discourse/app/models/email_token.rb

class EmailToken < ActiveRecord::Base
  belongs_to :user

  validates :token, :user_id, :email, presence: true

  before_validation(on: :create) do
    self.token = EmailToken.generate_token
    self.email = self.email.downcase if self.email
  end

  after_create do
    # Expire the previous tokens
    EmailToken.where(user_id: self.user_id)
      .where("id != ?", self.id)
      .update_all(expired: true)
  end

  def self.token_length
    16
  end

  def self.valid_after
    SiteSetting.email_token_valid_hours.hours.ago
  end

  def self.unconfirmed
    where(confirmed: false)
  end

  def self.active
    where(expired: false).where('created_at > ?', valid_after)
  end

  def self.generate_token
    SecureRandom.hex(EmailToken.token_length)
  end

  def self.valid_token_format?(token)
    token.present? && token =~ /\h{#{token.length / 2}}/i
  end

  def self.atomic_confirm(token)
    failure = { success: false }
    return failure unless valid_token_format?(token)

    email_token = confirmable(token)
    return failure if email_token.blank?

    user = email_token.user
    failure[:user] = user
    row_count = EmailToken.where(confirmed: false, id: email_token.id, expired: false).update_all 'confirmed = true'

    if row_count == 1
      { success: true, user: user, email_token: email_token }
    else
      failure
    end
  end

  def self.confirm(token)
    User.transaction do
      result = atomic_confirm(token)
      user = result[:user]
      if result[:success]
        # If we are activating the user, send the welcome message
        user.send_welcome_message = !user.active?
        user.active = true
        user.email = result[:email_token].email
        user.save!
        user.set_automatic_groups
      end

      if user
        return User.find_by_email(user.email) if Invite.redeem_from_email(user.email).present?
        user
      end
    end
  rescue ActiveRecord::RecordInvalid
    # If the user's email is already taken, just return nil (failure)
  end

  def self.confirmable(token)
    EmailToken.where(token: token)
      .where(expired: false, confirmed: false)
      .where("created_at >= ?", EmailToken.valid_after)
      .includes(:user)
      .first
  end
end

# == Schema Information
#
# Table name: email_tokens
#
#  id         :integer          not null, primary key
#  user_id    :integer          not null
#  email      :string(255)      not null
#  token      :string(255)      not null
#  confirmed  :boolean          default(FALSE), not null
#  expired    :boolean          default(FALSE), not null
#  created_at :datetime         not null
#  updated_at :datetime         not null
#
# Indexes
#
#  index_email_tokens_on_token    (token) UNIQUE
#  index_email_tokens_on_user_id  (user_id)
#
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`class EmailToken < ActiveRecord::Base`
			`belongs_to :user`

Fix access specifiers with private_class_methods instead of removing directly 2014-10-03 23:07:20 -04:00			`validates :token, :user_id, :email, presence: true`
Initial release of Discourse 2013-02-05 14:16:51 -05:00
minor cleanup, using AR querying DSL over raw SQL in some places 2013-02-28 13:54:12 -05:00			`before_validation(on: :create) do`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`self.token = EmailToken.generate_token`
Emails are case insensitive 2014-07-14 10:16:24 -04:00			`self.email = self.email.downcase if self.email`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`end`

			`after_create do`
			`# Expire the previous tokens`
FEATURE: handle bounced emails 2016-05-02 17:15:32 -04:00			`EmailToken.where(user_id: self.user_id)`
Add rubocop to our build. (#5004) 2017-07-27 21:20:09 -04:00			`.where("id != ?", self.id)`
			`.update_all(expired: true)`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`end`

			`def self.token_length`
			`16`
			`end`

			`def self.valid_after`
FIX: tighten up email token durations 2014-07-01 19:08:25 -04:00			`SiteSetting.email_token_valid_hours.hours.ago`
You can only reuse email tokens within 24 hours. 2014-03-04 14:03:04 -05:00			`end`

Add a link that allows you to send activation email again 2013-02-22 11:49:48 -05:00			`def self.unconfirmed`
			`where(confirmed: false)`
			`end`

			`def self.active`
EmailToken.active needs to check created_at too 2013-02-22 15:19:44 -05:00			`where(expired: false).where('created_at > ?', valid_after)`
Add a link that allows you to send activation email again 2013-02-22 11:49:48 -05:00			`end`

Initial release of Discourse 2013-02-05 14:16:51 -05:00			`def self.generate_token`
			`SecureRandom.hex(EmailToken.token_length)`
			`end`

SECURITY: Prefix session key and validate token format. 2014-08-25 15:30:52 -04:00			`def self.valid_token_format?(token)`
Add rubocop to our build. (#5004) 2017-07-27 21:20:09 -04:00			`token.present? && token =~ /\h{#{token.length / 2}}/i`
SECURITY: Prefix session key and validate token format. 2014-08-25 15:30:52 -04:00			`end`

