discourse/app/models/email_token.rb

class EmailToken < ActiveRecord::Base
  belongs_to :user

  validates_presence_of :token
  validates_presence_of :user_id
  validates_presence_of :email

  before_validation(on: :create) do
    self.token = EmailToken.generate_token
  end

  after_create do
    # Expire the previous tokens
    EmailToken.where(['user_id = ? and id != ?', self.user_id, self.id]).update_all 'expired = true'
  end

  def self.token_length
    16
  end

  def self.valid_after
    SiteSetting.email_token_valid_hours.hours.ago
  end

  def self.confirm_valid_after
    SiteSetting.email_token_grace_period_hours.ago
  end

  def self.unconfirmed
    where(confirmed: false)
  end

  def self.active
    where(expired: false).where('created_at > ?', valid_after)
  end

  def self.generate_token
    SecureRandom.hex(EmailToken.token_length)
  end

  def self.confirm(token)
    return unless token.present?
    return unless token.length/2 == EmailToken.token_length

    email_token = EmailToken.where("token = ? and expired = FALSE AND ((NOT confirmed AND created_at >= ?) OR (confirmed AND created_at >= ?))", token, EmailToken.valid_after, EmailToken.confirm_valid_after).includes(:user).first
    return if email_token.blank?

    user = email_token.user
    User.transaction do
      row_count = EmailToken.where(id: email_token.id, expired: false).update_all 'confirmed = true'
      if row_count == 1
        # If we are activating the user, send the welcome message
        user.send_welcome_message = !user.active?

        user.active = true
        user.email = email_token.email
        user.save!
      end
    end
    user
  rescue ActiveRecord::RecordInvalid
    # If the user's email is already taken, just return nil (failure)
  end
end

# == Schema Information
#
# Table name: email_tokens
#
#  id         :integer          not null, primary key
#  user_id    :integer          not null
#  email      :string(255)      not null
#  token      :string(255)      not null
#  confirmed  :boolean          default(FALSE), not null
#  expired    :boolean          default(FALSE), not null
#  created_at :datetime
#  updated_at :datetime
#
# Indexes
#
#  index_email_tokens_on_token  (token) UNIQUE
#
Initial release of Discourse 2013-02-06 03:16:51 +08:00			`class EmailToken < ActiveRecord::Base`
			`belongs_to :user`

			`validates_presence_of :token`
			`validates_presence_of :user_id`
			`validates_presence_of :email`

minor cleanup, using AR querying DSL over raw SQL in some places 2013-03-01 02:54:12 +08:00			`before_validation(on: :create) do`
Initial release of Discourse 2013-02-06 03:16:51 +08:00			`self.token = EmailToken.generate_token`
			`end`

			`after_create do`
			`# Expire the previous tokens`
Refactor update_all statements in order to prevent deprecation warnings in Rails 4 2013-07-02 02:45:52 +08:00			`EmailToken.where(['user_id = ? and id != ?', self.user_id, self.id]).update_all 'expired = true'`
Initial release of Discourse 2013-02-06 03:16:51 +08:00			`end`

			`def self.token_length`
			`16`
			`end`

			`def self.valid_after`
FIX: tighten up email token durations 2014-07-02 07:08:25 +08:00			`SiteSetting.email_token_valid_hours.hours.ago`
You can only reuse email tokens within 24 hours. 2014-03-05 03:03:04 +08:00			`end`

			`def self.confirm_valid_after`
FIX: tighten up email token durations 2014-07-02 07:08:25 +08:00			`SiteSetting.email_token_grace_period_hours.ago`
Initial release of Discourse 2013-02-06 03:16:51 +08:00			`end`

Add a link that allows you to send activation email again 2013-02-23 00:49:48 +08:00			`def self.unconfirmed`
			`where(confirmed: false)`
			`end`

			`def self.active`
EmailToken.active needs to check created_at too 2013-02-23 04:19:44 +08:00			`where(expired: false).where('created_at > ?', valid_after)`
Add a link that allows you to send activation email again 2013-02-23 00:49:48 +08:00			`end`

Initial release of Discourse 2013-02-06 03:16:51 +08:00			`def self.generate_token`
			`SecureRandom.hex(EmailToken.token_length)`
			`end`

			`def self.confirm(token)`
			`return unless token.present?`
			`return unless token.length/2 == EmailToken.token_length`

You can only reuse email tokens within 24 hours. 2014-03-05 03:03:04 +08:00			`email_token = EmailToken.where("token = ? and expired = FALSE AND ((NOT confirmed AND created_at >= ?) OR (confirmed AND created_at >= ?))", token, EmailToken.valid_after, EmailToken.confirm_valid_after).includes(:user).first`
Initial release of Discourse 2013-02-06 03:16:51 +08:00			`return if email_token.blank?`

			`user = email_token.user`
			`User.transaction do`
Refactor update_all statements in order to prevent deprecation warnings in Rails 4 2013-07-02 02:45:52 +08:00			`row_count = EmailToken.where(id: email_token.id, expired: false).update_all 'confirmed = true'`
Initial release of Discourse 2013-02-06 03:16:51 +08:00			`if row_count == 1`
			`# If we are activating the user, send the welcome message`
			`user.send_welcome_message = !user.active?`

			`user.active = true`
			`user.email = email_token.email`
			`user.save!`
			`end`
			`end`
			`user`
			`rescue ActiveRecord::RecordInvalid`
			`# If the user's email is already taken, just return nil (failure)`
			`end`
			`end`
moved comments to the bottom, they are way less intrusive there 2013-05-24 10:48:32 +08:00
			`# == Schema Information`
			`#`
			`# Table name: email_tokens`
			`#`
			`# id :integer not null, primary key`
			`# user_id :integer not null`
			`# email :string(255) not null`
			`# token :string(255) not null`
			`# confirmed :boolean default(FALSE), not null`
			`# expired :boolean default(FALSE), not null`
Annotate models 2014-05-28 09:49:50 +08:00			`# created_at :datetime`
			`# updated_at :datetime`
moved comments to the bottom, they are way less intrusive there 2013-05-24 10:48:32 +08:00			`#`
			`# Indexes`
			`#`
			`# index_email_tokens_on_token (token) UNIQUE`
			`#`