The Universal email_token

Activation_code, password_reminder_token and more to come.

Strange code:

before_create :make_activation_token

def make_activation_code
  self.activation_code = Digest::SHA1.hexdigest( ...)
end

def forgot_password
  ...
  password_reset_token=Digest::SHA1.hexdigest(...)
end
#and so on...

Let the mailman handle the postbox keys
Stay with a simple email token. It is updated every time we send any activation/reset/verification mail so no user can perform two action with the same token or say ‘find’ an old token and then request a password reset.

#user.rb
def update_email_token
  update_attribute(:email_token,Digest::SHA1.hexdigest(..)
end

#user_mailer.rb
def setup_email(user)
  user.update_email_token
  ...
end

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

Michael Grosser, the Blog

Menu

The Universal email_token

Leave a Reply Cancel reply

Menu

Share this:

Like this:

Related

Leave a Reply Cancel reply