mirror of
https://github.com/discourse/discourse.git
synced 2024-12-12 23:46:30 +08:00
fa8cd629f1
This commit adds token_hash and scopes columns to email_tokens table. token_hash is a replacement for the token column to avoid storing email tokens in plaintext as it can pose a security risk. The new scope column ensures that email tokens cannot be used to perform a different action than the one intended. To sum up, this commit: * Adds token_hash and scope to email_tokens * Reuses code that schedules critical_user_email * Refactors EmailToken.confirm and EmailToken.atomic_confirm methods * Periodically cleans old, unconfirmed or expired email tokens
24 lines
752 B
Ruby
24 lines
752 B
Ruby
# frozen_string_literal: true
|
|
|
|
require 'rails_helper'
|
|
|
|
describe UserActivator do
|
|
fab!(:user) { Fabricate(:user) }
|
|
let!(:email_token) { Fabricate(:email_token, user: user) }
|
|
|
|
describe 'email_activator' do
|
|
let(:activator) { EmailActivator.new(user, nil, nil, nil) }
|
|
|
|
it 'create email token and enqueues user email' do
|
|
now = freeze_time
|
|
activator.activate
|
|
email_token = user.reload.email_tokens.last
|
|
expect(email_token.created_at).to eq_time(now)
|
|
job_args = Jobs::CriticalUserEmail.jobs.last["args"].first
|
|
expect(job_args["user_id"]).to eq(user.id)
|
|
expect(job_args["type"]).to eq("signup")
|
|
expect(EmailToken.hash_token(job_args["email_token"])).to eq(email_token.token_hash)
|
|
end
|
|
end
|
|
end
|