[api] Use SecureRandom to generate a random fake password

Cherry-pick from 7967fe46

[api] Use SecureRandom to generate a random fake password
63621996 · Björn Geuken · Andrej Shadura · d6929fd4 · 63621996
Verified Commit 63621996 authored 8 years ago by Björn Geuken Committed by Andrej Shadura 4 years ago
--- a/src/api/app/models/user.rb
+++ b/src/api/app/models/user.rb
@@ -218,14 +218,11 @@ class User < ActiveRecord::Base
  end

  def self.create_user_with_fake_pw!(attributes = {})
-    chars = ["A".."Z", "a".."z", "0".."9"].collect(&:to_a).join
-    fakepw = (1..24).collect { chars[rand(chars.size)] }.pack("a" * 24)
-
-    attributes[:password] = fakepw
-    create!(attributes)
+    # Generate and store a 24 char fake pw in the OBS DB that no-one knows
+    password = SecureRandom.base64
+    create!(attributes.merge(password: password, password_confirmation: password))
  end

-
  # This static method tries to find a user with the given login and password
  # in the database. Returns the user or nil if he could not be found
  def self.find_with_credentials(login, password)