VladPolskiy/openstreetmap-website
1
0
Fork 0
mirror of https://github.com/openstreetmap/openstreetmap-website.git synced 2025-08-16 17:07:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use SecureRandom to generate user tokens

Browse Source
This commit is contained in:
Tom Hughes
2023-12-04 17:23:23 +00:00
parent 5bd9a2faef
commit 12b4d11d44
2 changed files with 9 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
lib/osm.rb
View File

@ -502,15 +502,8 @@ module OSM
end end
# Construct a random token of a given length # Construct a random token of a given length
def self.make_token(length = 30) def self.make_token(length = 24)
chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" SecureRandom.urlsafe_base64(length)
token = ""
length.times do
token += chars[(rand * chars.length).to_i].chr
end
token
end end
# Return an SQL fragment to select a given area of the globe # Return an SQL fragment to select a given area of the globe

14
test/integration/user_creation_test.rb
View File

@ -206,7 +206,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
assert_equal register_email.to.first, new_email assert_equal register_email.to.first, new_email
# Check that the confirm account url is correct # Check that the confirm account url is correct
confirm_regex = Regexp.new("/user/redirect_tester/confirm\\?confirm_string=([a-zA-Z0-9]*)") confirm_regex = Regexp.new("/user/redirect_tester/confirm\\?confirm_string=([a-zA-Z0-9_-]*)")
email_text_parts(register_email).each do |part| email_text_parts(register_email).each do |part|
assert_match confirm_regex, part.body.to_s assert_match confirm_regex, part.body.to_s
end end
@ -359,7 +359,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
assert_equal register_email.to.first, new_email assert_equal register_email.to.first, new_email
# Check that the confirm account url is correct # Check that the confirm account url is correct
confirm_regex = Regexp.new("/user/redirect_tester_openid/confirm\\?confirm_string=([a-zA-Z0-9]*)") confirm_regex = Regexp.new("/user/redirect_tester_openid/confirm\\?confirm_string=([a-zA-Z0-9_-]*)")
email_text_parts(register_email).each do |part| email_text_parts(register_email).each do |part|
assert_match confirm_regex, part.body.to_s assert_match confirm_regex, part.body.to_s
end end
@ -513,7 +513,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
assert_equal register_email.to.first, new_email assert_equal register_email.to.first, new_email
# Check that the confirm account url is correct # Check that the confirm account url is correct
confirm_regex = Regexp.new("/user/redirect_tester_google/confirm\\?confirm_string=([a-zA-Z0-9]*)") confirm_regex = Regexp.new("/user/redirect_tester_google/confirm\\?confirm_string=([a-zA-Z0-9_-]*)")
email_text_parts(register_email).each do |part| email_text_parts(register_email).each do |part|
assert_match confirm_regex, part.body.to_s assert_match confirm_regex, part.body.to_s
end end
@ -665,7 +665,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
assert_equal register_email.to.first, new_email assert_equal register_email.to.first, new_email
# Check that the confirm account url is correct # Check that the confirm account url is correct
confirm_regex = Regexp.new("/user/redirect_tester_facebook/confirm\\?confirm_string=([a-zA-Z0-9]*)") confirm_regex = Regexp.new("/user/redirect_tester_facebook/confirm\\?confirm_string=([a-zA-Z0-9_-]*)")
email_text_parts(register_email).each do |part| email_text_parts(register_email).each do |part|
assert_match confirm_regex, part.body.to_s assert_match confirm_regex, part.body.to_s
end end
@ -817,7 +817,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
assert_equal register_email.to.first, new_email assert_equal register_email.to.first, new_email
# Check that the confirm account url is correct # Check that the confirm account url is correct
confirm_regex = Regexp.new("/user/redirect_tester_microsoft/confirm\\?confirm_string=([a-zA-Z0-9]*)") confirm_regex = Regexp.new("/user/redirect_tester_microsoft/confirm\\?confirm_string=([a-zA-Z0-9_-]*)")
email_text_parts(register_email).each do |part| email_text_parts(register_email).each do |part|
assert_match confirm_regex, part.body.to_s assert_match confirm_regex, part.body.to_s
end end
@ -971,7 +971,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
assert_equal register_email.to.first, new_email assert_equal register_email.to.first, new_email
# Check that the confirm account url is correct # Check that the confirm account url is correct
confirm_regex = Regexp.new("/user/redirect_tester_github/confirm\\?confirm_string=([a-zA-Z0-9]*)") confirm_regex = Regexp.new("/user/redirect_tester_github/confirm\\?confirm_string=([a-zA-Z0-9_-]*)")
email_text_parts(register_email).each do |part| email_text_parts(register_email).each do |part|
assert_match confirm_regex, part.body.to_s assert_match confirm_regex, part.body.to_s
end end
@ -1125,7 +1125,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
assert_equal register_email.to.first, new_email assert_equal register_email.to.first, new_email
# Check that the confirm account url is correct # Check that the confirm account url is correct
confirm_regex = Regexp.new("/user/redirect_tester_wikipedia/confirm\\?confirm_string=([a-zA-Z0-9]*)") confirm_regex = Regexp.new("/user/redirect_tester_wikipedia/confirm\\?confirm_string=([a-zA-Z0-9_-]*)")
email_text_parts(register_email).each do |part| email_text_parts(register_email).each do |part|
assert_match confirm_regex, part.body.to_s assert_match confirm_regex, part.body.to_s
end end