fix: improve password security

ethibox · Jul 24, 2023 · 4ee0229 · 4ee0229
1 parent f336745
commit 4ee0229
Showing 1 changed file with 12 additions and 13 deletions.
diff --git a/lib/utils.js b/lib/utils.js
@@ -107,19 +107,18 @@ export const checkDomain = async (domain) => {
 
 export const generatePassword = () => {
     const length = 12;
-    const symbols = '!@%&*_+';
-    const charset = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@%&*_+';
-    const randomBytes = crypto.randomBytes(length);
-
-    let password = Array.from(randomBytes).map((byte) => charset[byte % charset.length]).join('');
-
-    if (password === password.toLowerCase()) {
-        password = password.slice(0, length - 1) + String.fromCharCode((randomBytes[0] % 26) + 65);
-    }
-
-    if (!symbols.split('').some((symbol) => password.includes(symbol))) {
-        password = password.slice(0, length - 1) + symbols[randomBytes[0] % symbols.length];
+    const wishlist = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz!@%&*_+';
+    const password = Array.from(crypto.randomBytes(length))
+        .map((x) => wishlist[x % wishlist.length])
+        .join('');
+    const hasUppercase = /[A-Z]/.test(password);
+    const hasLowercase = /[a-z]/.test(password);
+    const hasNumber = /[0-9]/.test(password);
+    const hasSymbol = /[!@%&*_+]/.test(password);
+
+    if (hasUppercase && hasLowercase && hasNumber && hasSymbol) {
+        return password;
     }
 
-    return password;
+    return generatePassword(length, wishlist);
 };