mirror of
https://github.com/discourse/discourse.git
synced 2024-12-25 14:23:53 +08:00
fa8cd629f1
This commit adds token_hash and scopes columns to email_tokens table. token_hash is a replacement for the token column to avoid storing email tokens in plaintext as it can pose a security risk. The new scope column ensures that email tokens cannot be used to perform a different action than the one intended. To sum up, this commit: * Adds token_hash and scope to email_tokens * Reuses code that schedules critical_user_email * Refactors EmailToken.confirm and EmailToken.atomic_confirm methods * Periodically cleans old, unconfirmed or expired email tokens
35 lines
1.0 KiB
Plaintext
35 lines
1.0 KiB
Plaintext
<div id="simple-container">
|
|
<% if @almost_done %>
|
|
<h2><%= t 'change_email.authorizing_old.almost_done_title' %></h2>
|
|
<p>
|
|
<%= t 'change_email.authorizing_old.almost_done_description' %>
|
|
</p>
|
|
<% elsif @error %>
|
|
<div class='alert alert-error'>
|
|
<%= @error %>
|
|
</div>
|
|
<% else %>
|
|
<h2><%= t 'change_email.authorizing_old.title' %></h2>
|
|
<p>
|
|
<% if @change_request&.old_email %>
|
|
<%= t 'change_email.authorizing_old.description' %>
|
|
<br>
|
|
<br>
|
|
<%= t 'change_email.authorizing_old.old_email', email: @from_email %>
|
|
<br>
|
|
<%= t 'change_email.authorizing_old.new_email', email: @to_email %>
|
|
<% else %>
|
|
<%= t 'change_email.authorizing_old.description_add' %>
|
|
<br>
|
|
<br>
|
|
<%= @to_email %>
|
|
<% end %>
|
|
</p>
|
|
|
|
<%=form_tag(u_confirm_old_email_path, method: :put) do %>
|
|
<%= hidden_field_tag 'token', params[:token] %>
|
|
<%= submit_tag t('change_email.confirm'), class: "btn btn-primary" %>
|
|
<% end %>
|
|
<% end %>
|
|
</div>
|