DEV: Hash tokens stored from email_tokens (#14493)

This commit adds token_hash and scopes columns to email_tokens table. token_hash is a replacement for the token column to avoid storing email tokens in plaintext as it can pose a security risk. The new scope column ensures that email tokens cannot be used to perform a different action than the one intended. To sum up, this commit: * Adds token_hash and scope to email_tokens * Reuses code that schedules critical_user_email * Refactors EmailToken.confirm and EmailToken.atomic_confirm methods * Periodically cleans old, unconfirmed or expired email tokens
2025-05-31 01:17:16 +08:00 · 2021-11-25 09:34:39 +02:00
parent 4c46c7e334
commit fa8cd629f1
34 changed files with 482 additions and 599 deletions
--- a/spec/mailers/user_notifications_spec.rb
+++ b/spec/mailers/user_notifications_spec.rb
@ -121,7 +121,7 @@ describe UserNotifications do
  end

  describe '.email_login' do
-    let(:email_token) { user.email_tokens.create!(email: user.email).token }
+    let(:email_token) { Fabricate(:email_token, user: user, scope: EmailToken.scopes[:email_login]).token }
    subject { UserNotifications.email_login(user, email_token: email_token) }

    it "generates the right email" do