DEV: Hash tokens stored from email_tokens (#14493)

This commit adds token_hash and scopes columns to email_tokens table.
token_hash is a replacement for the token column to avoid storing email
tokens in plaintext as it can pose a security risk. The new scope column
ensures that email tokens cannot be used to perform a different action
than the one intended.

To sum up, this commit:

* Adds token_hash and scope to email_tokens

* Reuses code that schedules critical_user_email

* Refactors EmailToken.confirm and EmailToken.atomic_confirm methods

* Periodically cleans old, unconfirmed or expired email tokens

app/models/email_change_request.rb

@@ -1,9 +1,9 @@
 # frozen_string_literal: true
 
 class EmailChangeRequest < ActiveRecord::Base
+  belongs_to :user
   belongs_to :old_email_token, class_name: 'EmailToken', dependent: :destroy
   belongs_to :new_email_token, class_name: 'EmailToken', dependent: :destroy
-  belongs_to :user
   belongs_to :requested_by, class_name: "User", foreign_key: :requested_by_user_id
 
   validates :new_email, presence: true, format: { with: EmailValidator.email_regex }
@@ -12,6 +12,13 @@ class EmailChangeRequest < ActiveRecord::Base
     @states ||= Enum.new(authorizing_old: 1, authorizing_new: 2, complete: 3)
   end
 
+  def self.find_by_new_token(token)
+    EmailChangeRequest
+      .joins("INNER JOIN email_tokens ON email_tokens.id = email_change_requests.new_email_token_id")
+      .where("email_tokens.token_hash = ?", EmailToken.hash_token(token))
+      .last
+  end
+
   def requested_by_admin?
     self.requested_by&.admin? && !self.requested_by_self?
   end
@@ -19,12 +26,6 @@ class EmailChangeRequest < ActiveRecord::Base
   def requested_by_self?
     self.requested_by_user_id == self.user_id
   end
-
-  def self.find_by_new_token(token)
-    joins(
-      "INNER JOIN email_tokens ON email_tokens.id = email_change_requests.new_email_token_id"
-    ).where("email_tokens.token = ?", token).last
-  end
 end
 
 # == Schema Information