diff options
Diffstat (limited to 'app')
| -rw-r--r-- | app/models/post_redirect.rb | 26 |
1 files changed, 18 insertions, 8 deletions
diff --git a/app/models/post_redirect.rb b/app/models/post_redirect.rb index ab1a365f9..b7cf39092 100644 --- a/app/models/post_redirect.rb +++ b/app/models/post_redirect.rb @@ -5,7 +5,7 @@ # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved. # Email: francis@mysociety.org; WWW: http://www.mysociety.org/ # -# $Id: post_redirect.rb,v 1.1 2007-11-01 14:45:56 francis Exp $ +# $Id: post_redirect.rb,v 1.2 2007-11-02 10:28:20 francis Exp $ require 'openssl' # for random bytes function @@ -18,19 +18,29 @@ class PostRedirect < ActiveRecord::Base YAML.load(self.post_params_yaml) end + # Makes a random token, suitable for using in URLs e.g confirmation messages. + def self.generate_random_token + bits = 12 * 8 + # Make range from value to double value, so number of digits in base 36 + # encoding is quite long always. + rand_num = rand(max = 2**(bits+1)) + 2**bits + rand_num.to_s(base=36) + end + # Make the token def after_initialize + # The token is used to return you to what you are doing after the login form. if not self.token - bytes = OpenSSL::Random.random_bytes(12) - # XXX Ruby has some base function that can do base 62 or 32 more easily? - base64 = [bytes].pack("m9999").strip - base64.gsub("+", "a") - base64.gsub("/", "b") - base64.gsub("=", "c") - self.token = base64 + self.token = PostRedirect.generate_random_token + end + # There is a separate token to use in the URL if we send a confirmation email. + # This is because + if not self.email_token + self.email_token = PostRedirect.generate_random_token end end end + |