DEV: Hash tokens stored from email_tokens (#14493)

This commit adds token_hash and scopes columns to email_tokens table. token_hash is a replacement for the token column to avoid storing email tokens in plaintext as it can pose a security risk. The new scope column ensures that email tokens cannot be used to perform a different action than the one intended. To sum up, this commit: * Adds token_hash and scope to email_tokens * Reuses code that schedules critical_user_email * Refactors EmailToken.confirm and EmailToken.atomic_confirm methods * Periodically cleans old, unconfirmed or expired email tokens
2025-02-25 18:55:32 -06:00 · 2021-11-25 09:34:39 +02:00
parent 4c46c7e334
commit fa8cd629f1
34 changed files with 482 additions and 599 deletions
--- a/app/services/user_authenticator.rb
+++ b/app/services/user_authenticator.rb
@@ -49,10 +49,7 @@ class UserAuthenticator
  private

  def confirm_email
-    if authenticated?
-      EmailToken.confirm(@user.email_tokens.first.token)
-      @user.set_automatic_groups
-    end
+    @user.activate if authenticated?
  end

  def authenticator