From 722d5a8eaff0d7dd2f7b6e7cc0392600da000009 Mon Sep 17 00:00:00 2001
From: Nikolay Edigaryev <edigaryev@gmail.com>
Date: Thu, 6 Feb 2025 21:37:42 +0400
Subject: [PATCH] Avoid including " and $ characters in bootstrap admin's token
 (#245)

* Avoid including " and $ characters in bootstrap admin's token

* Avoid fallthrough
---
 internal/command/controller/bootstrap.go | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/internal/command/controller/bootstrap.go b/internal/command/controller/bootstrap.go
index 7f3c639..cb6bcf6 100644
--- a/internal/command/controller/bootstrap.go
+++ b/internal/command/controller/bootstrap.go
@@ -9,6 +9,7 @@ import (
 	"github.com/pterm/pterm"
 	"github.com/sethvargo/go-password/password"
 	"os"
+	"strings"
 )
 
 const BootstrapAdminName = "bootstrap-admin"
@@ -31,7 +32,27 @@ func Bootstrap(controllerInstance *controller.Controller, controllerCert tls.Cer
 
 	// Generate a bootstrap admin token if not present in the environment variable
 	if !orchardBootstrapAdminTokenPresent {
-		orchardBootstrapAdminToken, err = password.Generate(32, 10, 10,
+		passwordGenerator, err := password.NewGenerator(&password.GeneratorInput{
+			LowerLetters: password.LowerLetters,
+			UpperLetters: password.UpperLetters,
+			Digits:       password.Digits,
+			Symbols: strings.Map(func(r rune) rune {
+				// Avoid generating $ and " symbols
+				// as they cause issues in shell
+				switch r {
+				case '$', '"':
+					return -1
+				default:
+					return r
+				}
+			}, password.Symbols),
+		})
+		if err != nil {
+			return fmt.Errorf("failed to generate bootstrap admin token: "+
+				"failed to initialize password generator: %w", err)
+		}
+
+		orchardBootstrapAdminToken, err = passwordGenerator.Generate(32, 10, 10,
 			false, false)
 		if err != nil {
 			return fmt.Errorf("failed to generate bootstrap admin token: %w", err)