Sha256: e9afc059e52c213e030e1070fe6fccf42a719fb58662d755d19d4f34821ae9f0

Contents?: true

Size: 1.38 KB

Versions: 12

Compression:

Stored size: 1.38 KB

Contents

class EmailTokenValidation
  def self.before(controller)
    @token = EmailToken.new(
      controller.params.fetch(:user_email, nil),
      controller.params.fetch(:email_authentication_token, nil)
    )

    if @token.valid?
      sign_out_current_scope
      sign_in token.user
      token.destroy
    end
  end

  class EmailToken
    attr_reader :token

    def initialize(email, token)
      @email, @token = email, token
    end

    def valid?
      present? && user && token && !expired? && secure_compare
    end

  private
    def present?
      @email.present? && @token.present?
    end

    def user
      @user ||= Jobshop::User.where(email: @email)
        .where.not(email_authentication_token_sent_at: nil).first
    end

    def destroy
      user.update({
        email_authentication_token:         nil,
        email_authentication_token_sent_at: nil
      })
    end

    def secure_compare
      # Notice how we use Devise.secure_compare to compare the token in the
      # database with the token given in the params, mitigating timing
      # attacks.
      Devise.secure_compare(user.email_authentication_token, token)
    end

    def expired?
      @expired ||= Time.now >= expires_on
    end

    def expires_on
      # TODO: Make token expiration configurable in initializers/jobshop.rb.
      @expires_on ||= user.email_authentication_token_sent_at + 6.hours
    end
  end
end

Version data entries

12 entries across 12 versions & 1 rubygems

Version Path
jobshop-0.0.163 app/controllers/concerns/email_token_validation.rb
jobshop-0.0.157 app/controllers/concerns/email_token_validation.rb
jobshop-0.0.131 app/controllers/concerns/email_token_validation.rb
jobshop-0.0.127 app/controllers/concerns/email_token_validation.rb
jobshop-0.0.113 app/controllers/concerns/email_token_validation.rb
jobshop-0.0.109 app/controllers/concerns/email_token_validation.rb
jobshop-0.0.107 app/controllers/concerns/email_token_validation.rb
jobshop-0.0.101 app/controllers/concerns/email_token_validation.rb
jobshop-0.0.67 app/controllers/concerns/email_token_validation.rb
jobshop-0.0.61 app/controllers/concerns/email_token_validation.rb
jobshop-0.0.59 app/controllers/concerns/email_token_validation.rb
jobshop-0.0.53 app/controllers/concerns/email_token_validation.rb