From 3589bd390123ed081fa19e41d52cb4bd6c7eb75f Mon Sep 17 00:00:00 2001
From: Rob Sterner <rob@prettygood.software>
Date: Sun, 14 Jan 2024 16:30:02 -0500
Subject: [PATCH] removes passwordless use from Registration, makes tokens
 longer for registration

---
 app/controllers/registrations_controller.rb |  2 +-
 app/models/registration.rb                  | 27 ++++++++++++++++++---
 config/credentials.yml.enc                  |  2 +-
 3 files changed, 25 insertions(+), 6 deletions(-)

diff --git a/app/controllers/registrations_controller.rb b/app/controllers/registrations_controller.rb
index b1bcd08e..565ce4ef 100644
--- a/app/controllers/registrations_controller.rb
+++ b/app/controllers/registrations_controller.rb
@@ -22,7 +22,7 @@ def create
   def register
     registration = Registration.find_by!(identifier: params[:id])
 
-    if registration.token_digest == Passwordless.digest(params[:token])
+    if registration.valid_token_digest?(params[:token])
       registration.register!
       sign_in(create_passwordless_session(registration.user))
       redirect_to root_url, notice: "Thanks for registering! You're now signed in."
diff --git a/app/models/registration.rb b/app/models/registration.rb
index 7a1f02b0..1b2d52c3 100644
--- a/app/models/registration.rb
+++ b/app/models/registration.rb
@@ -19,7 +19,7 @@ class RegistrationNotAvailableError < StandardError; end
   attr_reader :token
 
   def token=(plaintext)
-    self.token_digest = Passwordless.digest(plaintext)
+    self.token_digest = Registration.digest(plaintext)
     @token = (plaintext)
   end
 
@@ -51,21 +51,40 @@ def to_param
     identifier
   end
 
+  def valid_token_digest?(token_param)
+    token_digest == Registration.digest(token_param)
+  end
+
+  def self.digest(string)
+    key = ActiveSupport::KeyGenerator.new(
+      Rails.application.secret_key_base
+    ).generate_key(
+      Rails.application.credentials[Rails.env].registration_salt
+    )
+    OpenSSL::HMAC.hexdigest("SHA256", key, string)
+  end
+
   private
 
   def token_digest_available?(token_digest)
     Registration.available.where(token_digest: token_digest).none?
   end
 
+  def generate_token
+    token = SecureRandom.hex(16)
+  end
+
   def set_defaults
-    self.expires_at ||= Passwordless.config.expires_at.call
+    self.expires_at ||= 1.day.from_now
 
     return if self.token_digest
 
     self.token, self.token_digest = loop {
-      token = Passwordless.config.token_generator.call(self)
-      digest = Passwordless.digest(token)
+      token = generate_token
+      digest = Registration.digest(token)
       break [token, digest] if token_digest_available?(digest)
     }
   end
+
+
 end
diff --git a/config/credentials.yml.enc b/config/credentials.yml.enc
index e2efc3ac..b14ce58c 100644
--- a/config/credentials.yml.enc
+++ b/config/credentials.yml.enc
@@ -1 +1 @@
-GgOqOAJqIgoG5LRaRBpnJ+BrP/2o7NgBJJz5dfEvZfX4haoEYbrpDJ/2z/BK4Wd/TAg2q6LfYWrbA+mIa5NtPiIMrlj/R9wudydmTyKWkbyrycK1Ya3Iv7h82yxaMnHGi+iGkdd+A0Eh4vSynnIt56s4vTWriq9ac66vfG6WlRZEv6w6gucWpagkuU2uOsBl3DjlUOcIKBEnNb0u8DpCCVf/uIbXpwHCFpFwaoPiE7yY0WJ4I7xUbOi9xcixG5KUS0Ti49UfFiF5T/Y3HiCka7/43A4aagBF9QhRNW9wyFHmEJd0Cj6cQy8Xh97RLNrbKIQMq3z7YPq/rDcWJDE/PVhh89rp99oiZeVugsIRscT3L1dlAI1k9NLFZ6tPNv+9HGgBiMGmLs6RiZ5vlvb6FX4WU4bNgCtylDZyR4eND5gJDauzRuVS4BXi569wMmyjkZqJyUcZh7u7fbKPpekGodb8i6kFIgWSfBwRtqEqqS2W6QYREST29O6LhlRlaPlPeVDSUBNuEUUTp1nqoEME6Y4H/py6EIEZm+QxEHwonZ6WAsfwj3Pcuz6YC/jgK+JCq9gx9r+YMbYglnKLz+OfyVsegRDLG53sYtrjeXVyBd6VCDfxXqaGJUF8z9a8EsrzrsfiAQjJBl6NZbC7kaeGTRkeseZqdBq8yhT+WsCt846c9qBybiInhilveZrxDymEn8uIuBkq9+edr8Oyitmb7UruwCYacrv6F736nj/ZWhBJLhlEb2hCJrDK2Uszs0EO5qbymtiUjpWW72NHyS2i3ZTur1yHgi6JIr///4w3--swLBcs9IvMpKUnPm--/Eo3sHBCmBB3iQ2w3fQBmA==
\ No newline at end of file
+/rGt+PSGFN9AAycQfS9oO2RMmOB60yNA/BJoRYy4M2s+CNLpqEEH3o7Kkk6NBNudxPR/r/8FRsIjVt/izrc+01vRhb8ZUGhEGUn3/S+PdfjzO10PRCRjZtLhjzP+u6e5m2YAcBPJm2rQ+PJWWsdyaJ59Sr+3QNSpirKPW09pYuy/0IH4p311knXKbmmvjp6nRyO55U5JG7hwWsGqvXBdqH9Qw1Efysp8FwjU2FHlwvleJj2qkcVuhVTgtduczE1PlBiYSAjAcZY2VTbv6q/ZTwGOSQBX6HAxLMAO6c7O3FEC7wkCb4EWP14/1pVFUwE5Xp1UWF0JdfdIsbr5HLakvxAOefpkwH3FimFBNcKaoQ4DMER3oqobk/mR5cx1OY6ZOV2KSFtJfQHSe+a1JZncoLWTSVvR1rb6qaIuMDqVu9zpujnddteT5BzXacfYB4pOBmiKJ8qAs1LaLwkLVyJe3Xxx5R3oM/g3ZMJGMk2avM4xYjwhsbj21QSfpoyZhj+vbHxLhgBCRkpq/d/0ISz2Xf7cv8guZugR7JY3wM6Unun/nHompTZJOz9gih72M7cmTjt58iIWGnlCHjph8L75TwXGdeFw9UlPq+N3AML2/3f1qGRWv4HZZgMt6wG5Y5fyupWl4+PoXNawkeFBsAO2ktx6Tjv6VQV2jKwyq/j3DZeGK6riwhTz5fBHa276JOsJniI35AQx9AXMpHEb3TS15GU6QwCBtE5YeRi542Wo/88rK4WjLjBlEHYuyxAPORxhL151CX5GLmfJgNvaghWgWb/mCSt96TxVaIBtaaYMDvcepX+Uiz5hEHMlwDUsyHtm5LxQCj41spGWrlVaSmoWyvUzZkf/e94K3m49LuuwktErXeYO2iLSCoLYoqUm5Inbx2dasnhb9S9h3odZYoMus2Vx5zJP+/yHbf3Y4PEBw1ICjMoBaKw0UQfj3F8=--9pcJP4/b1Sw+PmTx--EWtQpBLASmfnJw6DT7ZEOA==
\ No newline at end of file