diff --git a/airsonic-main/src/main/java/org/airsonic/player/controller/RecoverController.java b/airsonic-main/src/main/java/org/airsonic/player/controller/RecoverController.java index e095b349..ecba6702 100644 --- a/airsonic-main/src/main/java/org/airsonic/player/controller/RecoverController.java +++ b/airsonic-main/src/main/java/org/airsonic/player/controller/RecoverController.java @@ -4,7 +4,6 @@ import de.triology.recaptchav2java.ReCaptcha; import org.airsonic.player.domain.User; import org.airsonic.player.service.SecurityService; import org.airsonic.player.service.SettingsService; -import org.apache.commons.lang.RandomStringUtils; import org.apache.commons.lang.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -22,6 +21,7 @@ import javax.mail.internet.MimeMessage; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import java.security.SecureRandom; import java.util.Date; import java.util.HashMap; import java.util.Map; @@ -37,6 +37,10 @@ public class RecoverController { private static final Logger LOG = LoggerFactory.getLogger(RecoverController.class); + private static final String SYMBOLS = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890"; + private final SecureRandom random = new SecureRandom(); + private static final int PASSWORD_LENGTH = 32; + @Autowired private SettingsService settingsService; @Autowired @@ -69,7 +73,13 @@ public class RecoverController { } else if (user.getEmail() == null) { map.put("error", "recover.error.noemail"); } else { - String password = RandomStringUtils.randomAlphanumeric(8); + StringBuilder sb = new StringBuilder(PASSWORD_LENGTH); + for(int i=0; i