discourse/spec/services
Dan Ungureanu fa8cd629f1
DEV: Hash tokens stored from email_tokens (#14493)
This commit adds token_hash and scopes columns to email_tokens table.
token_hash is a replacement for the token column to avoid storing email
tokens in plaintext as it can pose a security risk. The new scope column
ensures that email tokens cannot be used to perform a different action
than the one intended.

To sum up, this commit:

* Adds token_hash and scope to email_tokens

* Reuses code that schedules critical_user_email

* Refactors EmailToken.confirm and EmailToken.atomic_confirm methods

* Periodically cleans old, unconfirmed or expired email tokens
2021-11-25 09:34:39 +02:00
..
anonymous_shadow_creator_spec.rb FIX: use allowlist and blocklist terminology (#10209) 2020-07-27 10:23:54 +10:00
auto_silence_spec.rb
badge_granter_spec.rb FIX: Don't grant sharing badges to users who don't exist (#13851) 2021-07-27 16:32:59 +10:00
color_scheme_revisor_spec.rb FEATURE: User selectable color schemes (#10544) 2020-08-28 10:36:52 -04:00
destroy_task_spec.rb DEV: Correct typos and spelling mistakes (#12812) 2021-05-21 11:43:47 +10:00
email_settings_exception_handler_spec.rb FEATURE: Improve group email settings UI (#13083) 2021-05-28 09:28:18 +10:00
email_settings_validator_spec.rb FEATURE: Improve group email settings UI (#13083) 2021-05-28 09:28:18 +10:00
email_style_updater_spec.rb FEATURE: support SCSS in custom email style 2019-10-23 15:42:37 -04:00
external_upload_manager_spec.rb FEATURE: Direct S3 multipart uploads for backups (#14736) 2021-11-11 08:25:31 +10:00
flag_sockpuppets_spec.rb FIX: use allowlist and blocklist terminology (#10209) 2020-07-27 10:23:54 +10:00
group_action_logger_spec.rb DEV: remove calls to guardian from GroupActionLogger (#13835) 2021-07-28 15:04:04 +04:00
group_mentions_updater_spec.rb Link website when reviewing users 2020-02-19 10:18:05 -05:00
group_message_spec.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
heat_settings_updater_spec.rb
inline_uploads_multisite_spec.rb DEV: Isolate multisite specs (#13634) 2021-07-07 18:57:42 +02:00
inline_uploads_spec.rb DEV: Isolate multisite specs (#13634) 2021-07-07 18:57:42 +02:00
notification_emailer_spec.rb FEATURE: Send an email notification when a post is approved. (#12665) 2021-04-12 12:08:23 -03:00
post_action_notifier_spec.rb FEATURE: Add setting to disable notifications for topic tags edits (#14794) 2021-11-02 13:53:21 -04:00
post_alerter_spec.rb FEATURE: Mention @here to notify users in topic (#14900) 2021-11-23 22:25:54 +02:00
post_owner_changer_spec.rb FIX: Changing the post owner didn't update the reply_to_user_id of replies (#13862) 2021-07-27 20:49:08 +02:00
push_notification_pusher_spec.rb DEV: Spec shouldn't depend on translation 2021-07-21 12:24:54 +08:00
random_topic_selector_spec.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
search_indexer_spec.rb DEV: Remove xlink hrefs (#15059) 2021-11-25 15:22:43 +11:00
site_settings_spec.rb DEV: Correct typos and spelling mistakes (#12812) 2021-05-21 11:43:47 +10:00
staff_action_logger_spec.rb FIX: Update only passed custom fields (#14357) 2021-09-17 13:37:56 +03:00
themes_spec.rb FIX: Include extra SCSS in child theme (#11952) 2021-02-03 11:02:53 -05:00
topic_status_updater_spec.rb FIX: Auto close topic from category settings based on topic created_at (#12082) 2021-02-17 07:51:39 +10:00
topic_timestamp_changer_spec.rb FIX: when updating timestamps on topic set a correct bump date (#13746) 2021-07-16 11:56:51 +04:00
trust_level_granter_spec.rb
user_activator_spec.rb DEV: Hash tokens stored from email_tokens (#14493) 2021-11-25 09:34:39 +02:00
user_anonymizer_spec.rb FIX: remove 'crawl_images' site setting (#14646) 2021-10-19 17:12:29 +05:30
user_authenticator_spec.rb FIX: Support Ruby 3 keyword arguments 2021-10-05 11:25:00 -04:00
user_destroyer_spec.rb FIX: remove invite based associated object (#12927) 2021-05-03 12:49:53 -04:00
user_merger_spec.rb DEV: don't merge email address if target user is not human. (#13915) 2021-08-03 10:04:35 +05:30
user_notification_schedule_processor_spec.rb DEV: Correct typos and spelling mistakes (#12812) 2021-05-21 11:43:47 +10:00
user_silencer_spec.rb FIX: Skip sending PM email for user silence (#12240) 2021-03-02 09:18:09 +10:00
user_updater_spec.rb FIX: User can change name when auth_overrides_name is enabled. 2021-07-28 14:40:57 +08:00
username_changer_spec.rb fix spec 2021-11-03 11:41:13 -04:00
username_checker_service_spec.rb
wildcard_domain_checker_spec.rb SECURITY: vulnerability in WildcardUrlChecker 2019-12-13 09:29:09 -05:00
wildcard_url_checker_spec.rb FIX: Allow any protocol in wildcard url checker (#8651) 2020-01-02 16:03:13 +00:00
word_watcher_spec.rb DEV: Correct typos and spelling mistakes (#12812) 2021-05-21 11:43:47 +10:00