forked from External/greenlight
GRN2-xx: Restructured email verification and password reset (#1444)
* Restructured email verification and password reset * Fixed issue with password reset Co-authored-by: Jesus Federico <jesus@123it.ca>
This commit is contained in:
Ahmad Farhat
GitHub
@ -29,7 +29,7 @@ class AccountActivationsController < ApplicationController
|
||||
# GET /account_activations/edit
|
||||
def edit
|
||||
# If the user exists and is not verified and provided the correct token
|
||||
if @user && !@user.activated? && @user.authenticated?(:activation, params[:token])
|
||||
if @user && !@user.activated?
|
||||
# Verify user
|
||||
@user.activate
|
||||
|
||||
@ -51,8 +51,7 @@ class AccountActivationsController < ApplicationController
|
||||
flash[:alert] = I18n.t("verify.already_verified")
|
||||
else
|
||||
# Resend
|
||||
@user.create_activation_token
|
||||
send_activation_email(@user)
|
||||
send_activation_email(@user, @user.create_activation_token)
|
||||
end
|
||||
|
||||
redirect_to root_path
|
||||
@ -61,7 +60,7 @@ class AccountActivationsController < ApplicationController
|
||||
private
|
||||
|
||||
def find_user
|
||||
@user = User.find_by!(activation_digest: User.digest(params[:token]), provider: @user_domain)
|
||||
@user = User.find_by!(activation_digest: User.hash_token(params[:token]), provider: @user_domain)
|
||||
end
|
||||
|
||||
def ensure_unauthenticated
|
||||
|
||||
@ -133,9 +133,7 @@ class AdminsController < ApplicationController
|
||||
|
||||
# GET /admins/reset
|
||||
def reset
|
||||
@user.create_reset_digest
|
||||
|
||||
send_password_reset_email(@user)
|
||||
send_password_reset_email(@user, @user.create_reset_digest)
|
||||
|
||||
if session[:prev_url].present?
|
||||
redirect_path = session[:prev_url]
|
||||
|
||||
@ -20,11 +20,11 @@ module Emailer
|
||||
extend ActiveSupport::Concern
|
||||
|
||||
# Sends account activation email.
|
||||
def send_activation_email(user)
|
||||
def send_activation_email(user, token)
|
||||
begin
|
||||
return unless Rails.configuration.enable_email_verification
|
||||
|
||||
UserMailer.verify_email(user, user_verification_link(user), @settings).deliver
|
||||
UserMailer.verify_email(user, user_verification_link(token), @settings).deliver
|
||||
rescue => e
|
||||
logger.error "Support: Error in email delivery: #{e}"
|
||||
flash[:alert] = I18n.t(params[:message], default: I18n.t("delivery_error"))
|
||||
@ -34,11 +34,11 @@ module Emailer
|
||||
end
|
||||
|
||||
# Sends password reset email.
|
||||
def send_password_reset_email(user)
|
||||
def send_password_reset_email(user, token)
|
||||
begin
|
||||
return unless Rails.configuration.enable_email_verification
|
||||
|
||||
UserMailer.password_reset(user, reset_link(user), @settings).deliver_now
|
||||
UserMailer.password_reset(user, reset_link(token), @settings).deliver_now
|
||||
rescue => e
|
||||
logger.error "Support: Error in email delivery: #{e}"
|
||||
flash[:alert] = I18n.t(params[:message], default: I18n.t("delivery_error"))
|
||||
@ -124,8 +124,8 @@ module Emailer
|
||||
private
|
||||
|
||||
# Returns the link the user needs to click to verify their account
|
||||
def user_verification_link(user)
|
||||
edit_account_activation_url(token: user.activation_token)
|
||||
def user_verification_link(token)
|
||||
edit_account_activation_url(token: token)
|
||||
end
|
||||
|
||||
def admin_emails
|
||||
@ -139,8 +139,8 @@ module Emailer
|
||||
admins.collect(&:email).join(",")
|
||||
end
|
||||
|
||||
def reset_link(user)
|
||||
edit_password_reset_url(user.reset_token)
|
||||
def reset_link(token)
|
||||
edit_password_reset_url(token)
|
||||
end
|
||||
|
||||
def invitation_link(token)
|
||||
|
||||
@ -21,7 +21,6 @@ class PasswordResetsController < ApplicationController
|
||||
|
||||
before_action :disable_password_reset, unless: -> { Rails.configuration.enable_email_verification }
|
||||
before_action :find_user, only: [:edit, :update]
|
||||
before_action :valid_user, only: [:edit, :update]
|
||||
before_action :check_expiration, only: [:edit, :update]
|
||||
|
||||
# POST /password_resets/new
|
||||
@ -34,8 +33,7 @@ class PasswordResetsController < ApplicationController
|
||||
# Check if user exists and throw an error if he doesn't
|
||||
@user = User.find_by!(email: params[:password_reset][:email].downcase, provider: @user_domain)
|
||||
|
||||
@user.create_reset_digest
|
||||
send_password_reset_email(@user)
|
||||
send_password_reset_email(@user, @user.create_reset_digest)
|
||||
redirect_to root_path
|
||||
rescue
|
||||
# User doesn't exist
|
||||
@ -68,7 +66,7 @@ class PasswordResetsController < ApplicationController
|
||||
private
|
||||
|
||||
def find_user
|
||||
@user = User.find_by(reset_digest: User.digest(params[:id]), provider: @user_domain)
|
||||
@user = User.find_by(reset_digest: User.hash_token(params[:id]), provider: @user_domain)
|
||||
end
|
||||
|
||||
def user_params
|
||||
@ -80,14 +78,6 @@ class PasswordResetsController < ApplicationController
|
||||
redirect_to new_password_reset_url, alert: I18n.t("expired_reset_token") if @user.password_reset_expired?
