From 6d65c28f1f709722dd86da49241f118813ea7090 Mon Sep 17 00:00:00 2001
From: David Turner <novalis@openplans.org>
Date: Wed, 3 Aug 2011 17:54:48 -0400
Subject: [PATCH] remove hard-to-distinguish characters from friendly_token

---
 lib/devise.rb                   | 2 +-
 test/models/encryptable_test.rb | 6 ++++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/lib/devise.rb b/lib/devise.rb
index 14ffedfd..ab464008 100644
--- a/lib/devise.rb
+++ b/lib/devise.rb
@@ -417,7 +417,7 @@ module Devise
 
   # Generate a friendly string randomically to be used as token.
   def self.friendly_token
-    SecureRandom.base64(15).tr('+/=', 'xyz')
+    SecureRandom.base64(15).tr('+/=lIO0', 'pqrsxyz')
   end
 
   # constant-time comparison algorithm to prevent timing attacks
diff --git a/test/models/encryptable_test.rb b/test/models/encryptable_test.rb
index 16b33804..5c26b00d 100644
--- a/test/models/encryptable_test.rb
+++ b/test/models/encryptable_test.rb
@@ -31,8 +31,10 @@ class EncryptableTest < ActiveSupport::TestCase
 
   test 'should generate a base64 hash using SecureRandom for password salt' do
     swap_with_encryptor Admin, :sha1 do
-      SecureRandom.expects(:base64).with(15).returns('friendly_token')
-      assert_equal 'friendly_token', create_admin.password_salt
+      SecureRandom.expects(:base64).with(15).returns('01lI')
+      salt = create_admin.password_salt
+      assert_not_equal '01lI', salt
+      assert_equal 4, salt.size
     end
   end