# authenticate per-scheme
self.current_user = if username.nil?
nil # no authentication provided - perhaps first connect (client should retry after 401)
- elsif username == "token"
- User.authenticate(:token => passwd) # preferred - random token for user from db, passed in basic auth
else
User.authenticate(:username => username, :password => passwd) # basic auth
end
redirect_to :controller => "users", :action => "terms", :referer => request.fullpath
end
end
- elsif session[:token]
- session[:user] = current_user.id if self.current_user = User.authenticate(:token => session[:token])
end
session[:fingerprint] = current_user.fingerprint if current_user && session[:fingerprint].nil?
def confirm
if request.post?
- token = params[:confirm_string]
-
- user = User.find_by_token_for(:new_user, token) ||
- UserToken.unexpired.find_by(:token => token)&.user
+ user = User.find_by_token_for(:new_user, params[:confirm_string])
if !user
flash[:error] = t(".unknown token")
flash[:notice] = gravatar_status_message(user) if gravatar_enable(user)
user.save!
referer = safe_referer(params[:referer]) if params[:referer]
- UserToken.delete_by(:token => token)
pending_user = session.delete(:pending_user)
def confirm_email
if request.post?
- token = params[:confirm_string]
-
- self.current_user = User.find_by_token_for(:new_email, token) ||
- UserToken.unexpired.find_by(:token => params[:confirm_string])&.user
+ self.current_user = User.find_by_token_for(:new_email, params[:confirm_string])
if current_user&.new_email?
current_user.email = current_user.new_email
else
flash[:errors] = current_user.errors
end
- current_user.tokens.delete_all
session[:user] = current_user.id
session[:fingerprint] = current_user.fingerprint
elsif current_user
@title = t ".title"
if params[:token]
- self.current_user = User.find_by_token_for(:password_reset, params[:token]) ||
- UserToken.unexpired.find_by(:token => params[:token])&.user
+ self.current_user = User.find_by_token_for(:password_reset, params[:token])
if current_user.nil?
flash[:error] = t ".flash token bad"
def update
if params[:token]
- self.current_user = User.find_by_token_for(:password_reset, params[:token]) ||
- UserToken.unexpired.find_by(:token => params[:token])&.user
+ self.current_user = User.find_by_token_for(:password_reset, params[:token])
if current_user
if params[:user]
current_user.email_valid = true
if current_user.save
- UserToken.delete_by(:token => params[:token])
session[:fingerprint] = current_user.fingerprint
flash[:notice] = t ".flash changed"
successful_login(current_user)
has_many :muted_messages, -> { where(:to_user_visible => true, :muted => true).order(:sent_on => :desc).preload(:sender, :recipient) }, :class_name => "Message", :foreign_key => :to_user_id
has_many :friendships, -> { joins(:befriendee).where(:users => { :status => %w[active confirmed] }) }
has_many :friends, :through => :friendships, :source => :befriendee
- has_many :tokens, :class_name => "UserToken", :dependent => :destroy
has_many :preferences, :class_name => "UserPreference"
has_many :changesets, -> { order(:created_at => :desc) }, :inverse_of => :user
has_many :changeset_comments, :foreign_key => :author_id, :inverse_of => :author
else
user = nil
end
- elsif options[:token]
- token = UserToken.find_by(:token => options[:token])
- user = token.user if token
end
if user &&
user = nil
end
- token.update(:expiry => 1.week.from_now) if token && user
-
user
end
+++ /dev/null
-# == Schema Information
-#
-# Table name: user_tokens
-#
-# id :bigint(8) not null, primary key
-# user_id :bigint(8) not null
-# token :string not null
-# expiry :datetime not null
-# referer :text
-#
-# Indexes
-#
-# user_tokens_token_idx (token) UNIQUE
-# user_tokens_user_id_idx (user_id)
-#
-# Foreign Keys
-#
-# user_tokens_user_id_fkey (user_id => users.id)
-#
-
-class UserToken < ApplicationRecord
- belongs_to :user
-
- scope :unexpired, -> { where("expiry >= now()") }
-
- after_initialize :set_defaults
-
- def expired?
