discourse/spec/models
Dan Ungureanu fa8cd629f1
DEV: Hash tokens stored from email_tokens (#14493)
This commit adds token_hash and scopes columns to email_tokens table.
token_hash is a replacement for the token column to avoid storing email
tokens in plaintext as it can pose a security risk. The new scope column
ensures that email tokens cannot be used to perform a different action
than the one intended.

To sum up, this commit:

* Adds token_hash and scope to email_tokens

* Reuses code that schedules critical_user_email

* Refactors EmailToken.confirm and EmailToken.atomic_confirm methods

* Periodically cleans old, unconfirmed or expired email tokens
2021-11-25 09:34:39 +02:00
..
about_spec.rb DEV: Correct typos and spelling mistakes (#12812) 2021-05-21 11:43:47 +10:00
admin_dashboard_problem_spec.rb DEV: Correct typos and spelling mistakes (#12812) 2021-05-21 11:43:47 +10:00
api_key_spec.rb FEATURE: Add read-only scope to API keys (#14856) 2021-11-10 17:48:00 +02:00
application_request_spec.rb
badge_spec.rb DEV: Sanitize HTML admin inputs (#14681) 2021-10-27 11:33:07 -03:00
badge_type_spec.rb
bookmark_spec.rb DEV: Add for_topic column to bookmarks (#14343) 2021-09-15 11:29:22 +10:00
category_featured_topic_spec.rb
category_group_spec.rb
category_list_spec.rb FIX: exclude topics from muted tag in category featured list. (#14925) 2021-11-16 12:10:50 +05:30
category_spec.rb FEATURE: Allow admins to permanently delete posts and topics (#14406) 2021-10-13 12:53:23 +03:00
category_user_spec.rb FIX: Wrong scope used for notification levels user serializer (#13039) 2021-05-14 09:45:14 +10:00
child_theme_spec.rb
color_scheme_color_spec.rb
color_scheme_spec.rb PERF: Eager load Theme associations in Stylesheet Manager. 2021-06-21 11:06:58 +08:00
developer_spec.rb
digest_email_site_setting_spec.rb
directory_item_spec.rb
discourse_single_sign_on_spec.rb DEV: Update DiscourseConnect nonce errors to be more descriptive (#14858) 2021-11-09 17:39:05 +00:00
do_not_disturb_timing_spec.rb FEATURE: Do not disturb (#11484) 2020-12-18 09:03:51 -06:00
draft_sequence_spec.rb FIX: Update draft count when sequence is increased (#13940) 2021-08-04 13:30:37 +03:00
draft_spec.rb FIX: Update draft count after creating a post (#13884) 2021-07-29 17:06:11 +03:00
email_change_request_spec.rb
email_log_spec.rb FEATURE: Use group SMTP job and mailer instead of UserNotifications change (#13489) 2021-06-28 08:55:13 +10:00
email_token_spec.rb DEV: Hash tokens stored from email_tokens (#14493) 2021-11-25 09:34:39 +02:00
embeddable_host_spec.rb FIX: use allowlist and blocklist terminology (#10209) 2020-07-27 10:23:54 +10:00
emoji_spec.rb FEATURE: Render emojis on GitHub labels when oneboxing an issue. (#13531) 2021-06-25 14:48:36 -03:00
given_daily_like_spec.rb
global_setting_spec.rb Build(deps): Bump rubocop from 1.18.2 to 1.18.3 (#13653) 2021-07-07 01:51:43 +02:00
group_archived_message_spec.rb FEATURE: Display unread and new counts for messages. (#14059) 2021-08-25 11:17:56 +08:00
group_history_spec.rb
group_spec.rb DEV: Move imap_helper to spec/support directory (#14776) 2021-10-29 20:46:25 +02:00
group_user_spec.rb FIX: use active record update_attribute instead of mini sql. (#14367) 2021-09-21 09:29:12 +08:00
incoming_link_spec.rb
incoming_links_report_spec.rb
invite_redeemer_spec.rb FIX: Allow invites if must_approve_users is true (#13257) 2021-06-07 18:57:08 +03:00
invite_spec.rb FEATURE: Warn if invited user cannot see topic (#13548) 2021-07-06 12:49:26 +03:00
