db: increase email verification token length and also allow lowercase characters

Implements https://github.com/pellaeon/registration/issues/179. Following the birthday paradoxon there were token collisions with a probability of 50% with ~55.000 open registrations: https://play.golang.org/p/zVLvfc2VfSI
2019-06-12 13:38:55 +02:00 · 2019-06-12 13:38:55 +02:00 · 8d05f77e9c
parent a77f07f019
commit 8d05f77e9c
1 changed files with 1 additions and 1 deletions
--- a/db/registrationmapper.php
+++ b/db/registrationmapper.php
@ -85,7 +85,7 @@ class RegistrationMapper extends Mapper {
 	 * @param Registration $registration
 	 */
 	public function generateNewToken(Registration &$registration) {
-		$token = $this->random->generate(6, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_DIGITS);
+		$token = $this->random->generate(10, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS);
 		$registration->setToken($token);
 	}