Avoid including " and $ characters in bootstrap admin's token (#245)

* Avoid including " and $ characters in bootstrap admin's token * Avoid fallthrough
2025-02-06 21:37:42 +04:00 · 2025-02-06 21:37:42 +04:00 · 722d5a8eaf
parent 86f0afb5a3
commit 722d5a8eaf
1 changed files with 22 additions and 1 deletions
--- a/internal/command/controller/bootstrap.go
+++ b/internal/command/controller/bootstrap.go
@ -9,6 +9,7 @@ import (
 	"github.com/pterm/pterm"
 	"github.com/sethvargo/go-password/password"
 	"os"
+	"strings"
 )

 const BootstrapAdminName = "bootstrap-admin"
@ -31,7 +32,27 @@ func Bootstrap(controllerInstance *controller.Controller, controllerCert tls.Cer

 	// Generate a bootstrap admin token if not present in the environment variable
 	if !orchardBootstrapAdminTokenPresent {
-		orchardBootstrapAdminToken, err = password.Generate(32, 10, 10,
+		passwordGenerator, err := password.NewGenerator(&password.GeneratorInput{
+			LowerLetters: password.LowerLetters,
+			UpperLetters: password.UpperLetters,
+			Digits:       password.Digits,
+			Symbols: strings.Map(func(r rune) rune {
+				// Avoid generating $ and " symbols
+				// as they cause issues in shell
+				switch r {
+				case '$', '"':
+					return -1
+				default:
+					return r
+				}
+			}, password.Symbols),
+		})
+		if err != nil {
+			return fmt.Errorf("failed to generate bootstrap admin token: "+
+				"failed to initialize password generator: %w", err)
+		}
+
+		orchardBootstrapAdminToken, err = passwordGenerator.Generate(32, 10, 10,
 			false, false)
 		if err != nil {
 			return fmt.Errorf("failed to generate bootstrap admin token: %w", err)