- expiry < Time.now.utc
- end
-
- private
-
- def set_defaults
- self.token = OSM.make_token if token.blank?
- self.expiry = 1.week.from_now if expiry.blank?
- end
-end
--- /dev/null
+class DropUserTokens < ActiveRecord::Migration[7.1]
+ def up
+ drop_table :user_tokens
+ end
+end
ALTER SEQUENCE public.user_roles_id_seq OWNED BY public.user_roles.id;
---
--- Name: user_tokens; Type: TABLE; Schema: public; Owner: -
---
-
-CREATE TABLE public.user_tokens (
- id bigint NOT NULL,
- user_id bigint NOT NULL,
- token character varying NOT NULL,
- expiry timestamp without time zone NOT NULL,
- referer text
-);
-
-
---
--- Name: user_tokens_id_seq; Type: SEQUENCE; Schema: public; Owner: -
---
-
-CREATE SEQUENCE public.user_tokens_id_seq
- START WITH 1
- INCREMENT BY 1
- NO MINVALUE
- NO MAXVALUE
- CACHE 1;
-
-
---
--- Name: user_tokens_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: -
---
-
-ALTER SEQUENCE public.user_tokens_id_seq OWNED BY public.user_tokens.id;
-
-
--
-- Name: users; Type: TABLE; Schema: public; Owner: -
--
ALTER TABLE ONLY public.user_roles ALTER COLUMN id SET DEFAULT nextval('public.user_roles_id_seq'::regclass);
---
--- Name: user_tokens id; Type: DEFAULT; Schema: public; Owner: -
---
-
-ALTER TABLE ONLY public.user_tokens ALTER COLUMN id SET DEFAULT nextval('public.user_tokens_id_seq'::regclass);
-
-
--
-- Name: users id; Type: DEFAULT; Schema: public; Owner: -
--
ADD CONSTRAINT user_roles_pkey PRIMARY KEY (id);
---
--- Name: user_tokens user_tokens_pkey; Type: CONSTRAINT; Schema: public; Owner: -
---
-
-ALTER TABLE ONLY public.user_tokens
- ADD CONSTRAINT user_tokens_pkey PRIMARY KEY (id);
-
-
--
-- Name: users users_pkey; Type: CONSTRAINT; Schema: public; Owner: -
--
CREATE UNIQUE INDEX user_roles_id_role_unique ON public.user_roles USING btree (user_id, role);
---
--- Name: user_tokens_token_idx; Type: INDEX; Schema: public; Owner: -
---
-
-CREATE UNIQUE INDEX user_tokens_token_idx ON public.user_tokens USING btree (token);
-
-
---
--- Name: user_tokens_user_id_idx; Type: INDEX; Schema: public; Owner: -
---
-
-CREATE INDEX user_tokens_user_id_idx ON public.user_tokens USING btree (user_id);
-
-
--
-- Name: users_auth_idx; Type: INDEX; Schema: public; Owner: -
--
ADD CONSTRAINT user_roles_user_id_fkey FOREIGN KEY (user_id) REFERENCES public.users(id);
---
--- Name: user_tokens user_tokens_user_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: -
---
-
-ALTER TABLE ONLY public.user_tokens
- ADD CONSTRAINT user_tokens_user_id_fkey FOREIGN KEY (user_id) REFERENCES public.users(id);
-
-
--
-- Name: way_nodes way_nodes_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: -
--
('23'),
('22'),
('21'),
+('20240228205723'),
('20240117185445'),
('20231213182102'),
('20231206141457'),
require File.join(File.dirname(__FILE__), "..", "config", "environment")
-UserToken.where("expiry < NOW()").delete_all
OauthNonce.where("timestamp < EXTRACT(EPOCH FROM NOW() - INTERVAL '1 day')").delete_all
OauthToken.where("invalidated_at < NOW() - INTERVAL '28 days'").delete_all
RequestToken.where("authorized_at IS NULL AND created_at < NOW() - INTERVAL '28 days'").delete_all
+++ /dev/null
-require "test_helper"
-
-class UserTokenTest < ActiveSupport::TestCase
-end
projects / rails.git / commitdiff