Allow user authentication from email links #858
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
nicoolas25
commented
May 23, 2021
Comment on lines
+71
to
+72
| current_user.anonymize! | ||
| sign_out current_user |
There was a problem hiding this comment.
I inverted those two lines, is that okay?
nicoolas25
commented
May 23, 2021
Comment on lines
+6
to
+7
| <% token = user.signed_id(purpose: "users.destroy", expires_in: 1.hour) %> | ||
| <%= button_to "Supprimer mon compte", profile_path(authentication_token: token), |
There was a problem hiding this comment.
Here is where the magic happens ✨
nicoolas25
force-pushed
the
unsubscribe-automated-emails
branch
from
f2652bf to
c95f44f
Compare
|
I had a flaky spec that I fixed in the last commit. While running the spec in a loop I had intermittent failures:
|
nicoolas25
commented
May 23, 2021
Comment on lines
+75
to
+81
| # This prevents flaky specs when the change in lat/lng is zero (1/200) | ||
| allow_any_instance_of(RandomizeCoordinatesService) | ||
| .to receive(:generate_random_delta) | ||
| .and_wrap_original do |method, *args| | ||
| original_result = method.call(*args) | ||
| original_result.zero? ? 0.001 : original_result | ||
| end |
There was a problem hiding this comment.
Another approach would be to update the randomness seed but it would impact the production code a bit too much so I went for this.
|
Je t'ai invité sur le repo. |
EmCousin
approved these changes
May 23, 2021
Co-authored-by: Emmanuel Cousin <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
As part of #829 I would like to authenticate users right from emails. This PR sets the foundations to do this.
So far we authenticated users using
matches' tokens orslot_alerts's tokens.Now we need
users' tokens: we need communication unrelated to any of the above events.Details
No functional changes should be part of this PR.
It adds a concern for controllers
UserAuthenticationViaSignedIdthat complements the usual devise/warden authentication using anauthentication_tokenbased on globalid.It creates a single partial to DRY those routes:
users#destroy,matches/users#destroy, andslot_alerts/users#destroy.Also DRY those views:
slot_alerts/users#edit, andmatches/users#edit... into
users/_confirm_destroy_message.The goal is to reuse
confirm_destroy_profile_pathfrom email and sign it with an authentication token.This
users#confirm_destroyaction looks like this:Poke @mininao as you authored the original issue.
The next steps are:
raketask to identify the appropriate usersconfirm_destroy_profile_pathwith an auth token