Simplify Configuration.random_token and remove insecure fallback (#2102)

The original implementation is 8 years old from commit 47f76712. I'm guessing it partially reimplemented Ruby's SecureRandom from that time to provide the fallback to using Kernel#rand in case the CSPRNG is unavailable. I'm removing it since I don't believe this is very common and I don't think it is Puma's job to fix a broken system.

History.md

@@ -12,6 +12,7 @@
 
 * Refactor
   * Remove unused loader argument from Plugin initializer (#2095)
+  * Simplify `Configuration.random_token` and remove insecure fallback (#2102)
 
 ## 4.3.1 and 3.12.2 / 2019-12-05
 

lib/puma/configuration.rb

@@ -332,29 +332,9 @@ module Puma
     end
 
     def self.random_token
-      begin
+      require 'securerandom' unless defined?(SecureRandom)
-        require 'openssl'
-      rescue LoadError
-      end
 
-      count = 16
+      SecureRandom.hex(16)
-
-      bytes = nil
-
-      if defined? OpenSSL::Random
-        bytes = OpenSSL::Random.random_bytes(count)
-      elsif File.exist?("/dev/urandom")
-        File.open('/dev/urandom') { |f| bytes = f.read(count) }
-      end
-
-      if bytes
-        token = "".dup
-        bytes.each_byte { |b| token << b.to_s(16) }
-      else
-        token = (0..count).to_a.map { rand(255).to_s(16) }.join
-      end
-
-      return token
     end
   end
 end