diff options
-rw-r--r-- | lib/MatterbridgeManager.php | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/lib/MatterbridgeManager.php b/lib/MatterbridgeManager.php index a38e2ead6..b1d6f9c2a 100644 --- a/lib/MatterbridgeManager.php +++ b/lib/MatterbridgeManager.php @@ -288,7 +288,7 @@ class MatterbridgeManager { $botUserId = 'bridge-bot'; // check if user exists and create it if necessary if (!$this->userManager->userExists($botUserId)) { - $pass = md5((string)mt_rand()); + $pass = $this->generatePassword(); $this->config->setAppValue('spreed', 'bridge_bot_password', $pass); $botUser = $this->userManager->createUser($botUserId, $pass); // set avatar @@ -321,7 +321,7 @@ class MatterbridgeManager { if ($create) { // generate app token for the bot - $appToken = $this->random->generate(72, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS); + $appToken = $this->generatePassword(); $botPassword = $this->config->getAppValue('spreed', 'bridge_bot_password', ''); $generatedToken = $this->tokenProvider->generateToken( $appToken, @@ -342,6 +342,23 @@ class MatterbridgeManager { ]; } + private function generatePassword(): string { + // remove \ and " because it messes with Matterbridge toml file parsing + $symbols = str_replace(['"', '\\'], '', ISecureRandom::CHAR_SYMBOLS); + + // make sure we have at least one of all categories + $upper = $this->random->generate(1, ISecureRandom::CHAR_UPPER); + $lower = $this->random->generate(1, ISecureRandom::CHAR_LOWER); + $digit = $this->random->generate(1, ISecureRandom::CHAR_DIGITS); + $symbol = $this->random->generate(1, $symbols); + + $randomString = $this->random->generate(68, ISecureRandom::CHAR_UPPER . ISecureRandom::CHAR_LOWER . ISecureRandom::CHAR_DIGITS . $symbols); + + $password = $upper . $lower . $digit . $symbol . $randomString; + $password = str_shuffle($password); + return $password; + } + /** * Actually generate the matterbridge configuration file content for one bridge (one room) * It basically add a pair of sections for each part: authentication and target channel |