From 788ff6fb60d579089eb3f5935494c2e79ff0354a Mon Sep 17 00:00:00 2001
From: Shubham Sangamnerkar <shubhamsangamnerkar9@gmail.com>
Date: Sat, 10 Nov 2018 01:38:10 +0530
Subject: [PATCH] Add helper generate and validate token (#3907)

* Added is_verified column to users with default value false

* added helper functions for generation and validation of tokens

* Delete 20181103114645_add_is_verified_to_users.rb

* Minor code fixes

* Added tests for implemented helper functions

* Added failing tests for helper functions

* Added test to make sure that a token is not validated 24 hours after gen

* Code quality changes
---
 app/models/user.rb     | 17 +++++++++++++++++
 test/unit/user_test.rb | 30 ++++++++++++++++++++++++++++++
 2 files changed, 47 insertions(+)

diff --git a/app/models/user.rb b/app/models/user.rb
index 36b70ffedf..337a0cc2a5 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -7,6 +7,7 @@ def validate(record)
 end
 
 class User < ActiveRecord::Base
+  include Utils
   self.table_name = 'rusers'
   alias_attribute :name, :username
 
@@ -416,6 +417,22 @@ def customize_digest(type)
     end
   end
 
+  def generate_token
+    user_id_and_time = { :id => id, :timestamp => Time.now }
+    encrypt(user_id_and_time)
+  end
+
+  def validate_token(token)
+    decrypted_data = decrypt(token)
+    if id != decrypted_data[:id]
+      return false
+    elsif (Time.now - decrypted_data[:timestamp]) / 1.hour > 24.0
+      return false
+    else
+      return true
+    end
+  end
+
   private
 
   def map_openid_registration(registration)
diff --git a/test/unit/user_test.rb b/test/unit/user_test.rb
index 35f5b07873..924c30bf60 100644
--- a/test/unit/user_test.rb
+++ b/test/unit/user_test.rb
@@ -1,6 +1,7 @@
 require 'test_helper'
 
 class UserTest < ActiveSupport::TestCase
+  include Utils
   test 'user creation' do
     user = User.new(username: 'chris',
                     password: 'godzillas',
@@ -220,4 +221,33 @@ class UserTest < ActiveSupport::TestCase
     #as the username as "jeff" exists, hence username = "jeff" + 2 digit alphanumeric code will be created
     assert_not_equal jeffrey.username, "jeff"
   end
+
+  test 'generate token and validate token correctness test' do
+    user_obj = User.first
+    generated_token = user_obj.generate_token
+    assert_equal user_obj.validate_token(generated_token), true
+  end
+
+  test 'do not verify users email if the token is not generated for him' do
+    all_users = User.where("id<?", 3)
+    generated_token = all_users[0].generate_token
+    if all_users.length > 1
+      assert_not_equal all_users[1].validate_token(generated_token), true
+    end
+  end
+
+  test 'raise exception upon invalid token' do
+    user_obj = User.first
+    generated_token = user_obj.generate_token
+    generated_token = generated_token[2,generated_token.length]
+    assert_raise do
+      user_obj.validate_token(generated_token)
+    end
+  end
+
+  test 'do not validate email if token has expired' do
+    user_obj = User.first
+    assert_not_equal user_obj.validate_token(encrypt({:id => user_obj.id, :timestamp => Time.now - (24*60*60+1)})), true
+  end
+
 end