From 72d07422a4f9e8e684372c8734c40b448a55a091 Mon Sep 17 00:00:00 2001
From: Scf37 <scf370@gmail.com>
Date: Thu, 17 May 2018 20:10:41 +0300
Subject: [PATCH] Use SecureRandom to generate access tokens.

scala.util.Random uses java.util.Random which only provides 64 bits of randomness.
---
 .../scala/gitbucket/core/service/AccessTokenService.scala | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/main/scala/gitbucket/core/service/AccessTokenService.scala b/src/main/scala/gitbucket/core/service/AccessTokenService.scala
index 102240d52..8976ce237 100644
--- a/src/main/scala/gitbucket/core/service/AccessTokenService.scala
+++ b/src/main/scala/gitbucket/core/service/AccessTokenService.scala
@@ -5,13 +5,13 @@ import gitbucket.core.model.Profile.profile.blockingApi._
 import gitbucket.core.model.{AccessToken, Account}
 import gitbucket.core.util.StringUtil
 
-import scala.util.Random
+import java.security.SecureRandom
 
 trait AccessTokenService {
 
   def makeAccessTokenString: String = {
     val bytes = new Array[Byte](20)
-    Random.nextBytes(bytes)
+    AccessTokenService.secureRandom.nextBytes(bytes)
     bytes.map("%02x".format(_)).mkString
   }
 
@@ -55,4 +55,6 @@ trait AccessTokenService {
 
 }
 
-object AccessTokenService extends AccessTokenService
+object AccessTokenService extends AccessTokenService {
+  private val secureRandom = new SecureRandom()
+}