kotovalexarian-likes-github/heartcombo--devise
1
0
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2022-11-09 12:18:31 -05:00
Code Releases Activity

remove hard-to-distinguish characters from friendly_token

Browse source
This commit is contained in:
David Turner 2011-08-03 17:54:48 -04:00
parent 31e4ef5e4b
commit 6d65c28f1f
2 changed files with 5 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
lib/devise.rb
View file

@ -417,7 +417,7 @@ module Devise
# Generate a friendly string randomically to be used as token.
def self.friendly_token
SecureRandom.base64(15).tr('+/=', 'xyz')
SecureRandom.base64(15).tr('+/=lIO0', 'pqrsxyz')
end
# constant-time comparison algorithm to prevent timing attacks

6
test/models/encryptable_test.rb
View file

@ -31,8 +31,10 @@ class EncryptableTest < ActiveSupport::TestCase
test 'should generate a base64 hash using SecureRandom for password salt' do
swap_with_encryptor Admin, :sha1 do
SecureRandom.expects(:base64).with(15).returns('friendly_token')
assert_equal 'friendly_token', create_admin.password_salt
SecureRandom.expects(:base64).with(15).returns('01lI')
salt = create_admin.password_salt
assert_not_equal '01lI', salt
assert_equal 4, salt.size
end
end