Commit Graph

20 Commits

Author SHA1 Message Date
Dan Ungureanu
f0c1a4fab8
FIX: Create email token with correct scope (#15658)
`account_created` email contains a URL to `/u/password-reset/TOKEN`
which means that the correct scope for the email token is
`password_reset`, not `signup`.
2022-01-20 16:38:56 +02:00
Dan Ungureanu
fa8cd629f1
DEV: Hash tokens stored from email_tokens (#14493)
This commit adds token_hash and scopes columns to email_tokens table.
token_hash is a replacement for the token column to avoid storing email
tokens in plaintext as it can pose a security risk. The new scope column
ensures that email tokens cannot be used to perform a different action
than the one intended.

To sum up, this commit:

* Adds token_hash and scope to email_tokens

* Reuses code that schedules critical_user_email

* Refactors EmailToken.confirm and EmailToken.atomic_confirm methods

* Periodically cleans old, unconfirmed or expired email tokens
2021-11-25 09:34:39 +02:00
Josh Soref
59097b207f
DEV: Correct typos and spelling mistakes (#12812)
Over the years we accrued many spelling mistakes in the code base. 

This PR attempts to fix spelling mistakes and typos in all areas of the code that are extremely safe to change 

- comments
- test descriptions
- other low risk areas
2021-05-21 11:43:47 +10:00
Gerhard Schlager
5c662128d3
DEV: Rake task for creating admin should ask for full name if required (#11096) 2020-11-02 11:12:42 +01:00
Sam Saffron
a14313e9d0
FIX: RANDOM_PASSWORD not working rake admin:create
We regressed behavior of this env var which enable admin account
creation with a random password
2020-03-15 17:24:11 +11:00
Hector Bustillos
42758379b9 FEATURE: Adds a message when the passwords doesn't match in rake admin:create (#8543) 2019-12-13 11:40:33 +11:00
Sam Saffron
30990006a9 DEV: enable frozen string literal on all files
This reduces chances of errors where consumers of strings mutate inputs
and reduces memory usage of the app.

Test suite passes now, but there may be some stuff left, so we will run
a few sites on a branch prior to merging
2019-05-13 09:31:32 +08:00
Sam Saffron
abbbcb2622 DEV: allow creating users with random passwords via rake
Use: `RANDOM_PASSWORD=1 bin/rake admin:create`

Handy in conjunction with dev mode /session/username/become.
2018-12-18 11:43:16 +08:00
Arpit Jalan
cd66dd1404 fix admin rake task 2018-04-07 16:57:17 +05:30
Sam
0d6cfe45bf tl1 should be enough for grant admin. tl4 is hard to revert 2018-04-05 10:53:11 +10:00
Guo Xiang Tan
5012d46cbd Add rubocop to our build. (#5004) 2017-07-28 10:20:09 +09:00
Neil Lalonde
0a9e284277 FIX: rake admin:invite sends an email that makes it clear that an account was created for the recipient 2014-09-11 12:49:01 -04:00
Sam
f9ae7472b4 FEATURE: rake admin:invite task 2014-09-09 09:04:01 +10:00
Sam
950e5c9965 fix task 2014-09-05 17:49:51 +10:00
Sam
a2a78fbad1 FIX: rake admin:create suggests better name
FIX: rake admin:create ensures account active
2014-07-16 17:55:08 +10:00
Arpit Jalan
48940b9bbe Refactor admin create task 2014-07-07 16:58:23 +05:30
Arpit Jalan
7cb67b028d Update admin create task 2014-07-02 13:30:38 +05:30
Arpit Jalan
cd07bf5611 Update admin rake task 2014-07-02 02:03:02 +05:30
Sam Saffron
e91f944851 BUGFIX: rake task for creating an admin was not activating the account 2014-05-27 12:39:15 +10:00
Pavel Penkov
cb3b79407d Added admin:create rake task 2013-06-10 05:56:51 +04:00