133 limit to human readable characters. (#174)

Implements #133, limit password generators to distict human readable characters. This removes the common confusions such as I,l, 1, 0, O, o, m,rn, etc . This in mind, they may not all have been found, but it should be easier now to improve upon.
2025-02-23 20:47:01 +01:00 · 2020-01-27 12:56:15 +10:00 · 2020-01-27 12:56:15 +10:00 · 559222206f
parent 1e7ba58fe8
commit 559222206f
2 changed files with 29 additions and 10 deletions
--- a/kanidmd/src/lib/access.rs
+++ b/kanidmd/src/lib/access.rs
@ -1115,7 +1115,7 @@ impl<'a> AccessControlsWriteTransaction<'a> {
            let uuid = acp.acp.uuid;
            self.acps_search.insert(uuid, acp);
        }
-        self.acps_search.compact();
+        // self.acps_search.compact();
        Ok(())
    }

@ -1125,7 +1125,7 @@ impl<'a> AccessControlsWriteTransaction<'a> {
            let uuid = acp.acp.uuid;
            self.acps_create.insert(uuid, acp);
        }
-        self.acps_create.compact();
+        // self.acps_create.compact();
        Ok(())
    }

@ -1135,7 +1135,7 @@ impl<'a> AccessControlsWriteTransaction<'a> {
            let uuid = acp.acp.uuid;
            self.acps_modify.insert(uuid, acp);
        }
-        self.acps_modify.compact();
+        // self.acps_modify.compact();
        Ok(())
    }

@ -1146,7 +1146,7 @@ impl<'a> AccessControlsWriteTransaction<'a> {
            self.acps_delete.insert(uuid, acp);
        }
        // We could consider compact here ...
-        self.acps_delete.compact();
+        // self.acps_delete.compact();
        Ok(())
    }

--- a/kanidmd/src/lib/utils.rs
+++ b/kanidmd/src/lib/utils.rs
@ -2,9 +2,12 @@ use std::time::Duration;
 use std::time::SystemTime;
 use uuid::{Builder, Uuid};

-use rand::distributions::Alphanumeric;
+use rand::distributions::Distribution;
 use rand::{thread_rng, Rng};

+#[derive(Debug)]
+pub struct DistinctAlpha;
+
 pub type SID = [u8; 4];

 pub fn uuid_to_gid_u32(u: &Uuid) -> u32 {
@ -28,7 +31,7 @@ pub fn uuid_from_duration(d: Duration, sid: SID) -> Uuid {
 }

 pub fn password_from_random() -> String {
-    let rand_string: String = thread_rng().sample_iter(&Alphanumeric).take(48).collect();
+    let rand_string: String = thread_rng().sample_iter(&DistinctAlpha).take(48).collect();
    rand_string
 }

@ -36,10 +39,10 @@ pub fn readable_password_from_random() -> String {
    let mut trng = thread_rng();
    format!(
        "{}-{}-{}-{}",
-        trng.sample_iter(&Alphanumeric).take(4).collect::<String>(),
-        trng.sample_iter(&Alphanumeric).take(4).collect::<String>(),
-        trng.sample_iter(&Alphanumeric).take(4).collect::<String>(),
-        trng.sample_iter(&Alphanumeric).take(4).collect::<String>(),
+        trng.sample_iter(&DistinctAlpha).take(4).collect::<String>(),
+        trng.sample_iter(&DistinctAlpha).take(4).collect::<String>(),
+        trng.sample_iter(&DistinctAlpha).take(4).collect::<String>(),
+        trng.sample_iter(&DistinctAlpha).take(4).collect::<String>(),
    )
 }

@ -51,6 +54,22 @@ pub fn uuid_from_now(sid: SID) -> Uuid {
    uuid_from_duration(d, sid)
 }

+impl Distribution<char> for DistinctAlpha {
+    fn sample<R: Rng + ?Sized>(&self, rng: &mut R) -> char {
+        const RANGE: u32 = 55;
+        const GEN_ASCII_STR_CHARSET: &[u8] = b"ABCDEFGHJKLMNPQRSTUVWXYZ\
+                abcdefghjkpqrstuvwxyz\
+                0123456789";
+        // This probably needs to be checked for entropy/quality
+        loop {
+            let var = rng.next_u32() >> (32 - 6);
+            if var < RANGE {
+                return GEN_ASCII_STR_CHARSET[var as usize] as char;
+            }
+        }
+    }
+}
+
 #[cfg(test)]
 mod tests {
    use crate::utils::{uuid_from_duration, uuid_to_gid_u32};