Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

You can only reuse email tokens within 24 hours.

This commit is contained in:
Robin Ward 2014-03-04 14:03:04 -05:00
parent 15c9c90533
commit aa3f7f764d
2 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/models/email_token.rb
View File

@ -19,6 +19,10 @@ class EmailToken < ActiveRecord::Base
end end
def self.valid_after def self.valid_after
1.week.ago
end
def self.confirm_valid_after
1.day.ago 1.day.ago
end end
@ -38,7 +42,7 @@ class EmailToken < ActiveRecord::Base
return unless token.present? return unless token.present?
return unless token.length/2 == EmailToken.token_length return unless token.length/2 == EmailToken.token_length
email_token = EmailToken.where("token = ? and expired = FALSE and created_at >= ?", token, EmailToken.valid_after).includes(:user).first email_token = EmailToken.where("token = ? and expired = FALSE AND ((NOT confirmed AND created_at >= ?) OR (confirmed AND created_at >= ?))", token, EmailToken.valid_after, EmailToken.confirm_valid_after).includes(:user).first
return if email_token.blank? return if email_token.blank?
user = email_token.user user = email_token.user

10
spec/models/email_token_spec.rb
View File

@ -118,6 +118,16 @@ describe EmailToken do
email_token.should be_confirmed email_token.should be_confirmed
end end
it "can be confirmed again" do
EmailToken.stubs(:confirm_valid_after).returns(1.hour.ago)
EmailToken.confirm(email_token.token).should == user
# Unless `confirm_valid_after` has passed
EmailToken.stubs(:confirm_valid_after).returns(1.hour.from_now)
EmailToken.confirm(email_token.token).should be_blank
end
end end