mirror of
https://github.com/discourse/discourse.git
synced 2024-12-14 08:23:43 +08:00
fa8cd629f1
This commit adds token_hash and scopes columns to email_tokens table. token_hash is a replacement for the token column to avoid storing email tokens in plaintext as it can pose a security risk. The new scope column ensures that email tokens cannot be used to perform a different action than the one intended. To sum up, this commit: * Adds token_hash and scope to email_tokens * Reuses code that schedules critical_user_email * Refactors EmailToken.confirm and EmailToken.atomic_confirm methods * Periodically cleans old, unconfirmed or expired email tokens
89 lines
3.7 KiB
Plaintext
89 lines
3.7 KiB
Plaintext
<div id="simple-container">
|
|
<% if @done %>
|
|
<h2>
|
|
<%= t 'change_email.confirmed' %>
|
|
</h2>
|
|
<p>
|
|
<a class="btn" href="<%= path "/" %>"><%= t('change_email.please_continue', site_name: SiteSetting.title) %></a>
|
|
</p>
|
|
<% elsif @error %>
|
|
<div class='alert alert-error'>
|
|
<%= @error %>
|
|
</div>
|
|
<% else %>
|
|
<h2><%= t 'change_email.authorizing_new.title' %></h2>
|
|
<p>
|
|
<% if @change_request&.old_email %>
|
|
<%= t 'change_email.authorizing_new.description' %>
|
|
<% else %>
|
|
<%= t 'change_email.authorizing_new.description_add' %>
|
|
<% end %>
|
|
</p>
|
|
<p>
|
|
<%= @to_email %>
|
|
</p>
|
|
|
|
<%=form_tag(u_confirm_new_email_path, method: :put) do %>
|
|
<%= hidden_field_tag 'token', params[:token] %>
|
|
<%= hidden_field_tag 'second_factor_token', nil, id: 'security-key-credential' %>
|
|
<div id="security-key-error"></div>
|
|
|
|
<% if @show_invalid_second_factor_error %>
|
|
<div class='alert alert-error'><%= @invalid_second_factor_message %></div>
|
|
<% end %>
|
|
|
|
<% if @show_backup_codes %>
|
|
<div id="backup-second-factor-form" style="">
|
|
<%= hidden_field_tag 'second_factor_method', UserSecondFactor.methods[:backup_code] %>
|
|
<h3><%= t('login.second_factor_backup_title') %></h3>
|
|
<%= label_tag(:second_factor_token, t("login.second_factor_backup_description")) %>
|
|
<div><%= render 'common/second_factor_backup_input' %></div>
|
|
<%= submit_tag(t("submit"), class: "btn btn-primary") %>
|
|
</div>
|
|
<br/>
|
|
<%= link_to t("login.second_factor_toggle.totp"), show_backup: "false" %>
|
|
<br/>
|
|
<% elsif @show_security_key %>
|
|
<%= hidden_field_tag 'security_key_challenge', @security_key_challenge, id: 'security-key-challenge' %>
|
|
<%= hidden_field_tag 'second_factor_method', UserSecondFactor.methods[:security_key] %>
|
|
<%= hidden_field_tag 'security_key_allowed_credential_ids', @security_key_allowed_credential_ids.join(","), id: 'security-key-allowed-credential-ids' %>
|
|
<div id="security-key-form">
|
|
<h3><%= t('login.security_key_authenticate') %></h3>
|
|
<p><%= t('login.security_key_description') %></p>
|
|
<%= button_tag t('login.security_key_authenticate'), id: 'submit-security-key', class: 'btn btn-primary' %>
|
|
</div>
|
|
<br/>
|
|
<% if @show_second_factor %>
|
|
<%= link_to t("login.security_key_alternative"), show_totp: "true" %>
|
|
<% end %><br/>
|
|
<% if @backup_codes_enabled %>
|
|
<%= link_to t("login.second_factor_toggle.backup_code"), show_backup: "true" %>
|
|
<% end %>
|
|
<% elsif @show_second_factor %>
|
|
<div id="primary-second-factor-form">
|
|
<%= hidden_field_tag 'second_factor_method', UserSecondFactor.methods[:totp] %>
|
|
<h3><%= t('login.second_factor_title') %></h3>
|
|
<%= label_tag(:second_factor_token, t('login.second_factor_description')) %>
|
|
<div><%= render 'common/second_factor_text_field' %></div>
|
|
<%= submit_tag t('submit'), class: "btn btn-primary" %>
|
|
</div>
|
|
<br/>
|
|
<% if @backup_codes_enabled %>
|
|
<%= link_to t("login.second_factor_toggle.backup_code"), show_backup: "true" %>
|
|
<% end %>
|
|
<% else %>
|
|
<%= submit_tag t('change_email.confirm'), class: "btn btn-primary" %>
|
|
<% end %>
|
|
<%end%>
|
|
<% end%>
|
|
|
|
<%= preload_script "locales/#{I18n.locale}" %>
|
|
<%- if ExtraLocalesController.client_overrides_exist? %>
|
|
<%= preload_script_url ExtraLocalesController.url('overrides') %>
|
|
<%- end %>
|
|
<%= preload_script 'ember_jquery' %>
|
|
<%= preload_script "discourse/app/lib/webauthn" %>
|
|
<%= preload_script "confirm-new-email/confirm-new-email" %>
|
|
<%= preload_script "confirm-new-email/bootstrap" %>
|
|
</div>
|