discourse/spec
Dan Ungureanu fa8cd629f1
DEV: Hash tokens stored from email_tokens (#14493)
This commit adds token_hash and scopes columns to email_tokens table.
token_hash is a replacement for the token column to avoid storing email
tokens in plaintext as it can pose a security risk. The new scope column
ensures that email tokens cannot be used to perform a different action
than the one intended.

To sum up, this commit:

* Adds token_hash and scope to email_tokens

* Reuses code that schedules critical_user_email

* Refactors EmailToken.confirm and EmailToken.atomic_confirm methods

* Periodically cleans old, unconfirmed or expired email tokens
2021-11-25 09:34:39 +02:00
..
components DEV: Hash tokens stored from email_tokens (#14493) 2021-11-25 09:34:39 +02:00
fabricators DEV: Hash tokens stored from email_tokens (#14493) 2021-11-25 09:34:39 +02:00
fixtures FEATURE: Allow theme settings to request refresh (#15037) 2021-11-22 13:16:56 +01:00
helpers DEV: Remove xlink hrefs (#15059) 2021-11-25 15:22:43 +11:00
import_export FEATURE: Rake task to export groups (#9450) 2020-04-17 14:59:54 -07:00
initializers FEATURE: A low priority filter for the review queue. (#12822) 2021-04-23 15:34:24 -03:00
integration SECURITY: Ensure _forum_session cookies cannot be reused between sites (#14950) 2021-11-15 15:50:12 +00:00
integrity DEV: Fix a flaky Onceoff spec (#13314) 2021-06-07 20:38:31 +02:00
jobs DEV: Hash tokens stored from email_tokens (#14493) 2021-11-25 09:34:39 +02:00
lib DEV: Remove xlink hrefs (#15059) 2021-11-25 15:22:43 +11:00
mailers DEV: Hash tokens stored from email_tokens (#14493) 2021-11-25 09:34:39 +02:00
models DEV: Hash tokens stored from email_tokens (#14493) 2021-11-25 09:34:39 +02:00
multisite FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) 2021-11-17 23:27:30 +03:00
requests DEV: Hash tokens stored from email_tokens (#14493) 2021-11-25 09:34:39 +02:00
script/import_scripts DEV: If disabled do not change setting after import (#12142) 2021-02-19 09:33:35 -07:00
serializers FEATURE: Notify responders of post removal (#15049) 2021-11-24 09:28:20 -06:00
services DEV: Hash tokens stored from email_tokens (#14493) 2021-11-25 09:34:39 +02:00
support FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) 2021-11-17 23:27:30 +03:00
tasks FIX: remove migrate_from_s3 task that silently corrupts data (#11703) 2021-01-17 22:33:29 +01:00
views/omniauth_callbacks FEATURE: Use full page redirection for all external auth methods (#8092) 2019-10-08 12:10:43 +01:00
rails_helper.rb FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) 2021-11-17 23:27:30 +03:00
swagger_helper.rb DEV: Refactor the api docs for the user endpoint (#14377) 2021-09-20 10:04:57 -06:00