fixes #3277

app/models/api_key.rb

@@ -2,12 +2,14 @@ class ApiKey < ApplicationRecord
   belongs_to :user
   validates_uniqueness_of :user_id
   validates_uniqueness_of :key
+  has_secure_token :key
 
   def self.generate!(user)
-    create(:user_id => user.id, :key => SecureRandom.urlsafe_base64(32))
+    create(:user_id => user.id)
   end
 
   def regenerate!
-    update!(:key => SecureRandom.urlsafe_base64(32))
+    regenerate_key
+    save
   end
 end

app/models/user_password_reset_nonce.rb

@@ -1,7 +1,7 @@
 class UserPasswordResetNonce < ApplicationRecord
-  validates_presence_of :email, :key
+  has_secure_token :key
+  validates_presence_of :email
   validate :validate_existence_of_email
-  before_validation :initialize_key, :on => :create
   after_create :deliver_notice
 
   def self.prune!
@@ -12,10 +12,6 @@ class UserPasswordResetNonce < ApplicationRecord
     Maintenance::User::PasswordResetMailer.reset_request(user, self).deliver_now
   end
 
-  def initialize_key
-    self.key = SecureRandom.hex(16)
-  end
-
   def validate_existence_of_email
     if !User.with_email(email).exists?
       errors[:email] << "is invalid"