GRN2-233: Made account activation & password reset links based on tokens only (#959)

* GRN2-233: Hiding email in verification link and password reset link * updating tests * removing uid from email verificaiton link * GRN2-233: modifying test cases * GRN2-233: Removing uid from password reset link * GRN2-233: Removed email_params and fixed "authenticated?" method * GRN2-233: Fixed error when trying to sign in unverified * GRN2-233: Changed how activation tokens are generated
2020-02-24 13:05:09 -05:00
parent b7aa5406ea
commit 03266730e8
10 changed files with 42 additions and 46 deletions
--- a/app/controllers/account_activations_controller.rb
+++ b/app/controllers/account_activations_controller.rb
@ -51,6 +51,7 @@ class AccountActivationsController < ApplicationController
      flash[:alert] = I18n.t("verify.already_verified")
    else
      # Resend
+      @user.create_activation_token
      send_activation_email(@user)
    end

@ -60,14 +61,10 @@ class AccountActivationsController < ApplicationController
  private

  def find_user
-    @user = User.find_by!(email: params[:email], provider: @user_domain)
+    @user = User.find_by!(activation_digest: User.digest(params[:token]), provider: @user_domain)
  end

  def ensure_unauthenticated
    redirect_to current_user.main_room if current_user
  end
-
-  def email_params
-    params.require(:email).permit(:email, :token)
-  end
 end