Skip to content

Commit

Permalink
use SecureRandom to generate tokens and secrets
Browse files Browse the repository at this point in the history
  • Loading branch information
lest committed Oct 22, 2012
1 parent 4d88815 commit c6a56a7
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 4 deletions.
5 changes: 2 additions & 3 deletions app/models/feed.rb
Original file line number Diff line number Diff line change
Expand Up @@ -51,9 +51,8 @@ def author
end

def populate(finger_data)
# TODO: More entropy would be nice
self.verify_token = Digest::MD5.hexdigest(rand.to_s)
self.secret = Digest::MD5.hexdigest(rand.to_s)
self.verify_token = SecureRandom.hex
self.secret = SecureRandom.hex

ostatus_feed = OStatus::Feed.from_url(url)

Expand Down
2 changes: 1 addition & 1 deletion app/models/user.rb
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,7 @@ def finalize

# Generate a multi-use token for account confirmation and password resets
def set_perishable_token
self.perishable_token = Digest::MD5.hexdigest( rand.to_s )
self.perishable_token = SecureRandom.hex
save
end

Expand Down

0 comments on commit c6a56a7

Please sign in to comment.