[openstreetmap/openstreetmap-website] Use rails generated tokens for emails (PR #4535)

Tom Hughes notifications at github.com
Sat Feb 24 14:02:00 UTC 2024 

This replaces our `user_tokens` table with a modern system based on rails builtin token generation capabilities which generates signed tokens using a key derived from the installations base secret avoiding the need to persist the tokens on disk.

It also scopes the tokens so that each token can only be used for the intended purpose.

Currently this still allows old tokens to be used - once this has been live for a few weeks a second PR will remove that support and drop the old table.
You can view, comment on, or merge this pull request online at:

  https://github.com/openstreetmap/openstreetmap-website/pull/4535

-- Commit Summary --

  * Add scope for unexpired user tokens
  * Use rails tokens for password resets
  * Use rails tokens for email changes
  * Use rails tokens for signup confirmations

-- File Changes --

    M .rubocop_todo.yml (2)
    M app/controllers/concerns/session_methods.rb (5)
    M app/controllers/concerns/user_methods.rb (2)
    M app/controllers/confirmations_controller.rb (56)
    M app/controllers/passwords_controller.rb (18)
    M app/controllers/sessions_controller.rb (7)
    M app/controllers/users_controller.rb (4)
    M app/mailers/user_mailer.rb (9)
    M app/models/user.rb (12)
    M app/models/user_token.rb (2)
    M test/controllers/confirmations_controller_test.rb (48)
    M test/controllers/passwords_controller_test.rb (8)
    M test/controllers/sessions_controller_test.rb (5)
    M test/controllers/users_controller_test.rb (10)
    M test/integration/user_creation_test.rb (56)

-- Patch Links --

https://github.com/openstreetmap/openstreetmap-website/pull/4535.patch
https://github.com/openstreetmap/openstreetmap-website/pull/4535.diff

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/4535
You are receiving this because you are subscribed to this thread.

Message ID: <openstreetmap/openstreetmap-website/pull/4535 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20240224/1253abde/attachment.htm>

More information about the rails-dev mailing list