From 61c0cec5f0d74c8cae7df7e340369bfb2e34b6ee Mon Sep 17 00:00:00 2001 From: Claudio Cambra Date: Fri, 19 May 2023 15:52:06 +0800 Subject: [PATCH 1/6] Generate better passwords for shares Signed-off-by: Claudio Cambra --- src/gui/filedetails/sharemodel.cpp | 29 +++++++++++++++++++++++------ 1 file changed, 23 insertions(+), 6 deletions(-) diff --git a/src/gui/filedetails/sharemodel.cpp b/src/gui/filedetails/sharemodel.cpp index 1a72cad299ef4..03ce26f84c123 100644 --- a/src/gui/filedetails/sharemodel.cpp +++ b/src/gui/filedetails/sharemodel.cpp @@ -17,10 +17,11 @@ #include #include +#include + #include "account.h" #include "folderman.h" #include "theme.h" -#include "wordlist.h" namespace { @@ -28,16 +29,32 @@ static const auto placeholderLinkShareId = QStringLiteral("__placeholderLinkShar static const auto internalLinkShareId = QStringLiteral("__internalLinkShareId__"); static const auto secureFileDropPlaceholderLinkShareId = QStringLiteral("__secureFileDropPlaceholderLinkShareId__"); +constexpr auto asciiMin = 33; +constexpr auto asciiMax = 126; + QString createRandomPassword() { - const auto words = OCC::WordList::getRandomWords(10); + constexpr auto numChars = 24; + QString passwd; - const auto addFirstLetter = [](const QString ¤t, const QString &next) -> QString { - return current + next.at(0); - }; + while(passwd.length() < numChars) { + const auto remainingChars = numChars - passwd.length(); + unsigned char unsignedCharArray[remainingChars]; + RAND_bytes(unsignedCharArray, remainingChars); - return std::accumulate(std::cbegin(words), std::cend(words), QString(), addFirstLetter); + for (auto i = 0; i < remainingChars; i++) { + auto byte = unsignedCharArray[i]; + byte %= asciiMax; + + if (byte >= asciiMin) { + passwd.append(byte); + } + } + } + + return passwd; } + } namespace OCC From 282fcad0af988a02253bdb581e54494d82c61a81 Mon Sep 17 00:00:00 2001 From: Claudio Cambra Date: Sat, 20 May 2023 23:12:31 +0800 Subject: [PATCH 2/6] Simplify password generation in sharemodel Signed-off-by: Claudio Cambra --- src/gui/filedetails/sharemodel.cpp | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/src/gui/filedetails/sharemodel.cpp b/src/gui/filedetails/sharemodel.cpp index 03ce26f84c123..1315c69d45163 100644 --- a/src/gui/filedetails/sharemodel.cpp +++ b/src/gui/filedetails/sharemodel.cpp @@ -37,10 +37,15 @@ QString createRandomPassword() constexpr auto numChars = 24; QString passwd; - while(passwd.length() < numChars) { - const auto remainingChars = numChars - passwd.length(); - unsigned char unsignedCharArray[remainingChars]; - RAND_bytes(unsignedCharArray, remainingChars); + unsigned char unsignedCharArray[numChars]; + RAND_bytes(unsignedCharArray, numChars); + + for (auto i = 0; i < numChars; i++) { + auto byte = unsignedCharArray[i]; + byte %= asciiRange; + byte += asciiMin; + passwd.append(byte); + } for (auto i = 0; i < remainingChars; i++) { auto byte = unsignedCharArray[i]; From 3e8ef436bd9a4b4c2b67158403c6f46772064a3a Mon Sep 17 00:00:00 2001 From: Claudio Cambra Date: Sat, 20 May 2023 23:30:12 +0800 Subject: [PATCH 3/6] Guarantee that the generated password for share will have all the types of characters needed to pass server check Signed-off-by: Claudio Cambra --- src/gui/filedetails/sharemodel.cpp | 44 ++++++++++++++++++++++++------ 1 file changed, 35 insertions(+), 9 deletions(-) diff --git a/src/gui/filedetails/sharemodel.cpp b/src/gui/filedetails/sharemodel.cpp index 1315c69d45163..45520a4c52b4f 100644 --- a/src/gui/filedetails/sharemodel.cpp +++ b/src/gui/filedetails/sharemodel.cpp @@ -31,30 +31,56 @@ static const auto secureFileDropPlaceholderLinkShareId = QStringLiteral("__secur constexpr auto asciiMin = 33; constexpr auto asciiMax = 126; +constexpr auto asciiRange = asciiMax - asciiMin; QString createRandomPassword() { - constexpr auto numChars = 24; - QString passwd; + static constexpr auto numChars = 24; + + static constexpr std::string_view lowercaseAlphabet = "abcdefghijklmnopqrstuvwxyz"; + static constexpr std::string_view uppercaseAlphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"; + static constexpr std::string_view numbers = "0123456789"; + static constexpr std::string_view specialChars = R"(ªº\\/|"'*+-_´¨{}·#$%&()=\[\]<>;:@~)"; + + static const QRegularExpression lowercaseMatch("[a-z]"); + static const QRegularExpression uppercaseMatch("[A-Z]"); + static const QRegularExpression numberMatch("[0-9]"); + static