From b7b74e70b3cae47ba81fd49148ae02fd0b4ba2d2 Mon Sep 17 00:00:00 2001
From: Sahat Yalkabov <sakhat@gmail.com>
Date: Tue, 18 Feb 2014 03:33:32 -0500
Subject: [PATCH] Forgot password token changed to hex instead of base64 to
 avoid having slashes in the url

---
 controllers/forgot.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/controllers/forgot.js b/controllers/forgot.js
index a66095c13d..f0244097f4 100644
--- a/controllers/forgot.js
+++ b/controllers/forgot.js
@@ -36,8 +36,8 @@ exports.postForgot = function(req, res, next) {
 
   async.waterfall([
     function(done) {
-      crypto.randomBytes(32, function(err, buf) {
-        var token = buf.toString('base64');
+      crypto.randomBytes(20, function(err, buf) {
+        var token = buf.toString('hex');
         done(err, token);
       });
     },