Do not write to users table email address columns#6474
Conversation
mitchellhenke
force-pushed
the
mitchellhenke/stop-saving-user-email-column
branch
from
6edfe68 to
7eb222d
Compare
mitchellhenke
force-pushed
the
mitchellhenke/stop-saving-user-email-column
branch
2 times, most recently
from
32637fc to
ef61f62
Compare
app/forms/reset_password_form.rb
Outdated
There was a problem hiding this comment.
Does this update all of the users email addresses with a confirmed at date, including unconfirmed ones? That may be a problem. A user could add an unconfirmed email, send a password reset to a confirmed email, then confirm all of their email addresses including the unconfirmed one by resetting their password.
I'm not sure what impact bumping the confirmed_at on the email address record has. Since we aren't doing it now it seems like it may be safe to leave off if we can't easily get to the email the reset password token was sent to.
There was a problem hiding this comment.
This is a part I'm trying to understand better, but I believe this is when you have an unconfirmed account, reset your password and then set the password, with the goal here being to set the account as confirmed.
This is stuff that would have previously been handled by the EmailAddressCallback here by setting confirmed_at on the user and setting the same value on the first email address.
The window is narrow, but I think we should probably only set it on the first email address (rather than all) like the callback and do all of this in a transaction to ensure things don't get weird in the time between checking the user has no confirmed emails in user.confirmed? and updating the confirmed_at.
There was a problem hiding this comment.
Oh boy, yeah that is gnarly
mitchellhenke
force-pushed
the
mitchellhenke/stop-saving-user-email-column
branch
2 times, most recently
from
5d77dae to
549b024
Compare
mitchellhenke
force-pushed
the
mitchellhenke/stop-saving-user-email-column
branch
from
549b024 to
e3035a3
Compare
mitchellhenke
force-pushed
the
mitchellhenke/stop-saving-user-email-column
branch
from
390c908 to
24dd67c
Compare
mitchellhenke
force-pushed
the
mitchellhenke/stop-saving-user-email-column
branch
from
24dd67c to
e61b5ac
Compare
changelog: Internal, Database, Do not write to users table email address columns
mitchellhenke
force-pushed
the
mitchellhenke/stop-saving-user-email-column
branch
from
4306d4b to
2d06320
Compare
…cept for callback This commit reverts a commit that stops writing to the email address table, but still removes the callback. This is necessary for us to be able to deploy in a 50/50 state. We need to stop running the callback then we can drop the email address columns. This reverts commit fdb359a.
3 participants
This has been retired for quite some time (almost 3 years), and it doesn't appear that we ever read
email_fingerprintorencrypted_email_addressfrom theuserstable since everything uses theemail_addressestable