javascript_cache_spec.rb
locale_site_setting_spec.rb use more appropriate labels for chinese UI option 2021-07-27 22:47:59 +08:00
mailing_list_mode_site_setting_spec.rb
notification_spec.rb DEV: Fix spec (#15036) 2021-11-22 15:59:10 +11:00
optimized_image_spec.rb DEV: Remove the remaining Travis code (#13255) 2021-06-02 20:29:47 +02:00
permalink_spec.rb
plugin_store_spec.rb
post_action_spec.rb FIX: remove 'crawl_images' site setting (#14646) 2021-10-19 17:12:29 +05:30
post_action_type_spec.rb FIX: Clear post action types application serializer fragment cache. 2021-06-04 09:14:49 +08:00
post_analyzer_spec.rb FIX: Improve anchor links (#12683) 2021-04-14 10:27:07 +03:00
post_detail_spec.rb
post_mover_spec.rb FIX: nil the baked version after moving the posts. (#14483) 2021-10-12 17:31:18 +11:00
post_reply_key_spec.rb
post_reply_spec.rb
post_spec.rb FIX: Show right message when permanently deleting topic (#14717) 2021-10-26 18:31:15 +03:00
post_timing_spec.rb FEATURE: Add last visit indication to topic view page. (#13471) 2021-07-05 14:17:31 +08:00
post_upload_spec.rb
private_message_topic_tracking_state_spec.rb FIX: Do not publish post for PM topic tracking if not new for user. (#14469) 2021-09-29 13:54:24 +08:00
published_page_spec.rb
quoted_post_spec.rb FIX: remove 'crawl_images' site setting (#14646) 2021-10-19 17:12:29 +05:30
remote_theme_spec.rb FEATURE: Introduce theme/component QUnit tests (take 2) (#12661) 2021-04-12 15:02:58 +03:00
report_spec.rb FEATURE: Add post edits count to user activity (#13495) 2021-08-02 10:15:53 -04:00
reviewable_claimed_topic_spec.rb
reviewable_flagged_post_spec.rb FEATURE: Notify responders of post removal (#15049) 2021-11-24 09:28:20 -06:00
reviewable_history_spec.rb
reviewable_post_spec.rb FEATURE: Review every post using the review queue. (#12734) 2021-04-21 08:41:36 -03:00
reviewable_queued_post_spec.rb FEATURE: Blocking is optional when deleting a user from the review queue. (#13375) 2021-06-15 12:35:45 -03:00
reviewable_score_spec.rb FIX: Recalculate scores only when approving or transitioning to pending. (#13009) 2021-05-10 14:09:04 -03:00
reviewable_spec.rb FIX: Check type of existing reviewables when new reviewable is created (#13662) 2021-07-07 11:45:00 -05:00
reviewable_user_spec.rb FEATURE: Blocking is optional when deleting a user from the review queue. (#13375) 2021-06-15 12:35:45 -03:00
s3_region_site_setting_spec.rb
screened_email_spec.rb
screened_ip_address_spec.rb FIX: use allowlist and blocklist terminology (#10209) 2020-07-27 10:23:54 +10:00
screened_url_spec.rb
search_log_spec.rb
site_setting_spec.rb DEV: Sanitize HTML admin inputs (#14681) 2021-10-27 11:33:07 -03:00
site_spec.rb FIX: Missing category edit icon. 2021-06-28 10:54:23 +08:00
skipped_email_log_spec.rb
stylesheet_cache_spec.rb PERF: Add scheduled job to delete old stylesheet cache rows (#13747) 2021-07-16 10:58:01 -04:00
tag_group_spec.rb
tag_spec.rb FIX: URL encode tag name (#11393) 2020-12-02 12:36:41 +05:30
tag_user_spec.rb FIX: Wrong scope used for notification levels user serializer (#13039) 2021-05-14 09:45:14 +10:00
theme_field_spec.rb FIX: do not raise exception when svg path is nil (#13844) 2021-07-26 12:35:27 +10:00
theme_modifier_set_spec.rb
theme_spec.rb FEATURE: Allow theme settings to request refresh (#15037) 2021-11-22 13:16:56 +01:00
top_menu_item_spec.rb
top_topic_spec.rb
topic_allowed_user_spec.rb
topic_converter_spec.rb
topic_embed_spec.rb FIX: Convert URLs embedded topics to absolute form (#14975) 2021-11-17 16:39:49 +11:00
