From e20b79b5cca88851eb5dbefe7c2300c6eda18dd2 Mon Sep 17 00:00:00 2001
From: Michael Desantis <multishifties@yahoo.com>
Date: Wed, 6 Mar 2019 18:25:44 -0600
Subject: [PATCH] Generate secure passwords, fixes issue #26 (#51)

---
 packages/server/src/cli.ts | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/packages/server/src/cli.ts b/packages/server/src/cli.ts
index 2f1da114..382ededc 100644
--- a/packages/server/src/cli.ts
+++ b/packages/server/src/cli.ts
@@ -2,6 +2,7 @@ import { field, logger } from "@coder/logger";
 import { ServerMessage, SharedProcessActiveMessage } from "@coder/protocol/src/proto";
 import { Command, flags } from "@oclif/command";
 import { fork, ForkOptions, ChildProcess } from "child_process";
+import { randomFillSync } from "crypto";
 import * as fs from "fs";
 import * as os from "os";
 import * as path from "path";
@@ -136,13 +137,9 @@ export class Entry extends Command {
 		let password = flags["password"];
 		if (!password) {
 			// Generate a random password
-			const passwordLength = 12;
-			const possible = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
-			const chars = [];
-			for (let i = 0; i < passwordLength; i++) {
-				chars.push(possible[Math.floor(Math.random() * possible.length)]);
-			}
-			password = chars.join("");
+			const buffer = Buffer.alloc(12);
+			randomFillSync(buffer);
+			password = buffer.toString("hex");
 		}
 
 		const hasCustomHttps = certData && certKeyData;