module SimpleTokenAuth::Helpers

Public Instance Methods

friendly_token() click to toggle source

Generate a friendly string randomly to be used as token.

# File lib/simple_token_auth/helpers.rb, line 6
def friendly_token
  SecureRandom.urlsafe_base64(15).tr('lIO0', 'sxyz')
end
secure_compare(a, b) click to toggle source

constant-time comparison algorithm to prevent timing attacks

# File lib/simple_token_auth/helpers.rb, line 11
def secure_compare(a, b)
  return false if a.blank? || b.blank? || a.bytesize != b.bytesize
  l = a.unpack "C#{a.bytesize}"

  res = 0
  b.each_byte { |byte| res |= byte ^ l.shift }
  res == 0
end