topic_featured_users_spec.rb
topic_group_spec.rb
topic_invite_spec.rb
topic_link_click_spec.rb DEV: Clean up S3 specs, stubs, and helpers 2020-09-28 12:02:25 +01:00
topic_link_spec.rb FIX: Hide links to muted topics and in categories list (#14761) 2021-10-29 17:52:23 +03:00
topic_list_spec.rb FIX: new-topic route with sub-category and tags were broken (#12503) 2021-03-24 19:54:29 +05:30
topic_participants_summary_spec.rb
topic_posters_summary_spec.rb Fix i18n issues reported on Crowdin (#11747) 2021-02-02 10:50:04 +01:00
topic_spec.rb FIX: exclude suppressed category topics in digest even if unmuted. (#14793) 2021-11-03 12:47:09 +05:30
topic_tag_spec.rb
topic_thumbnail_spec.rb PERF: we don't need to use a huge image to test thumbnails (#11025) 2020-10-27 12:39:52 +11:00
topic_timer_spec.rb FIX: Remove legacy topic timer code (#13544) 2021-06-29 09:16:25 +10:00
topic_tracking_state_spec.rb FIX: topic_tracking_state not erroring when missing user_stat (#14559) 2021-10-11 13:20:55 +11:00
topic_user_spec.rb FEATURE: Publish read topic tracking events for private messages. (#14274) 2021-09-09 09:16:53 +08:00
topic_view_item_spec.rb
translation_override_spec.rb DEV: Sanitize HTML admin inputs (#14681) 2021-10-27 11:33:07 -03:00
trust_level_and_staff_setting_spec.rb DEV: Fix another flaky spec 2021-06-08 09:54:37 +08:00
trust_level_setting_spec.rb DEV: Fix flaky test due to locale cache poisoning 2021-06-08 13:13:38 +10:00
trust_level3_requirements_spec.rb
unsubscribe_key_spec.rb
upload_spec.rb FIX: manually adds frowning_face_with_open_mouth for apple (#13528) 2021-07-21 23:27:20 +02:00
user_action_spec.rb FIX: Correctly publish messages unconditionally to admins (#13053) 2021-05-20 16:58:27 +10:00
user_api_key_spec.rb REFACTOR: Introduce RouteMatcher class 2020-10-19 10:40:55 +01:00
user_archived_message_spec.rb FIX: Don't publish PM archive events to acting user. (#14291) 2021-09-10 09:20:50 +08:00
user_auth_token_spec.rb
user_avatar_spec.rb
user_badge_spec.rb
user_bookmark_list_spec.rb FEATURE: Go to last unread for topic-level bookmark links (#14396) 2021-09-21 13:49:56 +10:00
user_email_spec.rb FEATURE: Add email normalization rules setting (#14593) 2021-11-24 11:30:06 +02:00
user_export_spec.rb
user_field_spec.rb DEV: Sanitize HTML admin inputs (#14681) 2021-10-27 11:33:07 -03:00
user_history_spec.rb
user_notification_schedule_spec.rb DEV: Upgrade Rails to 6.1.3.1 (#12688) 2021-04-21 12:36:32 +03:00
user_option_spec.rb DEV: UserOption.user_tzinfo (#14088) 2021-08-19 21:56:14 +02:00
user_profile_spec.rb FIX: Make sure rel attributes are correctly set. (#10645) 2020-09-10 12:59:51 -03:00
user_profile_view_spec.rb
user_search_spec.rb FIX: Show user filter hints when typing @ in search (#13799) 2021-07-21 09:14:53 -04:00
user_second_factor_spec.rb
user_spec.rb DEV: Hash tokens stored from email_tokens (#14493) 2021-11-25 09:34:39 +02:00
user_stat_spec.rb DEV: Fix flaky specs due to 8226ab1099. (#15060) 2021-11-23 15:26:55 +08:00
user_summary_spec.rb FIX: exclude moderator_action post for reply count in user summary. (#14991) 2021-11-18 13:42:03 +05:30
user_visit_spec.rb
username_validator_spec.rb DEV: Correct typos and spelling mistakes (#12812) 2021-05-21 11:43:47 +10:00
watched_word_spec.rb DEV: Add test for link watched words (#13251) 2021-06-03 11:36:07 +10:00
web_crawler_request_spec.rb
web_hook_event_spec.rb
web_hook_spec.rb DEV: Hash tokens stored from email_tokens (#14493) 2021-11-25 09:34:39 +02:00