Sha256: 52d4df3f3ce4c46f00de68bccb0b24086efc870446730d3ef198ee122d9a404b
Contents?: true
Size: 1 KB
Versions: 2
Compression:
Stored size: 1 KB
Contents
class RegistrationTokenValidation
def self.before(controller)
new(controller.dup)
end
def initialize(controller)
@controller = controller
@token = @controller.params.fetch(:registration_token, nil)
@team_id = @controller.params.fetch(:team_id, nil)
if @token
@controller.redirect_to(@controller.new_user_session_path(team_id: @team_id)) unless valid?
end
end
def valid?
!expired? && !owned? && resolves?
end
private
def team
@team ||= Jobshop::Team.where(id: @team_id).first
end
def resolves?
encrypted_token = Devise.token_generator.digest(
Jobshop::Team, :registration_token, @token)
# Notice how we use Devise.secure_compare to compare the token in the
# database with the token given in the params, mitigating timing attacks.
Devise.secure_compare(team.registration_token, encrypted_token)
end
def expired?
@expired ||= !team.registration_token_period_valid?
end
def owned?
@owned ||= team.owner.present?
end
end
Version data entries
2 entries across 2 versions & 1 rubygems
| Version | Path |
|---|---|
| jobshop-0.0.131 | app/controllers/concerns/registration_token_validation.rb |
| jobshop-0.0.127 | app/controllers/concerns/registration_token_validation.rb |