dmails, emails: refactor to use Rails signed_id.

Refactor email verification links and Dmail share links to use the new Rails signed_id mechanism, rather than our own handrolled mechanism. For Dmail share links, we have to override some Rails internal methods so that our old links still work. For email verification links, this will invalidate existing links, but this isn't a huge deal since these links are short-lived anyway. https://api.rubyonrails.org/classes/ActiveRecord/SignedId.html https://api.rubyonrails.org/classes/ActiveRecord/SignedId/ClassMethods.html
2021-01-17 00:24:02 -06:00
parent 6ca007ee1f
commit 6671711784
7 changed files with 23 additions and 28 deletions
--- a/app/models/dmail.rb
+++ b/app/models/dmail.rb
@@ -109,16 +109,20 @@ class Dmail < ApplicationRecord
  end

  concerning :AuthorizationMethods do
-    def verifier
-      @verifier ||= Danbooru::MessageVerifier.new(:dmail_link)
+    class_methods do
+      # XXX hack so that rails' signed_id mechanism works with our pre-existing dmail keys.
+      # https://github.com/rails/rails/blob/main/activerecord/lib/active_record/signed_id.rb
+      def signed_id_verifier_secret
+        Rails.application.key_generator.generate_key("dmail_link")
+      end
+
+      def combine_signed_id_purposes(purpose)
+        purpose
+      end
    end

    def key
-      verifier.generate(id)
-    end
-
-    def valid_key?(key)
-      id == verifier.verified(key)
+      signed_id(purpose: "dmail_link")
    end
  end

--- a/app/models/email_address.rb
+++ b/app/models/email_address.rb
@@ -69,17 +69,7 @@ class EmailAddress < ApplicationRecord
    end
  end

-  concerning :VerificationMethods do
-    def verifier
-      @verifier ||= Danbooru::MessageVerifier.new(:email_verification_key)
-    end
-
-    def verification_key
-      verifier.generate(id)
-    end
-
-    def valid_key?(key)
-      id == verifier.verified(key)
-    end
+  def verification_key
+    signed_id(purpose: "verify")
  end
 end