diff --git a/app/controllers/concerns/obfuscate_filename.rb b/app/controllers/concerns/obfuscate_filename.rb
index 9c896fb09..22736ec3a 100644
--- a/app/controllers/concerns/obfuscate_filename.rb
+++ b/app/controllers/concerns/obfuscate_filename.rb
@@ -4,19 +4,13 @@ module ObfuscateFilename
   extend ActiveSupport::Concern
 
   class_methods do
-    def obfuscate_filename(*args)
-      before_action { obfuscate_filename(*args) }
-    end
-  end
-
-  def obfuscate_filename(path)
-    file = params.dig(*path)
-    return if file.nil?
+    def obfuscate_filename(path)
+      before_action do
+        file = params.dig(*path)
+        next if file.nil?
 
-    file.original_filename = secure_token + File.extname(file.original_filename)
-  end
-
-  def secure_token(length = 16)
-    SecureRandom.hex(length / 2)
+        file.original_filename = SecureRandom.hex(8) + File.extname(file.original_filename)
+      end
+    end
   end
 end
diff --git a/spec/controllers/concerns/obfuscate_filename_spec.rb b/spec/controllers/concerns/obfuscate_filename_spec.rb
new file mode 100644
index 000000000..e06d53c03
--- /dev/null
+++ b/spec/controllers/concerns/obfuscate_filename_spec.rb
@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+describe ApplicationController, type: :controller do
+  controller do
+    include ObfuscateFilename
+
+    obfuscate_filename :file
+
+    def file
+      render plain: params[:file]&.original_filename
+    end
+  end
+
+  before do
+    routes.draw { get 'file' => 'anonymous#file' }
+  end
+
+  it 'obfusticates filename if the given parameter is specified' do
+    file = fixture_file_upload('files/imports.txt', 'text/plain')
+    post 'file', params: { file: file }
+    expect(response.body).to end_with '.txt'
+    expect(response.body).not_to include 'imports'
+  end
+
+  it 'does nothing if the given parameter is not specified' do
+    post 'file'
+  end
+end