Merge branch 'main' into sm/sm-837-project-name-validation

bitwarden · Jun 24, 2024 · 1070094 · 1070094
2 parents 2419144 + 72dd93b
commit 1070094
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 13 deletions.
diff --git a/crates/bitwarden-crypto/src/lib.rs b/crates/bitwarden-crypto/src/lib.rs
@@ -76,9 +76,8 @@ pub use keys::*;
 mod rsa;
 pub use crate::rsa::RsaKeyPair;
 mod util;
-pub use util::generate_random_bytes;
+pub use util::{generate_random_alphanumeric, generate_random_bytes, pbkdf2};
 mod wordlist;
-pub use util::pbkdf2;
 pub use wordlist::EFF_LONG_WORD_LIST;
 mod allocator;
 pub use allocator::ZeroizingAllocator;

diff --git a/crates/bitwarden-crypto/src/util.rs b/crates/bitwarden-crypto/src/util.rs
@@ -4,7 +4,7 @@ use ::aes::cipher::{ArrayLength, Unsigned};
 use generic_array::GenericArray;
 use hmac::digest::OutputSizeUser;
 use rand::{
-    distributions::{Distribution, Standard},
+    distributions::{Alphanumeric, DistString, Distribution, Standard},
     Rng,
 };
 use zeroize::{Zeroize, Zeroizing};
@@ -39,6 +39,14 @@ where
     Zeroizing::new(rand::thread_rng().gen::<T>())
 }
 
+/// Generate a random alphanumeric string of a given length
+///
+/// Note: Do not use this generating user facing passwords. Use the `bitwarden-generator` crate for
+/// that.
+pub fn generate_random_alphanumeric(len: usize) -> String {
+    Alphanumeric.sample_string(&mut rand::thread_rng(), len)
+}
+
 pub fn pbkdf2(password: &[u8], salt: &[u8], rounds: u32) -> [u8; PBKDF_SHA256_HMAC_OUT_SIZE] {
     pbkdf2::pbkdf2_array::<PbkdfSha256Hmac, PBKDF_SHA256_HMAC_OUT_SIZE>(password, salt, rounds)
         .expect("hash is a valid fixed size")

diff --git a/crates/bitwarden/src/auth/auth_request.rs b/crates/bitwarden/src/auth/auth_request.rs
@@ -1,11 +1,11 @@
 use base64::{engine::general_purpose::STANDARD, Engine};
 use bitwarden_core::VaultLocked;
 use bitwarden_crypto::{
-    fingerprint, AsymmetricCryptoKey, AsymmetricEncString, AsymmetricPublicCryptoKey,
+    fingerprint, generate_random_alphanumeric, AsymmetricCryptoKey, AsymmetricEncString,
+    AsymmetricPublicCryptoKey,
 };
 #[cfg(feature = "internal")]
 use bitwarden_crypto::{EncString, KeyDecryptable, SymmetricCryptoKey};
-use bitwarden_generators::{password, PasswordGeneratorRequest};
 
 use crate::{error::Error, Client};
 
@@ -41,14 +41,7 @@ pub(crate) fn new_auth_request(email: &str) -> Result<AuthRequestResponse, Error
         private_key: STANDARD.encode(key.to_der()?),
         public_key: b64,
         fingerprint,
-        access_code: password(PasswordGeneratorRequest {
-            length: 25,
-            lowercase: true,
-            uppercase: true,
-            numbers: true,
-            special: false,
-            ..Default::default()
-        })?,
+        access_code: generate_random_alphanumeric(25),
     })
 }