Use SecureRandom to generate user tokens

lib/osm.rb

@@ -502,15 +502,8 @@ module OSM
   end
 
   # Construct a random token of a given length
-  def self.make_token(length = 30)
-    chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
-    token = ""
-
-    length.times do
-      token += chars[(rand * chars.length).to_i].chr
-    end
-
-    token
+  def self.make_token(length = 24)
+    SecureRandom.urlsafe_base64(length)
   end
 
   # Return an SQL fragment to select a given area of the globe

test/integration/user_creation_test.rb

@@ -206,7 +206,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
 
     assert_equal register_email.to.first, new_email
     # Check that the confirm account url is correct
-    confirm_regex = Regexp.new("/user/redirect_tester/confirm\\?confirm_string=([a-zA-Z0-9]*)")
+    confirm_regex = Regexp.new("/user/redirect_tester/confirm\\?confirm_string=([a-zA-Z0-9_-]*)")
     email_text_parts(register_email).each do |part|
       assert_match confirm_regex, part.body.to_s
     end
@@ -359,7 +359,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
 
     assert_equal register_email.to.first, new_email
     # Check that the confirm account url is correct
-    confirm_regex = Regexp.new("/user/redirect_tester_openid/confirm\\?confirm_string=([a-zA-Z0-9]*)")
+    confirm_regex = Regexp.new("/user/redirect_tester_openid/confirm\\?confirm_string=([a-zA-Z0-9_-]*)")
     email_text_parts(register_email).each do |part|
       assert_match confirm_regex, part.body.to_s
     end
@@ -513,7 +513,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
 
     assert_equal register_email.to.first, new_email
     # Check that the confirm account url is correct
-    confirm_regex = Regexp.new("/user/redirect_tester_google/confirm\\?confirm_string=([a-zA-Z0-9]*)")
+    confirm_regex = Regexp.new("/user/redirect_tester_google/confirm\\?confirm_string=([a-zA-Z0-9_-]*)")
     email_text_parts(register_email).each do |part|
       assert_match confirm_regex, part.body.to_s
     end
@@ -665,7 +665,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
 
     assert_equal register_email.to.first, new_email
     # Check that the confirm account url is correct
-    confirm_regex = Regexp.new("/user/redirect_tester_facebook/confirm\\?confirm_string=([a-zA-Z0-9]*)")
+    confirm_regex = Regexp.new("/user/redirect_tester_facebook/confirm\\?confirm_string=([a-zA-Z0-9_-]*)")
     email_text_parts(register_email).each do |part|
       assert_match confirm_regex, part.body.to_s
     end
@@ -817,7 +817,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
 
     assert_equal register_email.to.first, new_email
     # Check that the confirm account url is correct
-    confirm_regex = Regexp.new("/user/redirect_tester_microsoft/confirm\\?confirm_string=([a-zA-Z0-9]*)")
+    confirm_regex = Regexp.new("/user/redirect_tester_microsoft/confirm\\?confirm_string=([a-zA-Z0-9_-]*)")
     email_text_parts(register_email).each do |part|
       assert_match confirm_regex, part.body.to_s
     end
@@ -971,7 +971,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
 
     assert_equal register_email.to.first, new_email
     # Check that the confirm account url is correct
-    confirm_regex = Regexp.new("/user/redirect_tester_github/confirm\\?confirm_string=([a-zA-Z0-9]*)")
+    confirm_regex = Regexp.new("/user/redirect_tester_github/confirm\\?confirm_string=([a-zA-Z0-9_-]*)")
     email_text_parts(register_email).each do |part|
       assert_match confirm_regex, part.body.to_s
     end
@@ -1125,7 +1125,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
 
     assert_equal register_email.to.first, new_email
     # Check that the confirm account url is correct
-    confirm_regex = Regexp.new("/user/redirect_tester_wikipedia/confirm\\?confirm_string=([a-zA-Z0-9]*)")
+    confirm_regex = Regexp.new("/user/redirect_tester_wikipedia/confirm\\?confirm_string=([a-zA-Z0-9_-]*)")
     email_text_parts(register_email).each do |part|
       assert_match confirm_regex, part.body.to_s
     end