update dependencies, migrate RandomStringUtils
This commit is contained in:
@@ -61,7 +61,7 @@ public class Setup implements SmartInitializingSingleton {
|
||||
// create admin account if not found
|
||||
if (!setup || !systemPropertyManager.has("setup")) {
|
||||
if (!StringUtils.hasText(adminPassword)) {
|
||||
adminPassword = RandomStringUtils.random(24, true, true);
|
||||
adminPassword = RandomStringUtils.secure().next(24, true, true);
|
||||
logger.error("password for 'admin': " + adminPassword);
|
||||
}
|
||||
User admin = userManager.create("admin", adminPassword, UserStatus.SLEEP);
|
||||
|
||||
@@ -271,7 +271,7 @@ public class UserManager implements UserDataProvider {
|
||||
*/
|
||||
public void passwordReset(User user, ServletOutputStream outputStream) {
|
||||
// TODO: change to public key profile field
|
||||
String resetToken = RandomStringUtils.random(64, true, true);
|
||||
String resetToken = RandomStringUtils.secure().next(64, true, true);
|
||||
String command = "echo \"" + resetToken + "\" | gpg -ear " + getBstlyEmail(user.getUsername())
|
||||
+ " --always-trust";
|
||||
|
||||
|
||||
@@ -60,7 +60,7 @@ public class UserDomainController extends BaseController {
|
||||
|
||||
userDomain.setTarget(getCurrentUserId());
|
||||
userDomain.setValidated(false);
|
||||
userDomain.setSecret(RandomStringUtils.random(UserDomainManager.DEFAULT_SECRET_LENGTH, true, true));
|
||||
userDomain.setSecret(RandomStringUtils.secure().next(UserDomainManager.DEFAULT_SECRET_LENGTH, true, true));
|
||||
|
||||
Errors errors = new RequestBodyErrors(userDomain);
|
||||
|
||||
|
||||
@@ -100,7 +100,7 @@ public class UserDomainManagementController extends BaseController {
|
||||
|
||||
if (userDomain.getId() == null) {
|
||||
userDomain.setValidated(false);
|
||||
userDomain.setSecret(RandomStringUtils.random(UserDomainManager.DEFAULT_SECRET_LENGTH, true, true));
|
||||
userDomain.setSecret(RandomStringUtils.secure().next(UserDomainManager.DEFAULT_SECRET_LENGTH, true, true));
|
||||
}
|
||||
|
||||
return userDomainManager.save(userDomain);
|
||||
|
||||
@@ -53,7 +53,7 @@ public class DyndnsTokenManager implements UserDataProvider {
|
||||
*/
|
||||
public DyndnsToken create(Long owner, boolean quota) {
|
||||
DyndnsToken dyndnsToken = new DyndnsToken();
|
||||
String token = RandomStringUtils.random(TOKEN_LENGTH, true, true);
|
||||
String token = RandomStringUtils.secure().next(TOKEN_LENGTH, true, true);
|
||||
dyndnsToken.setOwner(owner);
|
||||
dyndnsToken.setToken(token);
|
||||
dyndnsToken.setTokenHash(passwordEncoder.encode(dyndnsToken.getToken()));
|
||||
|
||||
@@ -165,9 +165,9 @@ public class InviteManager implements UserDataProvider {
|
||||
*/
|
||||
public Invite save(Invite invite) {
|
||||
if (!StringUtils.hasText(invite.getCode())) {
|
||||
invite.setCode(RandomStringUtils.random(codeLength, true, true).toUpperCase());
|
||||
invite.setCode(RandomStringUtils.secure().next(codeLength, true, true).toUpperCase());
|
||||
while (inviteRepository.exists(qInvite.code.eq(invite.getCode()))) {
|
||||
invite.setCode(RandomStringUtils.random(codeLength, true, true).toUpperCase());
