built out the passrecovery servlet

util/random.go

@@ -14,6 +14,7 @@ import (
 	crand "crypto/rand"
 	"io"
 	mrand "math/rand"
+	"strings"
 )
 
 // authAlphabet is the set of characters from which we generate auth strings.
@@ -22,6 +23,32 @@ const authAlphabet = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuv
 // authStringLen is the standard lengtth of authentication strings.
 const authStringLen = 32
 
+// syllabary is used to generate random passwords.
+var syllabary = [...]string{
+	"ba",
+	"be",
+	"bi", "bo", "bu",
+	"da", "de", "di", "do", "du",
+	"cha", "chi", "cho", "chu",
+	"fa", "fe", "fi", "fo", "fu",
+	"ga", "ge", "gi", "go", "gu",
+	"ha", "he", "hi", "ho", "hu",
+	"ja", "je", "ji", "jo", "ju",
+	"ka", "ke", "ki", "ko", "ku",
+	"la", "le", "li", "lo", "lu",
+	"ma", "me", "mi", "mo", "mu",
+	"na", "ne", "ni", "no", "nu",
+	"pa", "pe", "pi", "po", "pu",
+	"ra", "re", "ri", "ro", "ru",
+	"sa", "se", "si", "so", "su",
+	"sha", "she", "sho", "shu",
+	"ta", "te", "ti", "to", "tu",
+	"va", "ve", "vi", "vo", "vu",
+	"wa", "we", "wi", "wo", "wu",
+	"ya", "ye", "yi", "yo", "yu",
+	"za", "ze", "zi", "zo", "zu",
+}
+
 // GenerateRandomAuthString generates a random authentication string.
 func GenerateRandomAuthString() string {
 	b := make([]byte, authStringLen)
@@ -39,3 +66,20 @@ func GenerateRandomAuthString() string {
 func GenerateRandomConfirmationNumber() int32 {
 	return mrand.Int31n(9000000) + 1000000
 }
+
+// GenerateRandomPassword generates a random password string.
+func GenerateRandomPassword() string {
+	var b strings.Builder
+	rd := make([]byte, 7)
+	if _, err := io.ReadFull(crand.Reader, rd); err != nil {
+		// can't happen (at least on a modern OS)
+		panic("failed to read random: " + err.Error())
+	}
+	for i := 0; i < 4; i++ { // add random syllables
+		b.WriteString(syllabary[int(rd[i])%len(syllabary)])
+	}
+	for i := 4; i < 7; i++ { // add random digits
+		b.WriteByte(byte('0' + int(rd[i])%10))
+	}
+	return b.String()
+}