feat: customisable token lengths

This allows the length of the random string used for tokens to be set. By default, 64 (up from 44).

authie.gemspec

@@ -15,7 +15,6 @@ Gem::Specification.new do |s|
   s.email         = ['me@adamcooke.io']
 
   s.add_dependency 'activerecord', '>= 5.0', '< 8.0'
-  s.add_dependency 'secure_random_string'
 
   s.add_development_dependency 'appraisal', '2.4.1'
   s.add_development_dependency 'rails', '>= 5.0', '< 8.0'

lib/authie/config.rb

@@ -8,13 +8,15 @@ class Config
     attr_accessor :persistent_session_length
     attr_accessor :sudo_session_timeout
     attr_accessor :browser_id_cookie_name
+    attr_accessor :session_token_length
     attr_accessor :events
 
     def initialize
       @session_inactivity_timeout = 12.hours
       @persistent_session_length = 2.months
       @sudo_session_timeout = 10.minutes
       @browser_id_cookie_name = :browser_id
+      @session_token_length = 64
       @events = EventManager.new
     end
   end

lib/authie/session_model.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 require 'active_record/base'
-require 'secure_random_string'
+require 'securerandom'
 require 'authie/config'
 
 module Authie
@@ -119,7 +119,7 @@ def shorten_strings
     end
 
     def set_new_token
-      self.temporary_token = SecureRandomString.new(44)
+      self.temporary_token = SecureRandom.alphanumeric(Authie.config.session_token_length)
       self.token_hash = self.class.hash_token(temporary_token)
     end
 

spec/lib/session_model_spec.rb

@@ -22,7 +22,7 @@
     it 'generates a new token' do
       session_model.save!
       expect(session_model.temporary_token).to be_a String
-      expect(session_model.temporary_token).to match(/\A[A-Za-z0-9]{44}\z/)
+      expect(session_model.temporary_token).to match(/\A[A-Za-z0-9]{64}\z/)
     end
 
     it 'stores the newly generated token as a SHA256 hash' do