github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-24 01:58:12 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
fa8cd629f1
discourse/spec/services/user_activator_spec.rb
Dan Ungureanu fa8cd629f1
DEV: Hash tokens stored from email_tokens (#14493) 
This commit adds token_hash and scopes columns to email_tokens table.
token_hash is a replacement for the token column to avoid storing email
tokens in plaintext as it can pose a security risk. The new scope column
ensures that email tokens cannot be used to perform a different action
than the one intended.

To sum up, this commit:

* Adds token_hash and scope to email_tokens

* Reuses code that schedules critical_user_email

* Refactors EmailToken.confirm and EmailToken.atomic_confirm methods

* Periodically cleans old, unconfirmed or expired email tokens
2021-11-25 09:34:39 +02:00

24 lines
752 B
Ruby
Raw Blame History

# frozen_string_literal: true
require 'rails_helper'
describe UserActivator do
fab!(:user) { Fabricate(:user) }
let!(:email_token) { Fabricate(:email_token, user: user) }
describe 'email_activator' do
let(:activator) { EmailActivator.new(user, nil, nil, nil) }
it 'create email token and enqueues user email' do
now = freeze_time
activator.activate
email_token = user.reload.email_tokens.last
expect(email_token.created_at).to eq_time(now)
job_args = Jobs::CriticalUserEmail.jobs.last["args"].first
expect(job_args["user_id"]).to eq(user.id)
expect(job_args["type"]).to eq("signup")
expect(EmailToken.hash_token(job_args["email_token"])).to eq(email_token.token_hash)
end
end
end
Reference in New Issue View Git Blame Copy Permalink