Contents

class RegistrationTokenValidation
  def self.before(controller)
    new(controller.dup)
  end

  def initialize(controller)
    @controller = controller.dup
    @token      = @controller.params.fetch(:registration_token, nil)
    @team_id    = @controller.params.fetch(:team_id, nil)

    if @token
      @controller.redirect_to(@controller.new_user_session_path) unless valid?
    end
  end

  def valid?
    !expired? && !owned? && resolves?
  end

private
  def team
    @team ||= Jobshop::Team.where(id: @team_id).first
  end

  def resolves?
    encrypted_token = Devise.token_generator.digest(
      Jobshop::Team, :registration_token, @token)

    # Notice how we use Devise.secure_compare to compare the token in the
    # database with the token given in the params, mitigating timing attacks.
    Devise.secure_compare(team.registration_token, encrypted_token)
  end

  def expired?
    @expired ||= !team.registration_token_period_valid?
  end

  def owned?
    @owned ||= team.owner.present?
  end
end

Version data entries

8 entries across 8 versions & 1 rubygems

Version	Path
jobshop-0.0.113	app/controllers/concerns/registration_token_validation.rb
jobshop-0.0.109	app/controllers/concerns/registration_token_validation.rb
jobshop-0.0.107	app/controllers/concerns/registration_token_validation.rb
jobshop-0.0.101	app/controllers/concerns/registration_token_validation.rb
jobshop-0.0.67	app/controllers/concerns/registration_token_validation.rb
jobshop-0.0.61	app/controllers/concerns/registration_token_validation.rb
jobshop-0.0.59	app/controllers/concerns/registration_token_validation.rb
jobshop-0.0.53	app/controllers/concerns/registration_token_validation.rb