Merge pull request #1237 from novalis/master
friendly_token should be friendlier
This commit is contained in:
commit
7c628f7689
|
@ -417,7 +417,7 @@ module Devise
|
||||||
|
|
||||||
# Generate a friendly string randomically to be used as token.
|
# Generate a friendly string randomically to be used as token.
|
||||||
def self.friendly_token
|
def self.friendly_token
|
||||||
SecureRandom.base64(15).tr('+/=', 'xyz')
|
SecureRandom.base64(15).tr('+/=lIO0', 'pqrsxyz')
|
||||||
end
|
end
|
||||||
|
|
||||||
# constant-time comparison algorithm to prevent timing attacks
|
# constant-time comparison algorithm to prevent timing attacks
|
||||||
|
|
|
@ -31,8 +31,10 @@ class EncryptableTest < ActiveSupport::TestCase
|
||||||
|
|
||||||
test 'should generate a base64 hash using SecureRandom for password salt' do
|
test 'should generate a base64 hash using SecureRandom for password salt' do
|
||||||
swap_with_encryptor Admin, :sha1 do
|
swap_with_encryptor Admin, :sha1 do
|
||||||
SecureRandom.expects(:base64).with(15).returns('friendly_token')
|
SecureRandom.expects(:base64).with(15).returns('01lI')
|
||||||
assert_equal 'friendly_token', create_admin.password_salt
|
salt = create_admin.password_salt
|
||||||
|
assert_not_equal '01lI', salt
|
||||||
|
assert_equal 4, salt.size
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue