Browse files

Added crypto-random dependency

  • Loading branch information...
1 parent de4de9b commit 27279ec3ff2476229b64615682fce57051c62013 @weavejester committed Jul 24, 2012
Showing with 4 additions and 6 deletions.
  1. +2 −1 project.clj
  2. +2 −5 src/ring/middleware/anti_forgery.clj
View
3 project.clj
@@ -1,5 +1,6 @@
(defproject ring-anti-forgery "0.1.3"
:description "Ring middleware to prevent CSRF attacks"
- :dependencies [[org.clojure/clojure "1.2.1"]]
+ :dependencies [[org.clojure/clojure "1.2.1"]
+ [crypto-random "1.1.0"]]
:profiles
{:dev {:dependencies [[ring-mock "0.1.1"]]}})
View
7 src/ring/middleware/anti_forgery.clj
@@ -1,16 +1,13 @@
(ns ring.middleware.anti-forgery
"Ring middleware to prevent CSRF attacks with an anti-forgery token."
- (:import java.security.SecureRandom
- sun.misc.BASE64Encoder))
+ (:require [crypto.random :as random]))
(def ^:dynamic ^{:doc "Binding that stores a anti-forgery token that must be included
in POST forms if the handler is wrapped in wrap-anti-forgery."}
*anti-forgery-token*)
(defn- generate-token []
- (let [seed (byte-array 32)]
- (.nextBytes (SecureRandom/getInstance "SHA1PRNG") seed)
- (.encode (BASE64Encoder.) seed)))
+ (random/base64 32))
(defn- form-params [req]
(merge (:form-params req)

0 comments on commit 27279ec

Please sign in to comment.