Permalink
Browse files

Use SecureRandom's uuid generation for api key/secret.

  • Loading branch information...
1 parent 2f531cd commit f64dd2a21c8d2d40e17f3513712c2006cb784ba1 @cespare cespare committed Apr 30, 2012
Showing with 3 additions and 5 deletions.
  1. +2 −4 lib/api.rb
  2. +1 −1 public/css/settings.scss
View
6 lib/api.rb
@@ -1,6 +1,6 @@
require "addressable/uri"
require "base64"
-require "digest/sha1"
+require "securerandom"
require "openssl"
require "uri"
@@ -16,9 +16,7 @@ def add_repo(url)
end
# Generate a random API key or API secret for a user.
- def self.generate_user_key()
- Base64.encode64(Digest::SHA1.hexdigest(rand(2**256).to_s)).strip.sub("==", "")
- end
+ def self.generate_user_key() SecureRandom.uuid.gsub("-", "") end
# Generate a signature from a request and a user's api secret. This is used in authenticating an API
# request. The user of this method needs to verify that there is a timestamp, that it is correct, check the
View
2 public/css/settings.scss
@@ -10,7 +10,7 @@
}
}
- .key { font: 12px $monoFont; }
+ .key { font: 16px $monoFont; }
.gravatarLink {
&:active {

0 comments on commit f64dd2a

Please sign in to comment.