From d909e01d82dc288360a76d27b11f64b7b14272bf Mon Sep 17 00:00:00 2001
From: Alexander Olofsson <alexander.olofsson@liu.se>
Date: Wed, 9 Oct 2024 10:51:15 +0200
Subject: [PATCH] Retune password salt generation

Should be more secure, and avoid generating potentially confusing data
---
 app/models/orchestration/passwordstate.rb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/models/orchestration/passwordstate.rb b/app/models/orchestration/passwordstate.rb
index 9d7ad21..307f2d6 100644
--- a/app/models/orchestration/passwordstate.rb
+++ b/app/models/orchestration/passwordstate.rb
@@ -37,10 +37,10 @@ module Orchestration
           pw = PasswordCrypt.passw_crypt(pw.password, password_hash)
         else
           seed = [
-            passwordstate_facet.id, id, passwordstate_server.id,
-            passwordstate_facet.password_list_id, pw.password_id
+            pw.password_id, passwordstate_facet.password_list_id,
+            passwordstate_facet.id, id, passwordstate_server.id
           ].join ':'
-          seed = Base64.strict_encode64(Digest::SHA1.digest(seed)).tr('+', '.')
+          seed = Base64.strict_encode64(Digest::SHA1.digest(seed)).gsub(%r{[^a-zA-Z0-9./]}, '.')
           puts "Encrypting #{pw.password} with #{seed} (#{password_hash})"
           pw = pw.password.crypt("#{PasswordCrypt::ALGORITHMS[password_hash]}#{seed}")
         end
-- 
GitLab