summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--users/app/models/token.rb7
-rw-r--r--users/test/unit/token_test.rb13
2 files changed, 20 insertions, 0 deletions
diff --git a/users/app/models/token.rb b/users/app/models/token.rb
index 9de6850..44a6dfe 100644
--- a/users/app/models/token.rb
+++ b/users/app/models/token.rb
@@ -6,5 +6,12 @@ class Token < CouchRest::Model::Base
validates :user_id, presence: true
+ def initialize(*args)
+ super
+ self.id = SecureRandom.urlsafe_base64(32)
+ end
+
+ design do
+ end
end
diff --git a/users/test/unit/token_test.rb b/users/test/unit/token_test.rb
index d409265..bff6b71 100644
--- a/users/test/unit/token_test.rb
+++ b/users/test/unit/token_test.rb
@@ -16,6 +16,19 @@ class ClientCertificateTest < ActiveSupport::TestCase
assert_equal @user.id, sample.user_id
end
+ test "token id is secure" do
+ sample = Token.new(:user_id => @user.id)
+ other = Token.new(:user_id => @user.id)
+ assert sample.id,
+ "id is set on initialization"
+ assert sample.id[0..10] != other.id[0..10],
+ "token id prefixes should not repeat"
+ assert /[g-zG-Z]/.match(sample.id),
+ "should use non hex chars in the token id"
+ assert sample.id.size > 16,
+ "token id should be more than 16 chars long"
+ end
+
test "token checks for user" do
sample = Token.new
assert !sample.valid?, "Token should require a user record"
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-04 12:45:05 +0000