Merge pull request #216 from strongloop/fix/verification-token-url-safety

Make verifications url safe

lib/models/user.js

@@ -284,7 +284,7 @@ User.prototype.verify = function (options, fn) {
     if(err) {
       fn(err);
     } else {
-      user.verificationToken = buf.toString('base64');
+      user.verificationToken = buf.toString('hex');
       user.save(function (err) {
         if(err) {
           fn(err);

test/fixtures/simple-integration-app/app.js

@@ -7,7 +7,6 @@ app.use(loopback.favicon());
 app.use(loopback.cookieParser({secret: app.get('cookieSecret')}));
 var apiPath = '/api';
 app.use(apiPath, loopback.rest());
-app.use(app.router);
 app.use(loopback.static(path.join(__dirname, 'public')));
 app.use(loopback.urlNotFound());
 app.use(loopback.errorHandler());