Switch to secure random strings (#29013)

* Switch to secure random strings Because the js-sdk methods are changing and there's no reason for these not to use the secure versions. The dedicated upper/lower functions were *only* used in this one case, so this should do the exact same thing with the one exported function. Requires https://github.com/matrix-org/matrix-js-sdk/pull/4621 (merge both together) * Change remaining instances of randomString which I somehow entirely missed the first time. * Fix import order
2025-01-21 13:54:57 +00:00
parent 1644169ff3
commit 56eafc908e
15 changed files with 38 additions and 33 deletions
--- a/src/utils/oidc/authorize.ts
+++ b/src/utils/oidc/authorize.ts
@@ -9,7 +9,7 @@ Please see LICENSE files in the repository root for full details.
 import { completeAuthorizationCodeGrant, generateOidcAuthorizationUrl } from "matrix-js-sdk/src/oidc/authorize";
 import { QueryDict } from "matrix-js-sdk/src/utils";
 import { OidcClientConfig } from "matrix-js-sdk/src/matrix";
-import { randomString } from "matrix-js-sdk/src/randomstring";
+import { secureRandomString } from "matrix-js-sdk/src/randomstring";
 import { IdTokenClaims } from "oidc-client-ts";

 import { OidcClientError } from "./error";
@@ -34,7 +34,7 @@ export const startOidcLogin = async (
 ): Promise<void> => {
    const redirectUri = PlatformPeg.get()!.getOidcCallbackUrl().href;

-    const nonce = randomString(10);
+    const nonce = secureRandomString(10);

    const prompt = isRegistration ? "create" : undefined;