From 41431a66cf943f5f70abe1fa6dc059271b5f46cd Mon Sep 17 00:00:00 2001
From: Adam Cooke <adam@adam.ac>
Date: Mon, 2 May 2022 16:13:32 +0100
Subject: [PATCH] feat: customisable token lengths

This allows the length of the random string used for tokens to be set. By default, 64 (up from 44).
---
 authie.gemspec                 | 1 -
 lib/authie/config.rb           | 2 ++
 lib/authie/session_model.rb    | 4 ++--
 spec/lib/session_model_spec.rb | 2 +-
 4 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/authie.gemspec b/authie.gemspec
index f845782..fcdd4c4 100644
--- a/authie.gemspec
+++ b/authie.gemspec
@@ -15,7 +15,6 @@ Gem::Specification.new do |s|
   s.email         = ['me@adamcooke.io']
 
   s.add_dependency 'activerecord', '>= 5.0', '< 8.0'
-  s.add_dependency 'secure_random_string'
 
   s.add_development_dependency 'appraisal', '2.4.1'
   s.add_development_dependency 'rails', '>= 5.0', '< 8.0'
diff --git a/lib/authie/config.rb b/lib/authie/config.rb
index 72a0091..c412b30 100644
--- a/lib/authie/config.rb
+++ b/lib/authie/config.rb
@@ -8,6 +8,7 @@ class Config
     attr_accessor :persistent_session_length
     attr_accessor :sudo_session_timeout
     attr_accessor :browser_id_cookie_name
+    attr_accessor :session_token_length
     attr_accessor :events
 
     def initialize
@@ -15,6 +16,7 @@ def initialize
       @persistent_session_length = 2.months
       @sudo_session_timeout = 10.minutes
       @browser_id_cookie_name = :browser_id
+      @session_token_length = 64
       @events = EventManager.new
     end
   end
diff --git a/lib/authie/session_model.rb b/lib/authie/session_model.rb
index ee80a2b..54c914c 100644
--- a/lib/authie/session_model.rb
+++ b/lib/authie/session_model.rb
@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 require 'active_record/base'
-require 'secure_random_string'
+require 'securerandom'
 require 'authie/config'
 
 module Authie
@@ -119,7 +119,7 @@ def shorten_strings
     end
 
     def set_new_token
-      self.temporary_token = SecureRandomString.new(44)
+      self.temporary_token = SecureRandom.alphanumeric(Authie.config.session_token_length)
       self.token_hash = self.class.hash_token(temporary_token)
     end
 
diff --git a/spec/lib/session_model_spec.rb b/spec/lib/session_model_spec.rb
index feb3e80..f71a83f 100644
--- a/spec/lib/session_model_spec.rb
+++ b/spec/lib/session_model_spec.rb
@@ -22,7 +22,7 @@
     it 'generates a new token' do
       session_model.save!
       expect(session_model.temporary_token).to be_a String
-      expect(session_model.temporary_token).to match(/\A[A-Za-z0-9]{44}\z/)
+      expect(session_model.temporary_token).to match(/\A[A-Za-z0-9]{64}\z/)
     end
 
     it 'stores the newly generated token as a SHA256 hash' do