Create more secure passwords by default

nickvergessen · nickvergessen · commit 33d7a9624cd0 · 2022-08-12T10:03:19.000+02:00
Signed-off-by: Joas Schilling &lt;coding@schilljs.com&gt;
diff --git a/lib/private/Setup/MySQL.php b/lib/private/Setup/MySQL.php
@@ -141,6 +141,16 @@ private function createSpecificUser($username, $connection): void {
 		$rootUser = $this->dbUser;
 		$rootPassword = $this->dbPassword;
 
+		//create a random password so we don't need to store the admin password in the config file
+		$saveSymbols = str_replace(['\"', '\\', '\'', '`'], '', ISecureRandom::CHAR_SYMBOLS);
+		$password = $this->random->generate(22, ISecureRandom::CHAR_ALPHANUMERIC . $saveSymbols)
+			. $this->random->generate(2, ISecureRandom::CHAR_UPPER)
+			. $this->random->generate(2, ISecureRandom::CHAR_LOWER)
+			. $this->random->generate(2, ISecureRandom::CHAR_DIGITS)
+			. $this->random->generate(2, $saveSymbols)
+		;
+		$this->dbPassword = str_shuffle($password);
+
 		try {
 			//user already specified in config
 			$oldUser = $this->config->getValue('dbuser', false);
@@ -163,10 +173,6 @@ private function createSpecificUser($username, $connection): void {
 					if (count($data) === 0) {
 						//use the admin login data for the new database user
 						$this->dbUser = $adminUser;
-
-						//create a random password so we don't need to store the admin password in the config file
-						$this->dbPassword = $this->random->generate(30, ISecureRandom::CHAR_ALPHANUMERIC);
-
 						$this->createDBUser($connection);
 
 						break;