|
||||
invite.setCode(RandomStringUtils.secure().next(codeLength, true, true).toUpperCase());
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -107,14 +107,14 @@ public class OidcClientManager {
|
||||
oidcClient.setAlwaysPermitted(alwaysPermitted);
|
||||
oidcClient.setTokenLifetime(OIDC_CLIENT_TOKEN_LIFETIME);
|
||||
|
||||
String clientId = RandomStringUtils.random(OIDC_CLIENT_CLIENT_ID_LENGTH, true, true);
|
||||
String clientId = RandomStringUtils.secure().next(OIDC_CLIENT_CLIENT_ID_LENGTH, true, true);
|
||||
|
||||
while (oidcClientRepository.findOne(qOidcClient.clientId.eq(clientId)).isPresent()) {
|
||||
clientId = RandomStringUtils.random(OIDC_CLIENT_CLIENT_ID_LENGTH, true, true);
|
||||
clientId = RandomStringUtils.secure().next(OIDC_CLIENT_CLIENT_ID_LENGTH, true, true);
|
||||
}
|
||||
|
||||
oidcClient.setClientId(clientId);
|
||||
oidcClient.setClientSecret(RandomStringUtils.random(OIDC_CLIENT_CLIENT_SECRET_LENGTH, true, true));
|
||||
oidcClient.setClientSecret(RandomStringUtils.secure().next(OIDC_CLIENT_CLIENT_SECRET_LENGTH, true, true));
|
||||
|
||||
return oidcClientRepository.save(oidcClient);
|
||||
}
|
||||
@@ -138,7 +138,7 @@ public class OidcClientManager {
|
||||
public OidcClient createNewSecretByClientName(String clientName) {
|
||||
OidcClient oidcClient = getByClientName(clientName);
|
||||
Assert.notNull(oidcClient, "No client found for name '" + clientName + "'");
|
||||
oidcClient.setClientSecret(RandomStringUtils.random(OIDC_CLIENT_CLIENT_SECRET_LENGTH, true, true));
|
||||
oidcClient.setClientSecret(RandomStringUtils.secure().next(OIDC_CLIENT_CLIENT_SECRET_LENGTH, true, true));
|
||||
|
||||
return oidcClientRepository.save(oidcClient);
|
||||
}
|
||||
|
||||
@@ -72,11 +72,11 @@ public class OidcSessionManager {
|
||||
* @return the string
|
||||
*/
|
||||
public String createSid() {
|
||||
String sid = new StringBuilder(RandomStringUtils.random(SID_LENGTH, true, true)).insert(8, "-").insert(13, "-")
|
||||
String sid = new StringBuilder(RandomStringUtils.secure().next(SID_LENGTH, true, true)).insert(8, "-").insert(13, "-")
|
||||
.insert(18, "-").insert(23, "-").toString();
|
||||
|
||||
while (oidcSessionRepository.exists(qOidcSession.sid.eq(sid))) {
|
||||
sid = new StringBuilder(RandomStringUtils.random(SID_LENGTH, true, true)).insert(8, "-").insert(13, "-")
|
||||
sid = new StringBuilder(RandomStringUtils.secure().next(SID_LENGTH, true, true)).insert(8, "-").insert(13, "-")
|
||||
.insert(18, "-").insert(23, "-").toString();
|
||||
}
|
||||
return sid;
|
||||
@@ -401,7 +401,7 @@ public class OidcSessionManager {
|
||||
claimsSetBuilder.issuer(issuer);
|
||||
claimsSetBuilder.audience(client.getClientId());
|
||||
claimsSetBuilder.issueTime(new Date());
|
||||
claimsSetBuilder.jwtID(RandomStringUtils.random(JWT_ID_LENGTH, true, true));
|
||||
claimsSetBuilder.jwtID(RandomStringUtils.secure().next(JWT_ID_LENGTH, true, true));
|
||||
if (StringUtils.hasText(sid)) {
|
||||
claimsSetBuilder.claim("sid", sid);
|
||||
}
|
||||
|
||||
@@ -133,7 +133,7 @@ public class OidcTokenManager implements SmartInitializingSingleton {
|
||||
