Class: StandardId::PasswordResetDeliveryJob

Inherits:

ApplicationJob

• Object
• ActiveJob::Base
• ApplicationJob
• StandardId::PasswordResetDeliveryJob

Defined in:

app/jobs/standard_id/password_reset_delivery_job.rb

Overview

Handles the full password-reset email delivery pipeline asynchronously.

Running this work in a job (rather than inline in the request) eliminates the timing side-channel that would otherwise leak whether an account exists for a given email: every request enqueues the same job, so the synchronous request path is constant-time regardless of account state.

Instance Method Summary

• #perform(email:, reset_url_template:) ⇒ Object

Instance Method Details

#perform(email:, reset_url_template:) ⇒ Object

Parameters:

• email (String) —

  the raw email submitted by the user

• reset_url_template (String) —

  URL with a literal “token” placeholder that the job will substitute with the generated reset token

# File 'app/jobs/standard_id/password_reset_delivery_job.rb', line 14

def perform(email:, reset_url_template:)
  normalized = email.to_s.strip.downcase
  return if normalized.blank?

  identifier = StandardId::EmailIdentifier.find_by(value: normalized)
  return if identifier.nil?

  password_credential = identifier.account
    &.credentials
    &.where(credentialable_type: "StandardId::PasswordCredential")
    &.first
    &.credentialable
  return if password_credential.nil?

  token = password_credential.generate_token_for(:password_reset)
  return if token.blank?

  reset_url = reset_url_template.to_s.sub("{token}", token)

  StandardId::Events.publish(
    StandardId::Events::CREDENTIAL_PASSWORD_RESET_INITIATED,
    account: identifier.account,
    identifier: normalized,
    token: token,
    reset_url: reset_url
  )
end