<p dir="auto">This replaces our <code class="notranslate">user_tokens</code> table with a modern system based on rails builtin token generation capabilities which generates signed tokens using a key derived from the installations base secret avoiding the need to persist the tokens on disk.</p>
<p dir="auto">It also scopes the tokens so that each token can only be used for the intended purpose.</p>
<p dir="auto">Currently this still allows old tokens to be used - once this has been live for a few weeks a second PR will remove that support and drop the old table.</p>

<hr>

<h4>You can view, comment on, or merge this pull request online at:</h4>
<p>  <a href='https://github.com/openstreetmap/openstreetmap-website/pull/4535'>https://github.com/openstreetmap/openstreetmap-website/pull/4535</a></p>

<h4>Commit Summary</h4>
<ul>
  <li><a href="https://github.com/openstreetmap/openstreetmap-website/pull/4535/commits/b42d48ff65b10ae51696e38e4fa8f969c7a3710c" class="commit-link">b42d48f</a>  Add scope for unexpired user tokens</li>
  <li><a href="https://github.com/openstreetmap/openstreetmap-website/pull/4535/commits/b8fad531e47641fc402203edc732c1484d28733a" class="commit-link">b8fad53</a>  Use rails tokens for password resets</li>
  <li><a href="https://github.com/openstreetmap/openstreetmap-website/pull/4535/commits/ad2739347b5fc7c57d8b7131580fda10cc77f108" class="commit-link">ad27393</a>  Use rails tokens for email changes</li>
  <li><a href="https://github.com/openstreetmap/openstreetmap-website/pull/4535/commits/4dff06a6293971c3e17f8508859a1d80717a23f6" class="commit-link">4dff06a</a>  Use rails tokens for signup confirmations</li>
</ul>

<h4 style="display: inline-block">File Changes </h4> <p style="display: inline-block">(<a href="https://github.com/openstreetmap/openstreetmap-website/pull/4535/files">15 files</a>)</p>
<ul>
  <li>
    <strong>M</strong>
    <a href="https://github.com/openstreetmap/openstreetmap-website/pull/4535/files#diff-29beaabe278fd17493296745cecb67919f0906b47b8246ab770f5517615d9ef7">.rubocop_todo.yml</a>
    (2)
  </li>
  <li>
    <strong>M</strong>
    <a href="https://github.com/openstreetmap/openstreetmap-website/pull/4535/files#diff-8ac25145a80d1093fb7a8f1098aa9d5b0a1d70ced7333342a9ec569227d0a82f">app/controllers/concerns/session_methods.rb</a>
    (5)
  </li>
  <li>
    <strong>M</strong>
    <a href="https://github.com/openstreetmap/openstreetmap-website/pull/4535/files#diff-7aef2ace328700051fb00c64431397ca324c650157bf5ddab585023b4e8652d5">app/controllers/concerns/user_methods.rb</a>
    (2)
  </li>
  <li>
    <strong>M</strong>
    <a href="https://github.com/openstreetmap/openstreetmap-website/pull/4535/files#diff-961c5d7e0310073ca00d502eda2687808102441be660a654cab29645fbcea019">app/controllers/confirmations_controller.rb</a>
    (56)
  </li>
  <li>
    <strong>M</strong>
    <a href="https://github.com/openstreetmap/openstreetmap-website/pull/4535/files#diff-e731908a3da0376adc4c661e2db98a148ef9be83a310f7abc2e157a481ca6132">app/controllers/passwords_controller.rb</a>
    (18)
  </li>
  <li>
    <strong>M</strong>
    <a href="https://github.com/openstreetmap/openstreetmap-website/pull/4535/files#diff-cdec550eeeb8fc63be2b5687170f594651a8d0b7f0465c9d807baef392639b6e">app/controllers/sessions_controller.rb</a>
    (7)
  </li>
  <li>
    <strong>M</strong>
    <a href="https://github.com/openstreetmap/openstreetmap-website/pull/4535/files#diff-cfdccd0a9d5df5a43aaad2a35d36ebbe187c52ad5fdc9846fa189d04537adb6e">app/controllers/users_controller.rb</a>
    (4)
  </li>
  <li>
    <strong>M</strong>
    <a href="https://github.com/openstreetmap/openstreetmap-website/pull/4535/files#diff-55254045ba774e4c360d7bbfde054665072d2ab49abc3f21add15a37bba65a1c">app/mailers/user_mailer.rb</a>
    (9)
  </li>
  <li>
    <strong>M</strong>
    <a href="https://github.com/openstreetmap/openstreetmap-website/pull/4535/files#diff-9802ca3c9c4cf89904fd44bc114e35ebdf2c5dd3d5b645491e2b253e1afef29b">app/models/user.rb</a>
    (12)
  </li>
  <li>
    <strong>M</strong>
    <a href="https://github.com/openstreetmap/openstreetmap-website/pull/4535/files#diff-4998c38ac716dcdccb522d0675ad06b11b24f785fc58eb90d5b08ef6e609f5ae">app/models/user_token.rb</a>
    (2)
  </li>
  <li>
    <strong>M</strong>
    <a href="https://github.com/openstreetmap/openstreetmap-website/pull/4535/files#diff-0d2e03e45f001516dac5c734d8c0cdbff7a73028598ed5d2f9f8623e52c6099e">test/controllers/confirmations_controller_test.rb</a>
    (48)
  </li>
  <li>
    <strong>M</strong>
    <a href="https://github.com/openstreetmap/openstreetmap-website/pull/4535/files#diff-b18721527d46de9b2eb33e182fbe7c7e0fb965c010817b030c047b92c0445c20">test/controllers/passwords_controller_test.rb</a>
    (8)
  </li>
  <li>
    <strong>M</strong>
    <a href="https://github.com/openstreetmap/openstreetmap-website/pull/4535/files#diff-0ebf4c65ae927de1d02650f4caa7f2810e14eb64201b7570cb30939f0ee38719">test/controllers/sessions_controller_test.rb</a>
    (5)
  </li>
  <li>
    <strong>M</strong>
    <a href="https://github.com/openstreetmap/openstreetmap-website/pull/4535/files#diff-2719d3c650da3c587f727ca3c105e6bc93a7113f85717bb15983543cf4f85ae5">test/controllers/users_controller_test.rb</a>
    (10)
  </li>
  <li>
    <strong>M</strong>
    <a href="https://github.com/openstreetmap/openstreetmap-website/pull/4535/files#diff-19aa16b7c7e0598a9b16e64733cafc53ac88bc34c658524342c0a0bffde8affc">test/integration/user_creation_test.rb</a>
    (56)
  </li>
</ul>

