CampCollaborationService: use random_bytes to generate inviteKey

Since 0b8204c, if a dot (.) is in the url and no slash is after that part of the path, this part is interpreted as file an a 404 is returned by the vite dev server. We did not test it in production. We anyway wanted to use the same id generator for the inviteKey as for the entities. Issue: ecamp#1238
BacLuc · Apr 17, 2021 · 735b7da · 735b7da
1 parent 0b8204c
commit 735b7da
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 4 deletions.
diff --git a/backend/module/eCampCore/src/EntityService/CampCollaborationService.php b/backend/module/eCampCore/src/EntityService/CampCollaborationService.php
@@ -15,6 +15,7 @@
 use eCamp\Lib\Entity\BaseEntity;
 use eCamp\Lib\Service\EntityValidationException;
 use eCamp\Lib\Service\ServiceUtils;
+use eCamp\Lib\Util\IdGenerator;
 use Laminas\Authentication\AuthenticationService;
 
 class CampCollaborationService extends AbstractEntityService {
@@ -214,12 +215,12 @@ protected function fetchAllQueryBuilder($params = []): QueryBuilder {
     }
 
     protected function sendInviteEmail(CampCollaboration $campCollaboration, User $authUser, Camp $camp): void {
-        $uniqid = uniqid('', true);
-        $campCollaboration->setInviteKey($uniqid);
+        $inviteKey = IdGenerator::generateRandomHexString(64);
+        $campCollaboration->setInviteKey($inviteKey);
         $this->sendmailService->sendInviteToCampMail(
             $authUser,
             $camp,
-            $uniqid,
+            $inviteKey,
             $campCollaboration->getInviteEmail()
         );
     }

diff --git a/backend/module/eCampLib/src/Entity/BaseEntity.php b/backend/module/eCampLib/src/Entity/BaseEntity.php
@@ -5,6 +5,7 @@
 use Doctrine\Common\Util\ClassUtils;
 use Doctrine\ORM\Mapping as ORM;
 use eCamp\Lib\Types\DateTimeUtc;
+use eCamp\Lib\Util\IdGenerator;
 use Laminas\Permissions\Acl\Resource\ResourceInterface;
 
 /**
@@ -32,7 +33,7 @@ abstract class BaseEntity implements ResourceInterface {
     protected $updateTime;
 
     public function __construct() {
-        $this->id = bin2hex(random_bytes(6));
+        $this->id = IdGenerator::generateRandomHexString(12);
 
         $this->createTime = new DateTimeUtc();
         $this->updateTime = new DateTimeUtc();

diff --git a/backend/module/eCampLib/src/Util/IdGenerator.php b/backend/module/eCampLib/src/Util/IdGenerator.php
@@ -0,0 +1,15 @@
+<?php
+
+namespace eCamp\Lib\Util;
+
+use RuntimeException;
+
+class IdGenerator {
+    public static function generateRandomHexString(int $length): string {
+        try {
+            return bin2hex(random_bytes($length / 2));
+        } catch (\Exception $e) {
+            throw new RuntimeException($e);
+        }
+    }
+}