|
||||
end
|
||||
|
||||
# Confirms a valid user.
|
||||
def valid_user
|
||||
unless @user.authenticated?(:reset, params[:id])
|
||||
@user&.activate unless @user&.activated?
|
||||
redirect_to root_url
|
||||
end
|
||||
end
|
||||
|
||||
# Redirects to 404 if emails are not enabled
|
||||
def disable_password_reset
|
||||
redirect_to '/404'
|
||||
|
||||
@ -88,10 +88,7 @@ class SessionsController < ApplicationController
|
||||
# Check that the user is a Greenlight account
|
||||
return redirect_to(root_path, alert: I18n.t("invalid_login_method")) unless user.greenlight_account?
|
||||
# Check that the user has verified their account
|
||||
unless user.activated?
|
||||
user.create_activation_token
|
||||
return redirect_to(account_activation_path(token: user.activation_token))
|
||||
end
|
||||
return redirect_to(account_activation_path(token: user.create_activation_token)) unless user.activated?
|
||||
end
|
||||
|
||||
login(user)
|
||||
@ -247,8 +244,7 @@ class SessionsController < ApplicationController
|
||||
logger.info "Switching social account to local account for #{user.uid}"
|
||||
|
||||
# Send the user a reset password email
|
||||
user.create_reset_digest
|
||||
send_password_reset_email(user)
|
||||
send_password_reset_email(user, user.create_reset_digest)
|
||||
|
||||
# Overwrite the flash with a more descriptive message if successful
|
||||
flash[:success] = I18n.t("reset_password.auth_change") if flash[:success].present?
|
||||
|
||||
@ -58,9 +58,7 @@ class UsersController < ApplicationController
|
||||
# Sign in automatically if email verification is disabled or if user is already verified.
|
||||
login(@user) && return if !Rails.configuration.enable_email_verification || @user.email_verified
|
||||
|
||||
@user.create_activation_token
|
||||
|
||||
send_activation_email(@user)
|
||||
send_activation_email(@user, @user.create_activation_token)
|
||||
|
||||
redirect_to root_path
|
||||
end
|
||||
|
||||
@ -21,7 +21,6 @@ require 'bbb_api'
|
||||
class User < ApplicationRecord
|
||||
include Deleteable
|
||||
|
||||
attr_accessor :reset_token, :activation_token
|
||||
after_create :setup_user
|
||||
|
||||
before_save { email.try(:downcase!) }
|
||||
@ -110,24 +109,28 @@ class User < ApplicationRecord
|
||||
|
||||
# Activates an account and initialize a users main room
|
||||
def activate
|
||||
update_attributes(email_verified: true, activated_at: Time.zone.now)
|
||||
update_attributes(email_verified: true, activated_at: Time.zone.now, activation_digest: nil)
|
||||
end
|
||||
|
||||
def activated?
|
||||
Rails.configuration.enable_email_verification ? email_verified : true
|
||||
end
|
||||
|
||||
# Sets the password reset attributes.
|
||||
def create_reset_digest
|
||||
self.reset_token = User.new_token
|
||||
update_attributes(reset_digest: User.digest(reset_token), reset_sent_at: Time.zone.now)
|
||||
def self.hash_token(token)
|
||||
Digest::SHA2.hexdigest(token)
|
||||
end
|
||||
|
||||
# Returns true if the given token matches the digest.
|
||||
def authenticated?(attribute, token)
|
||||
digest = send("#{attribute}_digest")
|
||||
return false if digest.nil?
|
||||
digest == Digest::SHA256.base64digest(token)
|
||||
# Sets the password reset attributes.
|
||||
def create_reset_digest
|
||||
new_token = SecureRandom.urlsafe_base64
|
||||
update_attributes(reset_digest: User.hash_token(new_token), reset_sent_at: Time.zone.now)
|
||||
new_token
|
||||
end
|
||||
|
||||
def create_activation_token
|
||||
new_token = SecureRandom.urlsafe_base64
|
||||
update_attributes(activation_digest: User.hash_token(new_token))
|
||||
new_token
|
||||
end
|
||||
|
||||
# Return true if password reset link expires
|
||||
@ -158,11 +161,6 @@ class User < ApplicationRecord
|
||||
social_uid.nil?
|
||||
end
|
||||
|
||||
def create_activation_token
|
||||
self.activation_token = User.new_token
|
||||
update_attributes(activation_digest: User.digest(activation_token))
|
||||
end
|
||||
|
||||
def admin_of?(user, permission)
|
||||
has_correct_permission = highest_priority_role.get_permission(permission) && id != user.id
|
||||
|
||||
@ -171,15 +169,6 @@ class User < ApplicationRecord
|
||||
has_correct_permission && provider == user.provider && !user.has_role?(:super_admin)
|
||||
end
|
||||
|
||||
def self.digest(string)
|
||||
Digest::SHA256.base64digest(string)
|
||||
end
|
||||
|
||||
# Returns a random token.
|
||||
def self.new_token
|
||||
SecureRandom.urlsafe_base64
|
||||
end
|
||||
|
||||
# role functions
|
||||
def highest_priority_role
|
||||
roles.min_by(&:priority)
|
||||
|
||||
Reference in New Issue
Block a user