<h4>Patch Links:</h4>
<ul>
  <li><a href='https://github.com/openstreetmap/openstreetmap-website/pull/4535.patch'>https://github.com/openstreetmap/openstreetmap-website/pull/4535.patch</a></li>
  <li><a href='https://github.com/openstreetmap/openstreetmap-website/pull/4535.diff'>https://github.com/openstreetmap/openstreetmap-website/pull/4535.diff</a></li>
</ul>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />Reply to this email directly, <a href="https://github.com/openstreetmap/openstreetmap-website/pull/4535">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AAK2OLMYLPIPNZK5PWVW523YVHXFRAVCNFSM6AAAAABDYBAUTSVHI2DSMVQWIX3LMV43ASLTON2WKOZSGE2TEMZSHA2DIMI">unsubscribe</a>.<br />You are receiving this because you are subscribed to this thread.<img src="https://github.com/notifications/beacon/AAK2OLNN4N4Z3XXRTLAYNZLYVHXFRA5CNFSM6AAAAABDYBAUTSWGG33NNVSW45C7OR4XAZNFJFZXG5LFVJRW63LNMVXHIX3JMTHIASPM7E.gif" height="1" width="1" alt="" /><span style="color: transparent; font-size: 0; display: none; visibility: hidden; overflow: hidden; opacity: 0; width: 0; height: 0; max-width: 0; max-height: 0; mso-hide: all">Message ID: <span><openstreetmap/openstreetmap-website/pull/4535</span><span>@</span><span>github</span><span>.</span><span>com></span></span></p>
<script type="application/ld+json">[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/openstreetmap/openstreetmap-website/pull/4535",
"url": "https://github.com/openstreetmap/openstreetmap-website/pull/4535",
"name": "View Pull Request"
},
"description": "View this Pull Request on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]</script>