Use cryptographically secure randomness for Magic Link code generation

#sample uses PRNG under the hood which is pseudo random, which means that given enough magic link codes you can predict which code would come next. To fix that we have to switch to CSPRNG - SecureRandom.random_number - which isn't easy to predict based on previous results.
This commit is contained in:
Stanko K.R.
2025-12-03 20:15:27 +01:00
parent 3520f97e33
commit 7ab06d1dbd
+1 -1
View File
@@ -4,7 +4,7 @@ module MagicLink::Code
class << self
def generate(length)
length.times.map { CODE_ALPHABET.sample }.join
Array.new(length) { CODE_ALPHABET[SecureRandom.random_number(CODE_ALPHABET.length)] }.join
end
def sanitize(code)