mirror of
https://github.com/discourse/discourse.git
synced 2024-12-11 15:53:45 +08:00
fa8cd629f1
This commit adds token_hash and scopes columns to email_tokens table. token_hash is a replacement for the token column to avoid storing email tokens in plaintext as it can pose a security risk. The new scope column ensures that email tokens cannot be used to perform a different action than the one intended. To sum up, this commit: * Adds token_hash and scope to email_tokens * Reuses code that schedules critical_user_email * Refactors EmailToken.confirm and EmailToken.atomic_confirm methods * Periodically cleans old, unconfirmed or expired email tokens
67 lines
2.5 KiB
Ruby
67 lines
2.5 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
class InviteMailer < ActionMailer::Base
|
|
include Email::BuildEmailHelper
|
|
|
|
layout 'email_template'
|
|
|
|
def send_invite(invite, invite_to_topic: false)
|
|
# Find the first topic they were invited to
|
|
first_topic = invite.topics.order(:created_at).first
|
|
|
|
# get invitee name (based on site setting)
|
|
inviter_name = invite.invited_by.username
|
|
if SiteSetting.enable_names && invite.invited_by.name.present?
|
|
inviter_name = "#{invite.invited_by.name} (#{invite.invited_by.username})"
|
|
end
|
|
|
|
sanitized_message = invite.custom_message.present? ?
|
|
ActionView::Base.full_sanitizer.sanitize(invite.custom_message.gsub(/\n+/, " ").strip) : nil
|
|
|
|
# If they were invited to a topic
|
|
if invite_to_topic && first_topic.present?
|
|
# get topic excerpt
|
|
topic_excerpt = ""
|
|
if first_topic.excerpt
|
|
topic_excerpt = first_topic.excerpt.tr("\n", " ")
|
|
end
|
|
|
|
topic_title = first_topic.try(:title)
|
|
if SiteSetting.private_email?
|
|
topic_title = I18n.t("system_messages.private_topic_title", id: first_topic.id)
|
|
topic_excerpt = ""
|
|
end
|
|
|
|
build_email(invite.email,
|
|
template: sanitized_message ? 'custom_invite_mailer' : 'invite_mailer',
|
|
inviter_name: inviter_name,
|
|
site_domain_name: Discourse.current_hostname,
|
|
invite_link: invite.link(with_email_token: true),
|
|
topic_title: topic_title,
|
|
topic_excerpt: topic_excerpt,
|
|
site_description: SiteSetting.site_description,
|
|
site_title: SiteSetting.title,
|
|
user_custom_message: sanitized_message)
|
|
else
|
|
build_email(invite.email,
|
|
template: sanitized_message ? 'custom_invite_forum_mailer' : 'invite_forum_mailer',
|
|
inviter_name: inviter_name,
|
|
site_domain_name: Discourse.current_hostname,
|
|
invite_link: invite.link(with_email_token: true),
|
|
site_description: SiteSetting.site_description,
|
|
site_title: SiteSetting.title,
|
|
user_custom_message: sanitized_message)
|
|
end
|
|
end
|
|
|
|
def send_password_instructions(user)
|
|
if user.present?
|
|
email_token = user.email_tokens.create!(email: user.email, scope: EmailToken.scopes[:password_reset])
|
|
build_email(user.email,
|
|
template: 'invite_password_instructions',
|
|
email_token: email_token.token)
|
|
end
|
|
end
|
|
|
|
end
|