dmails, emails: refactor to use Rails signed_id.

Refactor email verification links and Dmail share links to use the new Rails signed_id mechanism, rather than our own handrolled mechanism. For Dmail share links, we have to override some Rails internal methods so that our old links still work. For email verification links, this will invalidate existing links, but this isn't a huge deal since these links are short-lived anyway. https://api.rubyonrails.org/classes/ActiveRecord/SignedId.html https://api.rubyonrails.org/classes/ActiveRecord/SignedId/ClassMethods.html
2021-01-17 00:24:02 -06:00
parent 6ca007ee1f
commit 6671711784
7 changed files with 23 additions and 28 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -99,6 +99,8 @@ class ApplicationController < ActionController::Base
      render_error_page(401, exception, template: "sessions/new")
    when ActionController::InvalidAuthenticityToken, ActionController::UnpermittedParameters, ActionController::InvalidCrossOriginRequest
      render_error_page(403, exception)
+    when ActiveSupport::MessageVerifier::InvalidSignature # raised by `find_signed!`
+      render_error_page(403, exception, template: "static/access_denied", message: "Access denied")
    when User::PrivilegeError, Pundit::NotAuthorizedError
      render_error_page(403, exception, template: "static/access_denied", message: "Access denied")
    when ActiveRecord::RecordNotFound
--- a/app/controllers/dmails_controller.rb
+++ b/app/controllers/dmails_controller.rb
@@ -20,7 +20,11 @@ class DmailsController < ApplicationController
  end

  def show
-    @dmail = authorize Dmail.find(params[:id])
+    if params[:key].present?
+      @dmail = Dmail.find_signed!(params[:key], purpose: "dmail_link")
+    else
+      @dmail = authorize Dmail.find(params[:id])
+    end

    if request.format.html? && @dmail.owner == CurrentUser.user
      @dmail.update!(is_read: true)
--- a/app/controllers/emails_controller.rb
+++ b/app/controllers/emails_controller.rb
@@ -48,8 +48,7 @@ class EmailsController < ApplicationController

    if @email_address.blank?
      redirect_to edit_user_email_path(@user)
-    elsif params[:email_verification_key].present?
-      authorize @email_address
+    elsif params[:email_verification_key].present? && @email_address == EmailAddress.find_signed!(params[:email_verification_key], purpose: "verify")
      @email_address.verify!
      flash[:notice] = "Email address verified"
      redirect_to @email_address.user