replace md5 with random_bytes and use 64 chars for api_key
This commit is contained in:
Thomas Rupprecht
GitHub
parent
1d158da441
commit
0e3d47f2e1
|
|
@ -16,7 +16,7 @@ class PasswordResetFactory extends Factory
|
||||||
public function definition()
|
public function definition()
|
||||||
{
|
{
|
||||||
return [
|
return [
|
||||||
'token' => md5($this->faker->unique()->password()),
|
'token' => bin2hex(random_bytes(16)),
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -19,7 +19,7 @@ class UserFactory extends Factory
|
||||||
'name' => $this->faker->unique()->userName(),
|
'name' => $this->faker->unique()->userName(),
|
||||||
'password' => password_hash($this->faker->password(), PASSWORD_DEFAULT),
|
'password' => password_hash($this->faker->password(), PASSWORD_DEFAULT),
|
||||||
'email' => $this->faker->unique()->safeEmail(),
|
'email' => $this->faker->unique()->safeEmail(),
|
||||||
'api_key' => md5($this->faker->unique()->password()),
|
'api_key' => bin2hex(random_bytes(32)),
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,31 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
declare(strict_types=1);
|
||||||
|
|
||||||
|
namespace Engelsystem\Migrations;
|
||||||
|
|
||||||
|
use Engelsystem\Database\Migration\Migration;
|
||||||
|
use Illuminate\Database\Schema\Blueprint;
|
||||||
|
|
||||||
|
class ChangeApiKeyLength extends Migration
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* Run the migration
|
||||||
|
*/
|
||||||
|
public function up()
|
||||||
|
{
|
||||||
|
$this->schema->table('users', function (Blueprint $table) {
|
||||||
|
$table->string('api_key', 64)->change();
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Reverse the migration
|
||||||
|
*/
|
||||||
|
public function down()
|
||||||
|
{
|
||||||
|
$this->schema->table('users', function (Blueprint $table) {
|
||||||
|
$table->string('api_key', 32)->change();
|
||||||
|
});
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
@ -212,7 +212,7 @@ function User_validate_planned_departure_date($planned_arrival_date, $planned_de
|
||||||
*/
|
*/
|
||||||
function User_reset_api_key($user, $log = true)
|
function User_reset_api_key($user, $log = true)
|
||||||
{
|
{
|
||||||
$user->api_key = md5($user->name . time() . rand());
|
$user->api_key = bin2hex(random_bytes(32));
|
||||||
$user->save();
|
$user->save();
|
||||||
|
|
||||||
if ($log) {
|
if ($log) {
|
||||||
|
|
|
||||||
|
|
@ -76,7 +76,7 @@ class PasswordResetController extends BaseController
|
||||||
if ($user) {
|
if ($user) {
|
||||||
$reset = (new PasswordReset())->findOrNew($user->id);
|
$reset = (new PasswordReset())->findOrNew($user->id);
|
||||||
$reset->user_id = $user->id;
|
$reset->user_id = $user->id;
|
||||||
$reset->token = md5(random_bytes(64));
|
$reset->token = bin2hex(random_bytes(16));
|
||||||
$reset->save();
|
$reset->save();
|
||||||
|
|
||||||
$this->log->info(
|
$this->log->info(
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue