fix(tenant-management): use regex while generating password

use regex while generating password GH-47
sourcefuse · Oct 17, 2024 · e1b73b3 · e1b73b3
1 parent ec347b9
commit e1b73b3
Showing 1 changed file with 10 additions and 9 deletions.
diff --git a/services/tenant-management-service/src/providers/idp/idp-auth0.provider.ts b/services/tenant-management-service/src/providers/idp/idp-auth0.provider.ts
@@ -2,9 +2,8 @@ import {Provider} from '@loopback/context';
 
 import {ConfigureIdpFunc, IdpDetails, IdPKey, IdpResp} from '../../types';
 import {ManagementClient, PostOrganizationsRequest, UserCreate} from 'auth0';
-import {randomBytes} from 'crypto';
 import {repository} from '@loopback/repository';
-
+import {randomBytes} from 'crypto';
 import {HttpErrors} from '@loopback/rest';
 import {TenantMgmtConfigRepository} from '../../repositories';
 
@@ -57,17 +56,19 @@ export class Auth0IdpProvider implements Provider<ConfigureIdpFunc<IdpResp>> {
       enabled_connections: configValue.enabled_connections,
     };
     function generateStrongPassword(length: number): string {
-      const charset =
-        'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*()_+~`|}{[]:;?><,./-=';
+      const regex = /[A-Za-z0-9!@#$%^&*()_+~`|}{[\]:;?><,./-=]/;
+      const validChars: string[] = [];
 
-      // Generate random bytes
+      for (let i = 33; i <= 126; i++) {
+        const char = String.fromCharCode(i);
+        if (regex.test(char)) {
+          validChars.push(char);
+        }
+      }
       const randomBytesArray = randomBytes(length);
-
-      // Map each byte to a character in the charset
       const password = Array.from(randomBytesArray)
-        .map(byte => charset[byte % charset.length])
+        .map(byte => validChars[byte % validChars.length])
         .join('');
-
       return password;
     }