*/
|
||||
public OidcToken createToken(OidcClient client, Long userId, boolean refreshToken) {
|
||||
return createToken(client, userId,
|
||||
refreshToken ? RandomStringUtils.random(REFRESH_TOKEN_LENGTH, true, true) : null);
|
||||
refreshToken ? RandomStringUtils.secure().next(REFRESH_TOKEN_LENGTH, true, true) : null);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -148,7 +148,7 @@ public class OidcTokenManager implements SmartInitializingSingleton {
|
||||
OidcToken token = new OidcToken();
|
||||
token.setClient(client.getId());
|
||||
token.setUserId(userId);
|
||||
token.setAccessToken(RandomStringUtils.random(ACCESS_TOKEN_LENGTH, true, true));
|
||||
token.setAccessToken(RandomStringUtils.secure().next(ACCESS_TOKEN_LENGTH, true, true));
|
||||
if (StringUtils.hasText(refreshToken)) {
|
||||
token.setRefreshToken(refreshToken);
|
||||
}
|
||||
@@ -179,7 +179,7 @@ public class OidcTokenManager implements SmartInitializingSingleton {
|
||||
|
||||
token.setUserId(user.getId());
|
||||
token.setAlias(alias);
|
||||
token.setAccessToken(RandomStringUtils.random(ACCESS_TOKEN_LENGTH, true, true));
|
||||
token.setAccessToken(RandomStringUtils.secure().next(ACCESS_TOKEN_LENGTH, true, true));
|
||||
token.setExpiresIn(client.getTokenLifetime());
|
||||
|
||||
Builder claimsSetBuilder = createUserClaims(client, user, alias);
|
||||
|
||||
@@ -41,7 +41,7 @@ public class OidcAuthorizationCode {
|
||||
this.clientId = clientId;
|
||||
this.redirectUri = redirectUri;
|
||||
this.scopes = scopes;
|
||||
this.code = RandomStringUtils.random(CODE_LENGTH, true, true);
|
||||
this.code = RandomStringUtils.secure().next(CODE_LENGTH, true, true);
|
||||
this.expiry = Instant.now().plus(EXPIRY_MINUTES, ChronoUnit.MINUTES);
|
||||
this.userId = userId;
|
||||
this.nonce = nonce;
|
||||
|
||||
+1
-1
@@ -182,7 +182,7 @@ public class TimeslotValidator implements Validator {
|
||||
}
|
||||
|
||||
if (!StringUtils.hasText(timeslot.getSecret())) {
|
||||
timeslot.setSecret(RandomStringUtils.random(STREAM_SECRET_LENGTH, true, true));
|
||||
timeslot.setSecret(RandomStringUtils.secure().next(STREAM_SECRET_LENGTH, true, true));
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -20,7 +20,7 @@
|
||||
<parent>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-parent</artifactId>
|
||||
<version>3.4.0</version>
|
||||
<version>3.4.5</version>
|
||||
<relativePath />
|
||||
</parent>
|
||||
|
||||
|
||||
+2
-2
@@ -179,9 +179,9 @@ public class ShortenedUrlManager implements SmartInitializingSingleton, UserData
|
||||
if (StringUtils.hasText(code)) {
|
||||
Assert.isTrue(!shortenedUrlRepository.existsById(code), "Given code already exists!");
|
||||
} else {
|
||||
code = RandomStringUtils.random(codeLength, true, true).toUpperCase();
|
||||
code = RandomStringUtils.secure().next(codeLength, true, true).toUpperCase();
|
||||
while (shortenedUrlRepository.existsById(code)) {
|
||||
code = RandomStringUtils.random(codeLength, true, true).toUpperCase();
|
||||
code = RandomStringUtils.secure().next(codeLength, true, true).toUpperCase();
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user