From 94f28f6216b19ef2b5ad3ed35140471fd5648877 Mon Sep 17 00:00:00 2001
From: Deluan <deluan@navidrome.org>
Date: Tue, 3 Nov 2020 15:13:40 -0500
Subject: [PATCH] Generate a better salt for Subsonic token authentication

---
 ui/src/authProvider.js | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/ui/src/authProvider.js b/ui/src/authProvider.js
index ca7b2012..d4c15b9a 100644
--- a/ui/src/authProvider.js
+++ b/ui/src/authProvider.js
@@ -2,6 +2,7 @@ import jwtDecode from 'jwt-decode'
 import md5 from 'md5-hex'
 import baseUrl from './utils/baseUrl'
 import config from './config'
+import { v4 as uuidv4 } from 'uuid'
 
 const authProvider = {
   login: ({ username, password }) => {
@@ -28,7 +29,7 @@ const authProvider = {
         localStorage.setItem('name', response.name)
         localStorage.setItem('username', response.username)
         localStorage.setItem('role', response.isAdmin ? 'admin' : 'regular')
-        const salt = new Date().getTime().toString()
+        const salt = generateSubsonicSalt()
         localStorage.setItem('subsonic-salt', salt)
         localStorage.setItem(
           'subsonic-token',
@@ -88,6 +89,11 @@ const removeItems = () => {
   localStorage.removeItem('subsonic-token')
 }
 
+const generateSubsonicSalt = () => {
+  const h = md5(uuidv4())
+  return h.slice(0, 6)
+}
+
 const generateSubsonicToken = (password, salt) => {
   return md5(password + salt)
 }