SECURITY: Support for confirm old as well as new email accounts 2016-03-07 14:40:11 -05:00			`def self.atomic_confirm(token)`
			`failure = { success: false }`
			`return failure unless valid_token_format?(token)`
Initial release of Discourse 2013-02-05 14:16:51 -05:00
FIX: only invalidate password reset links using javascript 2016-01-04 11:48:54 -05:00			`email_token = confirmable(token)`
SECURITY: Support for confirm old as well as new email accounts 2016-03-07 14:40:11 -05:00			`return failure if email_token.blank?`
Initial release of Discourse 2013-02-05 14:16:51 -05:00
			`user = email_token.user`
SECURITY: Support for confirm old as well as new email accounts 2016-03-07 14:40:11 -05:00			`failure[:user] = user`
FEATURE: remove email_token_grace_period_hours The site setting email_token_grace_period_hours just causes confusion and should not be used anyway. Out of the box, tokens stop working once confirmed, no need to add complexity here 2016-12-19 01:15:20 -05:00			`row_count = EmailToken.where(confirmed: false, id: email_token.id, expired: false).update_all 'confirmed = true'`
FEATURE: handle bounced emails 2016-05-02 17:15:32 -04:00
SECURITY: Support for confirm old as well as new email accounts 2016-03-07 14:40:11 -05:00			`if row_count == 1`
FEATURE: handle bounced emails 2016-05-02 17:15:32 -04:00			`{ success: true, user: user, email_token: email_token }`
			`else`
			`failure`
SECURITY: Support for confirm old as well as new email accounts 2016-03-07 14:40:11 -05:00			`end`
			`end`

			`def self.confirm(token)`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`User.transaction do`
SECURITY: Support for confirm old as well as new email accounts 2016-03-07 14:40:11 -05:00			`result = atomic_confirm(token)`
			`user = result[:user]`
			`if result[:success]`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`# If we are activating the user, send the welcome message`
			`user.send_welcome_message = !user.active?`
			`user.active = true`
SECURITY: Support for confirm old as well as new email accounts 2016-03-07 14:40:11 -05:00			`user.email = result[:email_token].email`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`user.save!`
FIX: user's default group should only be set once Setting a user's default groups based on their email address should only be done once, ie. when they confirm their email address. Previously we were doing this everytime we'd save a user record :shrug: 2017-06-14 13:20:18 -04:00			`user.set_automatic_groups`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`end`
FIX: only invalidate password reset links using javascript 2016-01-04 11:48:54 -05:00
SECURITY: Support for confirm old as well as new email accounts 2016-03-07 14:40:11 -05:00			`if user`
FEATURE: phase 1 of supporting multiple email addresses 2017-04-26 14:47:36 -04:00			`return User.find_by_email(user.email) if Invite.redeem_from_email(user.email).present?`
SECURITY: Support for confirm old as well as new email accounts 2016-03-07 14:40:11 -05:00			`user`
			`end`
			`end`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`rescue ActiveRecord::RecordInvalid`
			`# If the user's email is already taken, just return nil (failure)`
			`end`
FIX: only invalidate password reset links using javascript 2016-01-04 11:48:54 -05:00
			`def self.confirmable(token)`
FEATURE: handle bounced emails 2016-05-02 17:15:32 -04:00			`EmailToken.where(token: token)`
Add rubocop to our build. (#5004) 2017-07-27 21:20:09 -04:00			`.where(expired: false, confirmed: false)`
			`.where("created_at >= ?", EmailToken.valid_after)`
			`.includes(:user)`
			`.first`
FIX: only invalidate password reset links using javascript 2016-01-04 11:48:54 -05:00			`end`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`end`
moved comments to the bottom, they are way less intrusive there 2013-05-23 22:48:32 -04:00
			`# == Schema Information`
			`#`
			`# Table name: email_tokens`
			`#`
			`# id :integer not null, primary key`
			`# user_id :integer not null`
update annotations 2017-12-05 10:29:14 -05:00			`# email :string(255) not null`
			`# token :string(255) not null`
moved comments to the bottom, they are way less intrusive there 2013-05-23 22:48:32 -04:00			`# confirmed :boolean default(FALSE), not null`
			`# expired :boolean default(FALSE), not null`
FIX: remove nullable dates post upgrade to Rails 4 2014-08-27 01:19:25 -04:00			`# created_at :datetime not null`
			`# updated_at :datetime not null`
moved comments to the bottom, they are way less intrusive there 2013-05-23 22:48:32 -04:00			`#`
			`# Indexes`
			`#`
Updated model anotations 2014-08-22 13:01:44 -04:00			`# index_email_tokens_on_token (token) UNIQUE`
			`# index_email_tokens_on_user_id (user_id)`
moved comments to the bottom, they are way less intrusive there 2013-05-23 22:48:32 -04:00			`#`