Skip to content

Commit

Permalink
Use random generated password instead of a hardcoded one
Browse files Browse the repository at this point in the history
  • Loading branch information
@ThaminduR
ThaminduR committed Jul 2, 2024
1 parent e4c68d7 commit 5d23654
Showing 1 changed file with 30 additions and 2 deletions.
32 changes: 30 additions & 2 deletions .../user-mgt/org.wso2.carbon.user.mgt.ui/src/main/java/org/wso2/carbon/user/mgt/ui/Util.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,10 +54,12 @@
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Random;

public class Util {

Expand Down Expand Up @@ -280,13 +282,39 @@ public static boolean isUserOnBoardingEnabled(ServletContext context, HttpSessio
}

public static char[] generateRandomPassword(ServletContext context, HttpSession session) {
char[] tempPass = "password".toCharArray();

try {
return getAskPasswordTempPassGenerator(context, session).generatePassword();
} catch (Exception e) {
log.error("Error while generating the temporary password. Used the default password as temp password", e);
return tempPass;
return generateTemporaryPassword();
}
}

private static char[] generateTemporaryPassword() {

// Pick from some letters that won't be easily mistaken for each other.
// So, for example, omit o O and 0, 1 l and L.
// This will generate a random password which satisfy the following regex.
// ^((?=.*\\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#$%&*])).{12}$}
Random secureRandom = new SecureRandom();
String digits = "23456789";
String lowercaseLetters = "abcdefghjkmnpqrstuvwxyz";
String uppercaseLetters = "ABCDEFGHJKMNPQRSTUVWXYZ";
String specialCharacters = "!@#$%&*";
String characters = digits + lowercaseLetters + uppercaseLetters + specialCharacters;
int passwordLength = 12;
int mandatoryCharactersCount = 4;

StringBuilder pw = new StringBuilder();
for (int i = 0; i < passwordLength - mandatoryCharactersCount; i++) {
pw.append(characters.charAt(secureRandom.nextInt(characters.length())));
}
pw.append(digits.charAt(secureRandom.nextInt(digits.length())));
pw.append(lowercaseLetters.charAt(secureRandom.nextInt(lowercaseLetters.length())));
pw.append(uppercaseLetters.charAt(secureRandom.nextInt(uppercaseLetters.length())));
pw.append(specialCharacters.charAt(secureRandom.nextInt(specialCharacters.length())));
return pw.toString().toCharArray();
}

public static RandomPasswordGenerator getAskPasswordTempPassGenerator(ServletContext context, HttpSession session) {
Expand Down

0 comments on commit 5d23654

Please sign in to comment.