sanitize_token()

[wibeasley]

(@nutterb recommended an explicit token sanitizing function in #133.)

@nutterb, I like your idea for a token validation function. I'm fine with pulling out @haozhu233's code into an explicit function, and/or replacing the gsub() with substr(). Or maybe a compromise between regex & substrings like

sanitize_token <- function( token ){
  # Validate only 32-character hexadecimals, with an optional line ending.
  pattern <- "^([0-9A-F]{32})(?:\\n)?$")
  
  if( !grepl(token, pattern) )
    stop("The token is not a valid 32-character hexademical value.")
    
  sub(pattern, "\\1", token)
}

Once we have the explicit function, we could accommodate variations in future REDCap version. Like sprintf("^([0-9A-F]{%i})(?:\\n)?$", token_length) if it ever expands beyond 32 characters.

[nutterb]

This seems reasonable, and also more proactive. If a token somehow comes up with something not alphanumeric, this will catch it before sending it to the server and probably give a more satisfying error message to the user.