Use single shared random string generation function (#15741)

* Use single shared random string generation function - Replace 3 functions that do the same with 1 shared one - Use crypto/rand over math/rand for a stronger RNG - Output only alphanumerical for URL compatibilty Fixes: #15536 * use const string method * Update modules/avatar/avatar.go Co-authored-by: a1012112796 <1012112796@qq.com> Co-authored-by: a1012112796 <1012112796@qq.com>
2025-07-22 10:18:38 +00:00 · 2021-05-10 08:45:17 +02:00
parent 270aab429e
commit 1e6fa57acb
15 changed files with 100 additions and 192 deletions
--- a/models/twofactor.go
+++ b/models/twofactor.go
@@ -11,10 +11,10 @@ import (
 	"encoding/base64"
 	"fmt"

-	"code.gitea.io/gitea/modules/generate"
 	"code.gitea.io/gitea/modules/secret"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/timeutil"
+	"code.gitea.io/gitea/modules/util"

 	"github.com/pquerna/otp/totp"
 	"golang.org/x/crypto/pbkdf2"
@@ -34,11 +34,11 @@ type TwoFactor struct {

 // GenerateScratchToken recreates the scratch token the user is using.
 func (t *TwoFactor) GenerateScratchToken() (string, error) {
-	token, err := generate.GetRandomString(8)
+	token, err := util.RandomString(8)
 	if err != nil {
 		return "", err
 	}
-	t.ScratchSalt, _ = generate.GetRandomString(10)
+	t.ScratchSalt, _ = util.RandomString(10)
 	t.ScratchHash = hashToken(token, t.ScratchSalt)
 	return token, nil
 }