const QRegularExpression specialCharMatch(QString("[%1]").arg(specialChars.data())); + static const std::map matchMap { + { lowercaseAlphabet, lowercaseMatch }, + { uppercaseAlphabet, uppercaseMatch }, + { numbers, numberMatch }, + { specialChars, specialCharMatch }, + }; + + QString passwd; unsigned char unsignedCharArray[numChars]; + RAND_bytes(unsignedCharArray, numChars); for (auto i = 0; i < numChars; i++) { auto byte = unsignedCharArray[i]; - byte %= asciiRange; + byte %= asciiRange + 1; byte += asciiMin; passwd.append(byte); } - for (auto i = 0; i < remainingChars; i++) { - auto byte = unsignedCharArray[i]; - byte %= asciiMax; + for (const auto &charsWithMatcher : matchMap) { + const auto selectionChars = charsWithMatcher.first; + const auto matcher = charsWithMatcher.second; + Q_ASSERT(matcher.isValid()); - if (byte >= asciiMin) { - passwd.append(byte); - } + if (matcher.match(passwd).hasMatch()) { + continue; } + + // add random required character at random position + const auto passwdInsertIndex = std::rand() % passwd.length(); + const auto charToInsertIndex = std::rand() % selectionChars.length(); + const auto charToInsert = selectionChars.at(charToInsertIndex); + + passwd.insert(passwdInsertIndex, charToInsert); } return passwd; From fc03a0fa32f3ff2aeb959ddc729814ba1d642a51 Mon Sep 17 00:00:00 2001 From: Claudio Cambra Date: Sun, 21 May 2023 00:34:54 +0800 Subject: [PATCH 4/6] Replace use of std::rand with improved C++11 random Signed-off-by: Claudio Cambra --- src/gui/filedetails/sharemodel.cpp | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/src/gui/filedetails/sharemodel.cpp b/src/gui/filedetails/sharemodel.cpp index 45520a4c52b4f..963c4d46b4a9b 100644 --- a/src/gui/filedetails/sharemodel.cpp +++ b/src/gui/filedetails/sharemodel.cpp @@ -17,6 +17,7 @@ #include #include +#include #include #include "account.h" @@ -54,6 +55,9 @@ QString createRandomPassword() { specialChars, specialCharMatch }, }; + std::random_device rand_dev; + std::mt19937 rng(rand_dev()); + QString passwd; unsigned char unsignedCharArray[numChars]; @@ -76,8 +80,11 @@ QString createRandomPassword() } // add random required character at random position - const auto passwdInsertIndex = std::rand() % passwd.length(); - const auto charToInsertIndex = std::rand() % selectionChars.length(); + std::uniform_int_distribution passwdDist(0, passwd.length() - 1); + std::uniform_int_distribution charsDist(0, selectionChars.length() - 1); + + const auto passwdInsertIndex = passwdDist(rng); + const auto charToInsertIndex = charsDist(rng); const auto charToInsert = selectionChars.at(charToInsertIndex); passwd.insert(passwdInsertIndex, charToInsert); From a306acee97d6c305f79a78f2b035f799f79b7a2f Mon Sep 17 00:00:00 2001 From: Claudio Cambra Date: Thu, 8 Jun 2023 17:14:28 +0800 Subject: [PATCH 5/6] Use std::array to store hash bytes Signed-off-by: Claudio Cambra --- src/gui/filedetails/sharemodel.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/gui/filedetails/sharemodel.cpp b/src/gui/filedetails/sharemodel.cpp index 963c4d46b4a9b..146339b50efb4 100644 --- a/src/gui/filedetails/sharemodel.cpp +++ b/src/gui/filedetails/sharemodel.cpp @@ -59,9 +59,9 @@ QString createRandomPassword() std::mt19937 rng(rand_dev()); QString passwd; - unsigned char unsignedCharArray[numChars]; + std::array unsignedCharArray; - RAND_bytes(unsignedCharArray, numChars); + RAND_bytes(unsignedCharArray.data(), numChars); for (auto i = 0; i < numChars; i++) { auto byte = unsignedCharArray[i]; From 67ef758d539560b0426086cf6bf1cc68624c1e2f Mon Sep 17 00:00:00 2001 From: Claudio Cambra Date: Thu, 8 Jun 2023 17:16:47 +0800 Subject: [PATCH 6/6] Simplify loop to write bytes to password Signed-off-by: Claudio Cambra --- src/gui/filedetails/sharemodel.cpp | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/gui/filedetails/sharemodel.cpp b/src/gui/filedetails/sharemodel.cpp index 146339b50efb4..e755718de8bdb 100644 --- a/src/gui/filedetails/sharemodel.cpp +++ b/src/gui/filedetails/sharemodel.cpp @@ -63,10 +63,9 @@ QString createRandomPassword() RAND_bytes(unsignedCharArray.data(), numChars); - for (auto i = 0; i < numChars; i++) { - auto byte = unsignedCharArray[i]; - byte %= asciiRange + 1; - byte += asciiMin; + for (const auto newChar : unsignedCharArray) { + // Ensure byte is within asciiRange + const auto byte = (newChar % (asciiRange + 1)) + asciiMin; passwd.append(byte); }