Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hash emails #30

Merged
merged 6 commits into from
May 9, 2021
Merged

Hash emails #30

merged 6 commits into from
May 9, 2021

Conversation

wmurphyrd
Copy link
Member

No more storing plaintext emails.

  • Save an sha256 hash of the email,
  • Hash the input email before querying when doing password reset
  • Use the input email as the address for the email
  • Includes migration to hash all existing emails
  • Adds an explanatory note to the registration form with configurable link to email opt-in

@wmurphyrd
Copy link
Member Author

@quinn-madson word of warning on this one - this is the first PR with a new migration since I changed the setup to run migrations automatically on startup, so backup that local DB before testing this one

@quinn-madson quinn-madson merged commit 232c75d into roles May 9, 2021
@quinn-madson quinn-madson deleted the hash-emails branch May 9, 2021 21:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@quinn-madson quinn-madson quinn-madson approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@wmurphyrd @quinn-madson