From 9fbe16c17b6b435d0737e15be2d06fddd76798cc Mon Sep 17 00:00:00 2001 From: =Corey Hulen Date: Wed, 9 Dec 2015 15:42:48 -0800 Subject: Generate salts when empty --- model/config.go | 17 +++++++++++++++++ model/utils.go | 12 ++++++++++++ model/utils_test.go | 12 ++++++++++++ 3 files changed, 41 insertions(+) (limited to 'model') diff --git a/model/config.go b/model/config.go index 14ce444c5..a3ba812b0 100644 --- a/model/config.go +++ b/model/config.go @@ -164,6 +164,23 @@ func ConfigFromJson(data io.Reader) *Config { } func (o *Config) SetDefaults() { + + if len(o.SqlSettings.AtRestEncryptKey) == 0 { + o.SqlSettings.AtRestEncryptKey = NewRandomString(32) + } + + if len(o.FileSettings.PublicLinkSalt) == 0 { + o.FileSettings.PublicLinkSalt = NewRandomString(32) + } + + if len(o.EmailSettings.InviteSalt) == 0 { + o.EmailSettings.InviteSalt = NewRandomString(32) + } + + if len(o.EmailSettings.PasswordResetSalt) == 0 { + o.EmailSettings.PasswordResetSalt = NewRandomString(32) + } + if o.ServiceSettings.EnableSecurityFixAlert == nil { o.ServiceSettings.EnableSecurityFixAlert = new(bool) *o.ServiceSettings.EnableSecurityFixAlert = true diff --git a/model/utils.go b/model/utils.go index b49b4bb24..5596b06ff 100644 --- a/model/utils.go +++ b/model/utils.go @@ -5,6 +5,7 @@ package model import ( "bytes" + "crypto/rand" "encoding/base32" "encoding/json" "fmt" @@ -81,6 +82,17 @@ func NewId() string { return b.String() } +func NewRandomString(length int) string { + var b bytes.Buffer + str := make([]byte, length+8) + rand.Read(str) + encoder := base32.NewEncoder(encoding, &b) + encoder.Write(str) + encoder.Close() + b.Truncate(length) // removes the '==' padding + return b.String() +} + // GetMillis is a convience method to get milliseconds since epoch. func GetMillis() int64 { return time.Now().UnixNano() / int64(time.Millisecond) diff --git a/model/utils_test.go b/model/utils_test.go index 7f14bcdf0..626386227 100644 --- a/model/utils_test.go +++ b/model/utils_test.go @@ -17,6 +17,18 @@ func TestNewId(t *testing.T) { } } +func TestRandomString(t *testing.T) { + for i := 0; i < 1000; i++ { + r := NewRandomString(32) + t.Log(r) + if len(r) != 32 { + t.Fatal("should be 32 chars") + } + } + + t.Fatal("test") +} + func TestAppError(t *testing.T) { err := NewAppError("TestAppError", "message", "") json := err.ToJson() -- cgit v1.2.3-1-g7c22 From 7299fd6a4c6a658b378e4df12468d302ff6a7512 Mon Sep 17 00:00:00 2001 From: =Corey Hulen Date: Wed, 9 Dec 2015 20:59:15 -0800 Subject: Fixing unit test --- model/utils_test.go | 3 --- 1 file changed, 3 deletions(-) (limited to 'model') diff --git a/model/utils_test.go b/model/utils_test.go index 626386227..1f1e5f023 100644 --- a/model/utils_test.go +++ b/model/utils_test.go @@ -20,13 +20,10 @@ func TestNewId(t *testing.T) { func TestRandomString(t *testing.T) { for i := 0; i < 1000; i++ { r := NewRandomString(32) - t.Log(r) if len(r) != 32 { t.Fatal("should be 32 chars") } } - - t.Fatal("test") } func TestAppError(t *testing.T) { -- cgit v1.2.3-1-g7c22