added base64

qoobaa · Feb 5, 2014 · e886e08 · e886e08
1 parent 8e49e69
commit e886e08
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 11 deletions.
diff --git a/lib/active_model/password_reset.rb b/lib/active_model/password_reset.rb
@@ -25,12 +25,10 @@ def token
       email = user.email
       digest = Digest::MD5.digest(user.password_digest)
       expires_at = Time.now.to_i + EXPIRATION_TIME
-      token = MessageVerifier.generate([email, digest, expires_at])
-      CGI.escape(token)
+      MessageVerifier.generate([email, digest, expires_at])
     end
 
-    def self.find(escaped_token)
-      token = CGI.unescape(escaped_token)
+    def self.find(token)
       email, digest, expires_at = MessageVerifier.verify(token)
       raise TokenExpired if Time.now.to_i > expires_at.to_i
       new(email: email).tap do |password_reset|

diff --git a/lib/active_model/password_reset/message_verifier.rb b/lib/active_model/password_reset/message_verifier.rb
@@ -9,12 +9,14 @@ class MessageVerifier
 
       class << self
         def generate(object)
-          instance.message_verifier.generate(object)
+          token = instance.message_verifier.generate(object)
+          Base64.urlsafe_encode64(token)
         end
 
         def verify(string)
-          instance.message_verifier.verify(string)
-        rescue ActiveSupport::MessageVerifier::InvalidSignature
+          token = Base64.urlsafe_decode64(string)
+          instance.message_verifier.verify(token)
+        rescue ActiveSupport::MessageVerifier::InvalidSignature, ArgumentError
           raise TokenInvalid
         end
       end

diff --git a/lib/active_model/password_reset/version.rb b/lib/active_model/password_reset/version.rb
@@ -1,5 +1,5 @@
 module ActiveModel
   class PasswordReset
-    VERSION = "1.0.2"
+    VERSION = "1.0.3"
   end
 end
diff --git a/test/password_reset_test.rb b/test/password_reset_test.rb
@@ -51,20 +51,24 @@ def test_is_invalid_without_email
 
   def test_find_raises_exception_with_invalid_email
     token = ActiveModel::PasswordReset::MessageVerifier.generate(["[email protected]", Digest::MD5.digest("alicedigest"), Time.now.to_i + 3600])
-    assert_raises(ActiveModel::PasswordReset::EmailInvalid) { ActiveModel::PasswordReset.find(CGI.escape(token)) }
+    assert_raises(ActiveModel::PasswordReset::EmailInvalid) { ActiveModel::PasswordReset.find(token) }
   end
 
   def test_find_raises_exception_with_invalid_token
     assert_raises(ActiveModel::PasswordReset::TokenInvalid) { ActiveModel::PasswordReset.find("invalidtoken") }
   end
 
+  def test_find_raises_exception_with_non_base64_token
+    assert_raises(ActiveModel::PasswordReset::TokenInvalid) { ActiveModel::PasswordReset.find("%%%%%%%%%") }
+  end
+
   def test_find_raises_exception_with_expired_token
     token = ActiveModel::PasswordReset::MessageVerifier.generate(["[email protected]", Digest::MD5.digest("alicedigest"), Time.now.to_i - 3600])
-    assert_raises(ActiveModel::PasswordReset::TokenExpired) { ActiveModel::PasswordReset.find(CGI.escape(token)) }
+    assert_raises(ActiveModel::PasswordReset::TokenExpired) { ActiveModel::PasswordReset.find(token) }
   end
 
   def test_find_raises_exception_with_changed_password
     token = ActiveModel::PasswordReset::MessageVerifier.generate(["[email protected]", Digest::MD5.digest("anotheralicedigest"), Time.now.to_i + 3600])
-    assert_raises(ActiveModel::PasswordReset::PasswordChanged) { ActiveModel::PasswordReset.find(CGI.escape(token)) }
+    assert_raises(ActiveModel::PasswordReset::PasswordChanged) { ActiveModel::PasswordReset.find(token) }
   end
 end