Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

FEATURE: remove email_token_grace_period_hours 

The site setting email_token_grace_period_hours just causes confusion and
should not be used anyway.

Out of the box, tokens stop working once confirmed, no need to add complexity here
This commit is contained in:
Sam 2016-12-19 17:15:20 +11:00
parent 7918d99a2e
commit eb2db23b40
5 changed files with 17 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
app/models/email_token.rb
View File

@ -23,10 +23,6 @@ class EmailToken < ActiveRecord::Base
SiteSetting.email_token_valid_hours.hours.ago
end
def self.confirm_valid_after
SiteSetting.email_token_grace_period_hours.hours.ago
end
def self.unconfirmed
where(confirmed: false)
end
@ -52,7 +48,7 @@ class EmailToken < ActiveRecord::Base
user = email_token.user
failure[:user] = user
row_count = EmailToken.where(id: email_token.id, expired: false).update_all 'confirmed = true'
row_count = EmailToken.where(confirmed: false, id: email_token.id, expired: false).update_all 'confirmed = true'
if row_count == 1
{ success: true, user: user, email_token: email_token }
@ -85,8 +81,8 @@ class EmailToken < ActiveRecord::Base
def self.confirmable(token)
EmailToken.where(token: token)
.where(expired: false)
.where("(NOT confirmed AND created_at >= ?) OR (confirmed AND created_at >= ?)", EmailToken.valid_after, EmailToken.confirm_valid_after)
.where(expired: false, confirmed: false)
.where("created_at >= ?", EmailToken.valid_after)
.includes(:user)
.first
end

1
config/locales/server.en.yml
View File

@ -977,7 +977,6 @@ en:
prioritize_username_in_ux: "Show username first on user page, user card and posts (when disabled name is shown first)"
email_token_valid_hours: "Forgot password / activate account tokens are valid for (n) hours."
email_token_grace_period_hours: "Forgot password / activate account tokens are still valid for a grace period of (n) hours after being redeemed."
enable_badges: "Enable the badge system"
enable_whispers: "Allow staff private communication within topics."

1
config/site_settings.yml
View File

@ -389,7 +389,6 @@ users:
email_token_valid_hours:
default: 48
min: 1
email_token_grace_period_hours: 0
purge_unactivated_users_grace_period_days: 14
public_user_custom_fields:
type: list

13
spec/controllers/users_controller_spec.rb
View File

@ -266,6 +266,19 @@ describe UsersController do
expect(session["password-#{token}"]).to be_blank
end
it 'disallows double password reset' do
user = Fabricate(:user, auth_token: SecureRandom.hex(16))
token = user.email_tokens.create(email: user.email).token
get :password_reset, token: token
put :password_reset, token: token, password: 'hg9ow8yhg98o'
put :password_reset, token: token, password: 'test123123Asdfsdf'
user.reload
expect(user.confirm_password?('hg9ow8yhg98o')).to eq(true)
end
it "redirects to the wizard if you're the first admin" do
user = Fabricate(:admin, auth_token: SecureRandom.hex(16), auth_token_updated_at: Time.now)
token = user.email_tokens.create(email: user.email).token

18
spec/models/email_token_spec.rb
View File

@ -90,16 +90,6 @@ describe EmailToken do
expect(user.send_welcome_message).to eq true
end
context "when using the code a second time" do
it "doesn't send the welcome message" do
SiteSetting.email_token_grace_period_hours = 1
EmailToken.confirm(email_token.token)
user = EmailToken.confirm(email_token.token)
expect(user.send_welcome_message).to eq false
end
end
end
context 'success' do
@ -120,13 +110,7 @@ describe EmailToken do
expect(email_token).to be_confirmed
end
it "can be confirmed again" do
EmailToken.stubs(:confirm_valid_after).returns(1.hour.ago)
expect(EmailToken.confirm(email_token.token)).to eq user
# Unless `confirm_valid_after` has passed
EmailToken.stubs(:confirm_valid_after).returns(1.hour.from_now)
it "will not confirm again" do
expect(EmailToken.confirm(email_token.token)).to be_blank
end
end