module SimpleTokenAuth::Helpers
Public Instance Methods
friendly_token()
click to toggle source
Generate a friendly string randomly to be used as token.
# File lib/simple_token_auth/helpers.rb, line 6 def friendly_token SecureRandom.urlsafe_base64(15).tr('lIO0', 'sxyz') end
secure_compare(a, b)
click to toggle source
constant-time comparison algorithm to prevent timing attacks
# File lib/simple_token_auth/helpers.rb, line 11 def secure_compare(a, b) return false if a.blank? || b.blank? || a.bytesize != b.bytesize l = a.unpack "C#{a.bytesize}" res = 0 b.each_byte { |byte| res |= byte ^ l.shift } res == 0 end