fix(mysql): improve random password for mysql user

Author: imzhengfei

extensions/mysql/index.js

@@ -2,7 +2,6 @@
 
 const Promise = require('bluebird');
 const mysql = require('mysql');
-const crypto = require('crypto');
 const omit = require('lodash/omit');
 const cli = require('../../lib');
 
@@ -77,7 +76,59 @@ class MySQLExtension extends cli.Extension {
     }
 
     createUser(ctx, dbconfig) {
-        const randomPassword = crypto.randomBytes(10).toString('hex');
+        // Generate random MySQL password
+        const generateRandomPassword = () => {
+            /**
+             * Random Sort
+             * @param {Array} array
+             * @return {Array}
+             */
+            const randomSort = (array) => array.sort(() => Math.random() > .5 ? -1 : 1);
+
+            /**
+             * Random Number
+             * @param {Number} length
+             * @return {String}
+             */
+            const randomNumber = (length) => {
+                let _str = '';
+                for (let i = 0; i < length; i = i + 1) {
+                    _str += String.fromCharCode(Math.round(Math.random() * 9) + 48);
+                }
+                return _str;
+            }
+
+            /**
+             * Random Upper Case
+             * @param {Number} length
+             * @return {String}
+             */
+            const randomUpperCase = (length) => {
+                let _str = '';
+                for (let i = 0; i < length; i = i + 1) {
+                    _str += String.fromCharCode(Math.round(Math.random() * 25) + 65);
+                }
+                return _str;
+            }
+
+            /**
+             * Random Character
+             * @param {Number} length
+             * @return {String}
+             */
+            const randomChar = (length) => {
+                const chars = ['~', '!', '@', '#', '$'];
+                return randomSort(chars).join('').substr(0, length);
+            }
+
+            const allChars = randomNumber(4)
+                + randomUpperCase(4)
+                + randomUpperCase(4).toLowerCase()
+                + randomChar(4);
+
+            return randomSort(allChars.split('')).join('');
+        }
+        const randomPassword = generateRandomPassword();
 
         // IMPORTANT: we generate random MySQL usernames
         // e.g. you delete all your Ghost instances from your droplet and start from scratch, the MySQL users would remain and the CLI has to generate a random user name to work

extensions/mysql/test/extension-spec.js

@@ -192,14 +192,14 @@ describe('Unit: Mysql extension', function () {
                 expect(queryStub.calledThrice).to.be.true;
                 expect(queryStub.args[0][0]).to.match(/^CREATE USER 'ghost-[0-9]{1,4}'@'localhost' IDENTIFIED WITH mysql_native_password;$/);
                 expect(queryStub.args[1][0]).to.equal('SET old_passwords = 0;');
-                expect(queryStub.args[2][0]).to.match(/^SET PASSWORD FOR 'ghost-[0-9]{1,4}'@'localhost' = PASSWORD\('[0-9A-Fa-f]*'\);$/);
+                expect(queryStub.args[2][0]).to.match(/^SET PASSWORD FOR 'ghost-[0-9]{1,4}'@'localhost' = PASSWORD\('[0-9A-Za-z~!@#$%]*'\);$/);
                 expect(logStub.calledThrice).to.be.true;
                 expect(logStub.args[0][0]).to.match(/created new user/);
                 expect(logStub.args[1][0]).to.match(/disabled old_password/);
                 expect(logStub.args[2][0]).to.match(/successfully created password for user/);
                 expect(ctx.mysql).to.exist;
                 expect(ctx.mysql.username).to.match(/^ghost-[0-9]{1,4}$/);
-                expect(ctx.mysql.password).to.match(/^[0-9A-Fa-f]*$/);
+                expect(ctx.mysql.password).to.match(/^[0-9A-Za-z~!@#$%]*$/);
             });
         });
 
@@ -219,15 +219,15 @@ describe('Unit: Mysql extension', function () {
                 expect(queryStub.args[0][0]).to.match(/^CREATE USER 'ghost-[0-9]{1,4}'@'localhost' IDENTIFIED WITH mysql_native_password;$/);
                 expect(queryStub.args[1][0]).to.match(/^CREATE USER 'ghost-[0-9]{1,4}'@'localhost' IDENTIFIED WITH mysql_native_password;$/);
                 expect(queryStub.args[2][0]).to.equal('SET old_passwords = 0;');
-                expect(queryStub.args[3][0]).to.match(/^SET PASSWORD FOR 'ghost-[0-9]{1,4}'@'localhost' = PASSWORD\('[0-9A-Fa-f]*'\);$/);
+                expect(queryStub.args[3][0]).to.match(/^SET PASSWORD FOR 'ghost-[0-9]{1,4}'@'localhost' = PASSWORD\('[0-9A-Za-z~!@#$%]*'\);$/);
                 expect(logStub.callCount).to.equal(4);
                 expect(logStub.args[0][0]).to.match(/user exists, re-trying user creation/);
                 expect(logStub.args[1][0]).to.match(/created new user/);
                 expect(logStub.args[2][0]).to.match(/disabled old_password/);
                 expect(logStub.args[3][0]).to.match(/successfully created password for user/);
                 expect(ctx.mysql).to.exist;
                 expect(ctx.mysql.username).to.match(/^ghost-[0-9]{1,4}$/);
-                expect(ctx.mysql.password).to.match(/^[0-9A-Fa-f]*$/);
+                expect(ctx.mysql.password).to.match(/^[0-9A-Za-z~!@#$%]*$/);
             });
         });