Better OAuth2 random state string

simov · simov · commit e1cf1e468846 · 2015-08-12T10:26:17.000+03:00
diff --git a/lib/config.js b/lib/config.js
@@ -1,5 +1,6 @@
 'use strict'
 
+var crypto = require('crypto')
 var dcopy = require('deep-copy')
 
 // oauth configuration
@@ -48,7 +49,7 @@ exports.state = function (provider) {
     state = provider.state.toString()
   }
   else if (typeof provider.state == 'boolean' && provider.state) {
-    state = (Math.floor(Math.random() * 999999) + 1).toString()
+    state = crypto.randomBytes(10).toString('hex')
   }
   return state
 }
diff --git a/test/config.js b/test/config.js
@@ -78,7 +78,7 @@ describe('config', function () {
     it('boolean true', function () {
       var provider = {state:true}
         , state = config.state(provider)
-      state.should.match(/\d+/)
+      state.should.match(/^\w+$/)
       state.should.be.type('string')
     })
     it('boolean false', function () {

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,6 @@`
`1`	`1`	`'use strict'`
`2`	`2`
	`3`	`+var crypto = require('crypto')`
`3`	`4`	`var dcopy = require('deep-copy')`
`4`	`5`
`5`	`6`	`// oauth configuration`
`@@ -48,7 +49,7 @@ exports.state = function (provider) {`
`48`	`49`	`state = provider.state.toString()`
`49`	`50`	`}`
`50`	`51`	`else if (typeof provider.state == 'boolean' && provider.state) {`
`51`		`- state = (Math.floor(Math.random() * 999999) + 1).toString()`
	`52`	`+ state = crypto.randomBytes(10).toString('hex')`
`52`	`53`	`}`
`53`	`54`	`return state`
`54`	`55`	`}`