Update random ID method to use str_random and not random_bytes

The use of random_bytes in combination with bin2hex was producing a lot of duplicate keys when tested in batches of 10k (anywhere from 2 to 6). The use of str_random yielded no duplicates even at scales of 100k keys that were 8 characters.

Author: DaneEveritt

app/Services/Api/KeyCreationService.php

@@ -30,8 +30,8 @@
 
 class KeyCreationService
 {
-    const PUB_CRYPTO_BYTES = 8;
-    const PRIV_CRYPTO_BYTES = 32;
+    const PUB_CRYPTO_LENGTH = 16;
+    const PRIV_CRYPTO_LENGTH = 64;
 
     /**
      * @var \Illuminate\Database\ConnectionInterface
@@ -86,8 +86,8 @@ public function __construct(
      */
     public function handle(array $data, array $permissions, array $administrative = [])
     {
-        $publicKey = bin2hex(random_bytes(self::PUB_CRYPTO_BYTES));
-        $secretKey = bin2hex(random_bytes(self::PRIV_CRYPTO_BYTES));
+        $publicKey = str_random(self::PUB_CRYPTO_LENGTH);
+        $secretKey = str_random(self::PRIV_CRYPTO_LENGTH);
 
         // Start a Transaction
         $this->connection->beginTransaction();

app/Services/Nodes/NodeCreationService.php

@@ -28,7 +28,7 @@
 
 class NodeCreationService
 {
-    const DAEMON_SECRET_LENGTH = 18;
+    const DAEMON_SECRET_LENGTH = 36;
 
     /**
      * @var \Pterodactyl\Contracts\Repository\NodeRepositoryInterface
@@ -55,7 +55,7 @@ public function __construct(NodeRepositoryInterface $repository)
      */
     public function handle(array $data)
     {
-        $data['daemonSecret'] = bin2hex(random_bytes(self::DAEMON_SECRET_LENGTH));
+        $data['daemonSecret'] = str_random(self::DAEMON_SECRET_LENGTH);
 
         return $this->repository->create($data);
     }

app/Services/Nodes/NodeUpdateService.php

@@ -83,7 +83,7 @@ public function handle($node, array $data)
         }
 
         if (! is_null(array_get($data, 'reset_secret'))) {
-            $data['daemonSecret'] = bin2hex(random_bytes(NodeCreationService::DAEMON_SECRET_LENGTH));
+            $data['daemonSecret'] = str_random(NodeCreationService::DAEMON_SECRET_LENGTH);
             unset($data['reset_secret']);
         }
 

app/Services/Servers/DetailsModificationService.php

@@ -29,6 +29,7 @@
 use Illuminate\Database\DatabaseManager;
 use GuzzleHttp\Exception\RequestException;
 use Pterodactyl\Exceptions\DisplayException;
+use Pterodactyl\Services\Nodes\NodeCreationService;
 use Pterodactyl\Repositories\Eloquent\ServerRepository;
 use Pterodactyl\Repositories\Daemon\ServerRepository as DaemonServerRepository;
 
@@ -83,6 +84,7 @@ public function __construct(
      *
      * @throws \Pterodactyl\Exceptions\DisplayException
      * @throws \Pterodactyl\Exceptions\Model\DataValidationException
+     * @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
      */
     public function edit($server, array $data)
     {
@@ -97,7 +99,7 @@ public function edit($server, array $data)
             (isset($data['reset_token']) && ! is_null($data['reset_token'])) ||
             (isset($data['owner_id']) && $data['owner_id'] != $server->owner_id)
         ) {
-            $data['daemonSecret'] = bin2hex(random_bytes(18));
+            $data['daemonSecret'] = str_random(NodeCreationService::DAEMON_SECRET_LENGTH);
             $shouldUpdate = true;
         }
 

app/Services/Servers/ServerCreationService.php

@@ -29,6 +29,7 @@
 use Illuminate\Database\DatabaseManager;
 use GuzzleHttp\Exception\RequestException;
 use Pterodactyl\Exceptions\DisplayException;
+use Pterodactyl\Services\Nodes\NodeCreationService;
 use Pterodactyl\Contracts\Repository\NodeRepositoryInterface;
 use Pterodactyl\Contracts\Repository\UserRepositoryInterface;
 use Pterodactyl\Contracts\Repository\ServerRepositoryInterface;
@@ -134,12 +135,13 @@ public function __construct(
      *
      * @throws \Pterodactyl\Exceptions\DisplayException
      * @throws \Pterodactyl\Exceptions\Model\DataValidationException
+     * @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
      */
     public function create(array $data)
     {
         // @todo auto-deployment
         $validator = $this->validatorService->isAdmin()->setFields($data['environment'])->validate($data['option_id']);
-        $uniqueShort = bin2hex(random_bytes(4));
+        $uniqueShort = str_random(8);
 
         $this->database->beginTransaction();
 
