base64;
-use String::Random;
 use HTTP::Request;         # SOAP call
 use POSIX qw(strftime);    # Convert SAML2 date into timestamp
 use Time::Local;           # Convert SAML2 date into timestamp
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SMTP.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SMTP.pm
@ -24,7 +24,9 @@ our $transport;
 has random => (
    is      => 'rw',
    default => sub {
-        return String::Random->new;
+        return String::Random->new( rand_gen =>
+              sub { return unpack( "Q", Crypt::URandom::urandom(8) ) % $_[0]; }
+        );
    }
 );
 has charset => (