From b324a82fa5b4a7ad014d8cec9a17bc5033147100 Mon Sep 17 00:00:00 2001
From: nadar <git@nadar.io>
Date: Tue, 23 Apr 2024 09:41:31 +0200
Subject: [PATCH] user random string (#759)

* user random string

* Fix auth_key encryption to prevent null character errors (#759)
---
 CHANGELOG.md        | 4 ++++
 src/models/User.php | 8 +++++---
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0ffa42164..289d70d1b 100755
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file. This project adheres to [Semantic Versioning](http://semver.org/).
 In order to read more about upgrading and BC breaks have a look at the [UPGRADE Document](UPGRADE.md).
 
+## 5.0.3 ()
+
++ [#759](https://github.com/luyadev/luya-module-admin/pull/759) Prevent `Bcrypt password must not contain null character` errors by using generateRandomString for auth_key encryption.
+
 ## 5.0.2 (28. March 2024)
 
 + [#758](https://github.com/luyadev/luya-module-admin/pull/758) Enhanced the functionality to reorganize folders within the folder hierarchy, allowing for movement to the root or placement into a different subfolder.
diff --git a/src/models/User.php b/src/models/User.php
index 3a8eafa1e..218b06fb2 100644
--- a/src/models/User.php
+++ b/src/models/User.php
@@ -589,14 +589,16 @@ public function getId()
      */
     public function getAuthKey()
     {
+        // find user agent, if empty disable auto login
         $userAgent = Yii::$app->request->userAgent;
-
-        // no user agent, dissable auto login
         if (empty($userAgent)) {
             return false;
         }
 
         $checksum = UserDevice::generateUserAgentChecksum($userAgent);
+        if (empty($checksum)) {
+            return false;
+        }
 
         $model = UserDevice::find()->where(['user_id' => $this->id, 'user_agent_checksum' => $checksum])->one();
 
@@ -610,7 +612,7 @@ public function getAuthKey()
         $model->user_id = $this->id;
         $model->user_agent = $userAgent;
         $model->user_agent_checksum = $checksum;
-        $model->auth_key = Yii::$app->security->generatePasswordHash(Yii::$app->security->generateRandomKey() . $checksum);
+        $model->auth_key = Yii::$app->security->generatePasswordHash(Yii::$app->security->generateRandomString() . $checksum);
 
         if ($model->save()) {
             return $model->auth_key;