Use SecureRandom to generate user tokens

author Tom Hughes <tom@compton.nu>

Mon, 4 Dec 2023 17:23:23 +0000 (17:23 +0000)

committer Tom Hughes <tom@compton.nu>

Mon, 4 Dec 2023 17:25:57 +0000 (17:25 +0000)
author Tom Hughes <tom@compton.nu>
Mon, 4 Dec 2023 17:23:23 +0000 (17:23 +0000)
committer Tom Hughes <tom@compton.nu>
Mon, 4 Dec 2023 17:25:57 +0000 (17:25 +0000)
diff --git a/lib/osm.rb b/lib/osm.rb

index 905f3ac97459e4890d5270d59f1d76ef110c5746..c7f8bef2f9a07d39e19ae3233f59c386fa93cb34 100644 (file)
--- a/lib/osm.rb
+++ b/lib/osm.rb
@@ -502,15 +502,8 @@ module OSM
    end
  
    # Construct a random token of a given length
-  def self.make_token(length = 30)
-    chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
-    token = ""
-
-    length.times do
-      token += chars[(rand * chars.length).to_i].chr
-    end
-
-    token
+  def self.make_token(length = 24)
+    SecureRandom.urlsafe_base64(length)
    end
  
    # Return an SQL fragment to select a given area of the globe
diff --git a/test/integration/user_creation_test.rb b/test/integration/user_creation_test.rb

index 2baa6f776eebee21113fde8d9e4acb0c641e4c02..21e751bcaf6eeb7ebd8ec9cea54882253fe24e36 100644 (file)
--- a/test/integration/user_creation_test.rb
+++ b/test/integration/user_creation_test.rb
@@ -206,7 +206,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
  
      assert_equal register_email.to.first, new_email
      # Check that the confirm account url is correct
-    confirm_regex = Regexp.new("/user/redirect_tester/confirm\\?confirm_string=([a-zA-Z0-9]*)")
+    confirm_regex = Regexp.new("/user/redirect_tester/confirm\\?confirm_string=([a-zA-Z0-9_-]*)")
      email_text_parts(register_email).each do |part|
        assert_match confirm_regex, part.body.to_s
      end
@@ -359,7 +359,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
  
      assert_equal register_email.to.first, new_email
      # Check that the confirm account url is correct
-    confirm_regex = Regexp.new("/user/redirect_tester_openid/confirm\\?confirm_string=([a-zA-Z0-9]*)")
+    confirm_regex = Regexp.new("/user/redirect_tester_openid/confirm\\?confirm_string=([a-zA-Z0-9_-]*)")
      email_text_parts(register_email).each do |part|
        assert_match confirm_regex, part.body.to_s
      end
@@ -513,7 +513,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
  
      assert_equal register_email.to.first, new_email
      # Check that the confirm account url is correct
-    confirm_regex = Regexp.new("/user/redirect_tester_google/confirm\\?confirm_string=([a-zA-Z0-9]*)")
+    confirm_regex = Regexp.new("/user/redirect_tester_google/confirm\\?confirm_string=([a-zA-Z0-9_-]*)")
      email_text_parts(register_email).each do |part|
        assert_match confirm_regex, part.body.to_s
      end
@@ -665,7 +665,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
  
      assert_equal register_email.to.first, new_email
      # Check that the confirm account url is correct
-    confirm_regex = Regexp.new("/user/redirect_tester_facebook/confirm\\?confirm_string=([a-zA-Z0-9]*)")
+    confirm_regex = Regexp.new("/user/redirect_tester_facebook/confirm\\?confirm_string=([a-zA-Z0-9_-]*)")
      email_text_parts(register_email).each do |part|
        assert_match confirm_regex, part.body.to_s
      end
@@ -817,7 +817,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
  
      assert_equal register_email.to.first, new_email
      # Check that the confirm account url is correct
-    confirm_regex = Regexp.new("/user/redirect_tester_microsoft/confirm\\?confirm_string=([a-zA-Z0-9]*)")
+    confirm_regex = Regexp.new("/user/redirect_tester_microsoft/confirm\\?confirm_string=([a-zA-Z0-9_-]*)")
      email_text_parts(register_email).each do |part|
        assert_match confirm_regex, part.body.to_s
      end
@@ -971,7 +971,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
  
      assert_equal register_email.to.first, new_email
      # Check that the confirm account url is correct
-    confirm_regex = Regexp.new("/user/redirect_tester_github/confirm\\?confirm_string=([a-zA-Z0-9]*)")
+    confirm_regex = Regexp.new("/user/redirect_tester_github/confirm\\?confirm_string=([a-zA-Z0-9_-]*)")
      email_text_parts(register_email).each do |part|
        assert_match confirm_regex, part.body.to_s
      end
@@ -1125,7 +1125,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
  
      assert_equal register_email.to.first, new_email
      # Check that the confirm account url is correct
-    confirm_regex = Regexp.new("/user/redirect_tester_wikipedia/confirm\\?confirm_string=([a-zA-Z0-9]*)")
+    confirm_regex = Regexp.new("/user/redirect_tester_wikipedia/confirm\\?confirm_string=([a-zA-Z0-9_-]*)")
      email_text_parts(register_email).each do |part|
        assert_match confirm_regex, part.body.to_s
      end
author	Tom Hughes <tom@compton.nu>
	Mon, 4 Dec 2023 17:23:23 +0000 (17:23 +0000)
committer	Tom Hughes <tom@compton.nu>
	Mon, 4 Dec 2023 17:25:57 +0000 (17:25 +0000)
lib/osm.rb		patch \| blob \| history
test/integration/user_creation_test.rb		patch \| blob \| history