Add slug-based URLs for event registrations#1268
Merged
Conversation
Replace ID-based user-facing URLs with secure, unguessable slug tokens for event registrations. Slugs use SecureRandom.urlsafe_base64(16) for 128-bit entropy and are generated on create. - Add slug column with unique index and backfill rake task - Add /registration/:slug routes for show, resend, cancel, reactivate - Secure public registration form show with slug param instead of person_id - Pass slug as URL param on event show for guest "View your registration" - Replace De-register with cancel/reactivate flow on registration ticket - Extract shared _ticket partial, update mailers and profile links - Lock down /event_registrations/:id show to admin-only Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Update page_bg_class alignment spec: remove deleted event_registrations/show.html.erb, change public_registrations/show to "public", add events/registrations/show as "public" - Fix request specs to check HTTP 404 status instead of raise_error (Rails request specs catch RecordNotFound and return 404) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What is the goal of this PR and why is this important?
/event_registrations/123) with secure, unguessable slug tokens (/registration/abc123...) for event registrationsHow did you approach the change?
slugcolumn with unique index toevent_registrations, generated viaSecureRandom.urlsafe_base64(16)(128-bit entropy) on create/registration/:slugroutes for show, resend confirmation, cancel, and reactivate actions?reg=slugparam instead of guessableperson_id?reg=slugparam to display "View your registration" link and calendar links for guests_ticket.html.erbpartial for both admin and public registration views/event_registrations/:idshow to admin-onlybundle exec rake event_registrations:backfill_slugsUI Testing Checklist
/registration/:slugas guest — should show ticket/event_registrations/:idredirects non-admins (admin-only)?reg=slugparamAnything else to add?
ai/db-migratebundle exec rake event_registrations:backfill_slugs🤖 Generated with Claude Code