switch to ruby stdlib SecureRandom

ActiveSupport::SecureRandom was merged into the ruby stdlib. In rails
3.0 it is just an alias to ::SecureRandom, and is removed completely in
rails 3.1.

This stdlib exists in ruby 1.8.7+

Change-Id: I096b212c020fd60e3799a9d1635129944ac3b6e4
Reviewed-on: https://gerrit.instructure.com/19080
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
QA-Review: Brian Palmer <brianp@instructure.com>
Product-Review: Brian Palmer <brianp@instructure.com>

app/models/session_persistence_token.rb

@@ -44,8 +44,8 @@ class SessionPersistenceToken < ActiveRecord::Base
   validates_presence_of :pseudonym_id, :crypted_token, :token_salt
 
   def self.generate(pseudonym)
-    salt = ActiveSupport::SecureRandom.hex(8)
-    token = ActiveSupport::SecureRandom.hex(32)
+    salt = SecureRandom.hex(8)
+    token = SecureRandom.hex(32)
     self.create!(:pseudonym => pseudonym,
                  :token_salt => salt,
                  :uncrypted_token => token,

config/initializers/session_store.rb

@@ -7,8 +7,7 @@
 config = {
   :key           => '_normandy_session',
   :session_store => :encrypted_cookie_store,
-  :secret        => (Setting.get_or_set("session_secret_key",
-      ActiveSupport::SecureRandom.hex(64)) rescue ActiveSupport::SecureRandom.hex(64))
+  :secret        => (Setting.get_or_set("session_secret_key", SecureRandom.hex(64)) rescue SecureRandom.hex(64))
 }.merge((Setting.from_config("session_store") || {}).symbolize_keys)
 
 # :expire_after is the "true" option, and :expires is a legacy option, but is applied

lib/auto_handle.rb

@@ -22,7 +22,7 @@ class AutoHandle
   class << self
     CHARS = ('0'..'9').to_a + ('a'..'z').to_a + ('A'..'Z').to_a
     def generate_securish_uuid(length = 40)
-      Array.new(length) { CHARS[ActiveSupport::SecureRandom.random_number(CHARS.length)] }.join
+      Array.new(length) { CHARS[SecureRandom.random_number(CHARS.length)] }.join
     end
     
     def generate(purpose = nil, length = 4)

lib/canvas/oauth/token.rb

@@ -67,7 +67,7 @@ module Canvas::Oauth
     end
 
     def self.generate_code_for(user_id, client_id, options = {})
-      code = ActiveSupport::SecureRandom.hex(64)
+      code = SecureRandom.hex(64)
       code_data = {
         USER_KEY => user_id,
         CLIENT_KEY => client_id,

lib/tasks/db_load_data.rake

@@ -20,7 +20,7 @@ namespace :db do
     security_conf_path = Rails.root.join('config', 'security.yml')
     security_conf = YAML.load_file(security_conf_path)
     if security_conf[Rails.env]["encryption_key"].to_s.length < 20
-      security_conf[Rails.env]["encryption_key"] = ActiveSupport::SecureRandom.hex(64)
+      security_conf[Rails.env]["encryption_key"] = SecureRandom.hex(64)
       File.open(security_conf_path, 'w') { |f| YAML.dump(security_conf, f) }
     end
   end

spec/apis/auth_spec.rb

@@ -192,7 +192,7 @@ describe "API Authentication", :type => :integration do
       it "should not prepend the csrf protection even if the post has a session" do
         user_with_pseudonym(:active_user => true, :username => 'test1@example.com', :password => 'test123')
         post "/login", :pseudonym_session => { :unique_id => 'test1@example.com', :password => 'test123' }
-        code = ActiveSupport::SecureRandom.hex(64)
+        code = SecureRandom.hex(64)
         code_data = { 'user' => @user.id, 'client_id' => @client_id }
         Canvas.redis.setex("oauth2:#{code}", 1.day, code_data.to_json)
         post "/login/oauth2/token", :client_id => @client_id, :client_secret => @client_secret, :code => code

spec/lib/canvas/oauth/token_spec.rb

@@ -141,7 +141,7 @@ module Canvas::Oauth
 
     describe '.generate_code_for' do
       let(:code) { "brand_new_code" }
-      before { ActiveSupport::SecureRandom.stubs(:hex => code) }
+      before { SecureRandom.stubs(:hex => code) }
 
       it 'returns the new code' do
         Canvas.stubs(:redis => stub(:setex => true))

spec/lib/sis/csv/user_importer_spec.rb

@@ -19,7 +19,7 @@
 require File.expand_path(File.dirname(__FILE__) + '/../../../spec_helper.rb')
 
 def gen_ssha_password(password)
-  salt = ActiveSupport::SecureRandom.random_bytes(10)
+  salt = SecureRandom.random_bytes(10)
   "{SSHA}" + Base64.encode64(Digest::SHA1.digest(password+salt).unpack('H*').first+salt).gsub(/\s/, '')
 end
 

spec/selenium/common.rb

@@ -727,7 +727,7 @@ shared_examples_for "all selenium tests" do
         :user_agent => user_agent)
 
     page_view.summarized = summarized
-    page_view.request_id = ActiveSupport::SecureRandom.hex(10)
+    page_view.request_id = SecureRandom.hex(10)
     page_view.created_at = opts[:created_at] || Time.now
 
     if opts[:participated]
@@ -900,7 +900,7 @@ shared_examples_for "all selenium tests" do
   append_before (:each) do
     driver.manage.timeouts.implicit_wait = 3
     driver.manage.timeouts.script_timeout = 60
-    EncryptedCookieStore.any_instance.stubs(:secret).returns(ActiveSupport::SecureRandom.hex(64))
+    EncryptedCookieStore.any_instance.stubs(:secret).returns(SecureRandom.hex(64))
     enable_forgery_protection
   end
 

spec/selenium/file_spec.rb

@@ -113,7 +113,7 @@ describe "shared files tests" do
       it "should allow you to edit html files" do
         current_content = File.read(fixture_file_path("files/html-editing-test.html"))
         4.times do
-          new_content = "<html>#{ActiveSupport::SecureRandom.hex(10)}</html>"
+          new_content = "<html>#{SecureRandom.hex(10)}</html>"
           click_edit_link
           keep_trying_until(120) { driver.execute_script("return $('#edit_content_textarea')[0].value;") == current_content }
           driver.execute_script("$('#edit_content_textarea')[0].value = '#{new_content}';")
@@ -248,4 +248,4 @@ describe "zip file uploads" do
       unzip_into_folder_drag_and_drop
     end
   end
-end
+end