update dependencies, migrate RandomStringUtils

2025-05-11 13:22:08 +02:00
parent ff38b12fa9
commit 3d38e7df1e
13 changed files with 22 additions and 22 deletions
@@ -61,7 +61,7 @@ public class Setup implements SmartInitializingSingleton {
 		// create admin account if not found
 		if (!setup || !systemPropertyManager.has("setup")) {
 			if (!StringUtils.hasText(adminPassword)) {
-				adminPassword = RandomStringUtils.random(24, true, true);
+				adminPassword = RandomStringUtils.secure().next(24, true, true);
 				logger.error("password for 'admin': " + adminPassword);
 			}
 			User admin = userManager.create("admin", adminPassword, UserStatus.SLEEP);
@@ -271,7 +271,7 @@ public class UserManager implements UserDataProvider {
 	 */
 	public void passwordReset(User user, ServletOutputStream outputStream) {
 		// TODO: change to public key profile field
-		String resetToken = RandomStringUtils.random(64, true, true);
+		String resetToken = RandomStringUtils.secure().next(64, true, true);
 		String command = "echo \"" + resetToken + "\" | gpg -ear " + getBstlyEmail(user.getUsername())
 				+ " --always-trust";

@@ -60,7 +60,7 @@ public class UserDomainController extends BaseController {

 		userDomain.setTarget(getCurrentUserId());
 		userDomain.setValidated(false);
-		userDomain.setSecret(RandomStringUtils.random(UserDomainManager.DEFAULT_SECRET_LENGTH, true, true));
+		userDomain.setSecret(RandomStringUtils.secure().next(UserDomainManager.DEFAULT_SECRET_LENGTH, true, true));

 		Errors errors = new RequestBodyErrors(userDomain);

@@ -100,7 +100,7 @@ public class UserDomainManagementController extends BaseController {

 		if (userDomain.getId() == null) {
 			userDomain.setValidated(false);
-			userDomain.setSecret(RandomStringUtils.random(UserDomainManager.DEFAULT_SECRET_LENGTH, true, true));
+			userDomain.setSecret(RandomStringUtils.secure().next(UserDomainManager.DEFAULT_SECRET_LENGTH, true, true));
 		}

 		return userDomainManager.save(userDomain);