Module: Pillowfort::TokenGenerator
- Included in:
- Concerns::ModelActivation::ClassMethods, Concerns::ModelAuthentication::ClassMethods, Concerns::ModelPasswordReset::ClassMethods
- Defined in:
- lib/pillowfort/token_generator.rb
Instance Method Summary collapse
-
#friendly_token ⇒ Object
Generates a value for our auth token.
-
#secure_compare(a, b) ⇒ Object
constant-time comparison algorithm to prevent timing attacks.
Instance Method Details
#friendly_token ⇒ Object
Generates a value for our auth token. Lifted from Devise.
15 16 17 |
# File 'lib/pillowfort/token_generator.rb', line 15 def friendly_token SecureRandom.base64(32).tr('+/=lIO0', 'pqrsxyz') end |
#secure_compare(a, b) ⇒ Object
constant-time comparison algorithm to prevent timing attacks. Lifted from Devise.
5 6 7 8 9 10 11 12 |
# File 'lib/pillowfort/token_generator.rb', line 5 def secure_compare(a, b) return false if a.blank? || b.blank? || a.bytesize != b.bytesize l = a.unpack "C#{a.bytesize}" res = 0 b.each_byte { |byte| res |= byte ^ l.shift } res == 0 end |