fix: Remove the default defined salt #625

pull/1375/head
Cristian Bell 2016-07-20 11:17:23 +02:00
parent af2f355cb4
commit 4f169a8ffa
3 changed files with 7 additions and 3 deletions

View File

@ -4,7 +4,7 @@ $config = array (
'Security' =>
array (
'level' => 'medium',
'salt' => 'Rooraenietu8Eeyo<Qu2eeNfterd-dd+',
'salt' => '',
'cipherSeed' => '',
//'auth'=>array('CertAuth.Certificate'), // additional authentication methods
),

View File

@ -81,6 +81,11 @@ class AppController extends Controller {
$this->loadModel('User');
$auth_user_fields = $this->User->describeAuthFields();
//if fresh installation (salt empty) generate a new salt
if (!Configure::read('Security.salt')) {
$this->loadModel('Server');
$this->Server->serverSettingsSaveValue('Security.salt', $this->User->generateRandomPassword(32));
}
// check if Apache provides kerberos authentication data
$envvar = Configure::read('ApacheSecureAuth.apacheEnv');
if (isset($_SERVER[$envvar])) {

View File

@ -431,8 +431,7 @@ class User extends AppModel {
return $key;
}
public function generateRandomPassword() {
$length = 12;
public function generateRandomPassword($length = 12) {
$characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-+=!@#$%&*()<>/?';
$charLen = strlen($characters) - 1;
$key = '';