Module: SimpleTokenAuth::Helpers
- Included in:
- SimpleTokenAuth
- Defined in:
- lib/simple_token_auth/helpers.rb
Instance Method Summary collapse
-
#friendly_token ⇒ Object
Generate a friendly string randomly to be used as token.
-
#secure_compare(a, b) ⇒ Object
constant-time comparison algorithm to prevent timing attacks.
Instance Method Details
#friendly_token ⇒ Object
Generate a friendly string randomly to be used as token.
6 7 8 |
# File 'lib/simple_token_auth/helpers.rb', line 6 def friendly_token SecureRandom.urlsafe_base64(15).tr('lIO0', 'sxyz') end |
#secure_compare(a, b) ⇒ Object
constant-time comparison algorithm to prevent timing attacks
11 12 13 14 15 16 17 18 |
# File 'lib/simple_token_auth/helpers.rb', line 11 def secure_compare(a, b) return false if a.blank? || b.blank? || a.bytesize != b.bytesize l = a.unpack "C#{a.bytesize}" res = 0 b.each_byte { |byte| res |= byte ^ l.shift } res == 0 end |