From cdd70d2800b8d1e5196cc09811b424895852ca43 Mon Sep 17 00:00:00 2001
From: David Christofas <dchristofas@owncloud.com>
Date: Mon, 4 Jul 2022 14:38:20 +0200
Subject: [PATCH] replace Math.random with crypto random function

---
 services/idp/src/utils.js | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/services/idp/src/utils.js b/services/idp/src/utils.js
index dcbfaaedc4..5f900aae80 100644
--- a/services/idp/src/utils.js
+++ b/services/idp/src/utils.js
@@ -1,5 +1,16 @@
 export function withClientRequestState(obj) {
-  obj.state = Math.random().toString(36).substring(7);
+  obj.state = generateState(16);
 
   return obj;
 }
+
+function dec2hex (dec) {
+  return dec.toString(16).padStart(2, "0")
+}
+
+// generateState :: Integer -> String
+function generateState (len) {
+  var arr = new Uint8Array((len || 16) / 2)
+  window.crypto.getRandomValues(arr)
+  return Array.from(arr, dec2hex).join('')
+}