discourse/app/services/user_activator.rb
Dan Ungureanu fa8cd629f1
DEV: Hash tokens stored from email_tokens (#14493)
This commit adds token_hash and scopes columns to email_tokens table.
token_hash is a replacement for the token column to avoid storing email
tokens in plaintext as it can pose a security risk. The new scope column
ensures that email tokens cannot be used to perform a different action
than the one intended.

To sum up, this commit:

* Adds token_hash and scope to email_tokens

* Reuses code that schedules critical_user_email

* Refactors EmailToken.confirm and EmailToken.atomic_confirm methods

* Periodically cleans old, unconfirmed or expired email tokens
2021-11-25 09:34:39 +02:00

80 lines
1.5 KiB
Ruby

# frozen_string_literal: true
class UserActivator
attr_reader :user, :request, :session, :cookies, :message
def initialize(user, request, session, cookies)
@user = user
@session = session
@cookies = cookies
@request = request
@message = nil
end
def start
end
def finish
@message = activator.activate
end
def success_message
activator.success_message
end
private
def activator
factory.new(user, request, session, cookies)
end
def factory
invite = Invite.find_by(email: Email.downcase(@user.email))
if !user.active?
EmailActivator
elsif SiteSetting.must_approve_users? && !(invite.present? && invite.redeemable?)
ApprovalActivator
else
LoginActivator
end
end
end
class ApprovalActivator < UserActivator
def activate
success_message
end
def success_message
I18n.t("login.wait_approval")
end
end
class EmailActivator < UserActivator
def activate
email_token = user.email_tokens.create!(email: user.email, scope: EmailToken.scopes[:signup])
EmailToken.enqueue_signup_email(email_token)
success_message
end
def success_message
I18n.t("login.activate_email", email: Rack::Utils.escape_html(user.email))
end
end
class LoginActivator < UserActivator
include CurrentUser
def activate
log_on_user(user)
user.enqueue_welcome_message('welcome_user')
success_message
end
def success_message
I18n.t("login.active")
end
end