mirror of
https://github.com/discourse/discourse.git
synced 2024-12-05 10:03:43 +08:00
fa8cd629f1
This commit adds token_hash and scopes columns to email_tokens table. token_hash is a replacement for the token column to avoid storing email tokens in plaintext as it can pose a security risk. The new scope column ensures that email tokens cannot be used to perform a different action than the one intended. To sum up, this commit: * Adds token_hash and scope to email_tokens * Reuses code that schedules critical_user_email * Refactors EmailToken.confirm and EmailToken.atomic_confirm methods * Periodically cleans old, unconfirmed or expired email tokens
110 lines
3.2 KiB
Ruby
110 lines
3.2 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
desc "invite an admin to this discourse instance"
|
|
task "admin:invite", [:email] => [:environment] do |_, args|
|
|
email = args[:email]
|
|
if !email || email !~ /@/
|
|
puts "ERROR: Expecting rake admin:invite[some@email.com]"
|
|
exit 1
|
|
end
|
|
|
|
unless user = User.find_by_email(email)
|
|
puts "Creating new account!"
|
|
user = User.new(email: email)
|
|
user.password = SecureRandom.hex
|
|
user.username = UserNameSuggester.suggest(user.email)
|
|
end
|
|
|
|
user.active = true
|
|
user.save!
|
|
|
|
puts "Granting admin!"
|
|
user.grant_admin!
|
|
if user.trust_level < 1
|
|
user.change_trust_level!(1)
|
|
end
|
|
|
|
user.email_tokens.update_all confirmed: true
|
|
|
|
puts "Sending email!"
|
|
email_token = user.email_tokens.create!(email: user.email, scope: EmailToken.scopes[:signup])
|
|
Jobs.enqueue(:user_email, type: :account_created, user_id: user.id, email_token: email_token.token)
|
|
end
|
|
|
|
desc "Creates a forum administrator"
|
|
task "admin:create" => :environment do
|
|
require 'highline/import'
|
|
|
|
begin
|
|
email = ask("Email: ")
|
|
existing_user = User.find_by_email(email)
|
|
|
|
# check if user account already exists
|
|
if existing_user
|
|
# user already exists, ask for password reset
|
|
admin = existing_user
|
|
reset_password = ask("User with this email already exists! Do you want to reset the password for this email? (Y/n) ")
|
|
if (reset_password == "" || reset_password.downcase == 'y')
|
|
begin
|
|
password = ask("Password: ") { |q| q.echo = false }
|
|
password_confirmation = ask("Repeat password: ") { |q| q.echo = false }
|
|
passwords_match = password == password_confirmation
|
|
|
|
say("Passwords don't match, try again...") unless passwords_match
|
|
end while !passwords_match
|
|
admin.password = password
|
|
end
|
|
else
|
|
# create new user
|
|
admin = User.new
|
|
admin.email = email
|
|
admin.username = UserNameSuggester.suggest(admin.email)
|
|
begin
|
|
if ENV["RANDOM_PASSWORD"] == "1"
|
|
password = password_confirmation = SecureRandom.hex
|
|
else
|
|
password = ask("Password: ") { |q| q.echo = false }
|
|
password_confirmation = ask("Repeat password: ") { |q| q.echo = false }
|
|
end
|
|
|
|
passwords_match = password == password_confirmation
|
|
|
|
say("Passwords don't match, try again...") unless passwords_match
|
|
end while !passwords_match
|
|
admin.password = password
|
|
end
|
|
|
|
if SiteSetting.full_name_required && admin.name.blank?
|
|
admin.name = ask("Full name: ")
|
|
end
|
|
|
|
# save/update user account
|
|
saved = admin.save
|
|
say(admin.errors.full_messages.join("\n")) unless saved
|
|
end while !saved
|
|
|
|
say "\nEnsuring account is active!"
|
|
admin.active = true
|
|
admin.save
|
|
|
|
if existing_user
|
|
say("\nAccount updated successfully!")
|
|
else
|
|
say("\nAccount created successfully with username #{admin.username}")
|
|
end
|
|
|
|
# grant admin privileges
|
|
grant_admin = ask("Do you want to grant Admin privileges to this account? (Y/n) ")
|
|
if (grant_admin == "" || grant_admin.downcase == 'y')
|
|
admin.grant_admin!
|
|
if admin.trust_level < 1
|
|
admin.change_trust_level!(1)
|
|
end
|
|
admin.email_tokens.update_all confirmed: true
|
|
admin.activate
|
|
|
|
say("\nYour account now has Admin privileges!")
|
|
end
|
|
|
|
end
|