@@ -163,7 +165,7 @@ public function create(array $data)
             'option_id' => $data['option_id'],
             'pack_id' => (! isset($data['pack_id']) || $data['pack_id'] == 0) ? null : $data['pack_id'],
             'startup' => $data['startup'],
-            'daemonSecret' => bin2hex(random_bytes(18)),
+            'daemonSecret' => str_random(NodeCreationService::DAEMON_SECRET_LENGTH),
             'image' => $data['docker_image'],
             'username' => $this->usernameService->generate($data['name'], $uniqueShort),
             'sftp_password' => null,

app/Services/Servers/UsernameGenerationService.php

@@ -37,7 +37,7 @@ class UsernameGenerationService
     public function generate($name, $identifier = null)
     {
         if (is_null($identifier) || ! ctype_alnum($identifier)) {
-            $unique = bin2hex(random_bytes(4));
+            $unique = str_random(8);
         } else {
             if (strlen($identifier) < 8) {
                 $unique = $identifier . str_random((8 - strlen($identifier)));

app/Services/Subusers/SubuserCreationService.php

@@ -29,6 +29,7 @@
 use GuzzleHttp\Exception\RequestException;
 use Illuminate\Database\ConnectionInterface;
 use Pterodactyl\Exceptions\DisplayException;
+use Pterodactyl\Services\Nodes\NodeCreationService;
 use Pterodactyl\Services\Users\UserCreationService;
 use Pterodactyl\Contracts\Repository\UserRepositoryInterface;
 use Pterodactyl\Exceptions\Repository\RecordNotFoundException;
@@ -40,8 +41,6 @@
 
 class SubuserCreationService
 {
-    const DAEMON_SECRET_BYTES = 18;
-
     /**
      * @var \Illuminate\Database\ConnectionInterface
      */
@@ -158,7 +157,7 @@ public function handle($server, $email, array $permissions)
         $subuser = $this->subuserRepository->create([
             'user_id' => $user->id,
             'server_id' => $server->id,
-            'daemonSecret' => bin2hex(random_bytes(self::DAEMON_SECRET_BYTES)),
+            'daemonSecret' => str_random(NodeCreationService::DAEMON_SECRET_LENGTH),
         ]);
 
         $daemonPermissions = $this->permissionService->handle($subuser->id, $permissions);

tests/Unit/Services/Api/KeyCreationServiceTest.php

@@ -84,15 +84,15 @@ public function setUp()
      */
     public function testKeyIsCreated()
     {
-        $this->getFunctionMock('\\Pterodactyl\\Services\\Api', 'bin2hex')
-            ->expects($this->exactly(2))->willReturn('bin2hex');
+        $this->getFunctionMock('\\Pterodactyl\\Services\\Api', 'str_random')
+            ->expects($this->exactly(2))->willReturn('random_string');
 
         $this->connection->shouldReceive('beginTransaction')->withNoArgs()->once()->andReturnNull();
-        $this->encrypter->shouldReceive('encrypt')->with('bin2hex')->once()->andReturn('encrypted-secret');
+        $this->encrypter->shouldReceive('encrypt')->with('random_string')->once()->andReturn('encrypted-secret');
 
         $this->repository->shouldReceive('create')->with([
             'test-data' => 'test',
-            'public' => 'bin2hex',
+            'public' => 'random_string',
             'secret' => 'encrypted-secret',
         ], true, true)->once()->andReturn((object) ['id' => 1]);
 
@@ -113,6 +113,6 @@ public function testKeyIsCreated()
         );
 
         $this->assertNotEmpty($response);
-        $this->assertEquals('bin2hex', $response);
+        $this->assertEquals('random_string', $response);
     }
 }

tests/Unit/Services/Nodes/NodeCreationServiceTest.php

@@ -61,12 +61,12 @@ public function setUp()
      */
     public function testNodeIsCreatedAndDaemonSecretIsGenerated()
     {
-        $this->getFunctionMock('\\Pterodactyl\\Services\\Nodes', 'bin2hex')
-            ->expects($this->once())->willReturn('hexResult');
+        $this->getFunctionMock('\\Pterodactyl\\Services\\Nodes', 'str_random')
+            ->expects($this->once())->willReturn('random_string');
 
         $this->repository->shouldReceive('create')->with([
             'name' => 'NodeName',
-            'daemonSecret' => 'hexResult',
+            'daemonSecret' => 'random_string',
         ])->once()->andReturnNull();
 
         $this->assertNull($this->service->handle(['name' => 'NodeName']));

tests/Unit/Services/Nodes/NodeUpdateServiceTest.php

@@ -33,7 +33,6 @@
 use GuzzleHttp\Exception\RequestException;
 use Pterodactyl\Exceptions\DisplayException;
 use Pterodactyl\Services\Nodes\NodeUpdateService;
-use Pterodactyl\Services\Nodes\NodeCreationService;
 use Pterodactyl\Contracts\Repository\NodeRepositoryInterface;
 use Pterodactyl\Contracts\Repository\Daemon\ConfigurationRepositoryInterface;
 
@@ -97,20 +96,13 @@ public function setUp()
      */
     public function testNodeIsUpdatedAndDaemonSecretIsReset()
     {
-        $this->getFunctionMock('\\Pterodactyl\\Services\\Nodes', 'random_bytes')
-            ->expects($this->once())->willReturnCallback(function ($bytes) {
-                $this->assertEquals(NodeCreationService::DAEMON_SECRET_LENGTH, $bytes);
-
-                return '\00';
-            });
-
-        $this->getFunctionMock('\\Pterodactyl\\Services\\Nodes', 'bin2hex')
-            ->expects($this->once())->willReturn('hexResponse');
+        $this->getFunctionMock('\\Pterodactyl\\Services\\Nodes', 'str_random')
+            ->expects($this->once())->willReturn('random_string');
 
         $this->repository->shouldReceive('withoutFresh')->withNoArgs()->once()->andReturnSelf()
             ->shouldReceive('update')->with($this->node->id, [
                 'name' => 'NewName',
-                'daemonSecret' => 'hexResponse',
+                'daemonSecret' => 'random_string',
             ])->andReturn(true);
 
         $this->configRepository->shouldReceive('setNode')->with($this->node->id)->once()->andReturnSelf()