Use Bluesky PDS email code format

futurGH · futurGH · commit 3a3d6d5025d8 · 2025-12-27T20:29:55.000-05:00
diff --git a/frontend/src/templates/AccountPage.mlx b/frontend/src/templates/AccountPage.mlx
@@ -252,7 +252,7 @@ let[@react.component] make
 		                            <Input
 		                                name="token"
 		                                label="Verification code"
-		                                placeholder="eml-..."
+		                                placeholder="A1B2C-3D4E5"
 			                            required=true
 			                            showIndicator=false
 		                                value=emailTokenInput
@@ -416,7 +416,7 @@ let[@react.component] make
                               <Input
                                   name="email_token"
                                   label="Confirmation code"
-                                  placeholder="eml-..."
+                                  placeholder="A1B2C-3D4E5"
                                   showIndicator=false
                                   value=confirmEmailTokenInput
                                   onChange=(fun e ->
diff --git a/pegasus/lib/api/account_/index.ml b/pegasus/lib/api/account_/index.ml
@@ -7,15 +7,15 @@ let has_valid_delete_code (actor : Data_store.Types.actor) =
 
 let has_valid_email_change_code (actor : Data_store.Types.actor) =
   match (actor.auth_code, actor.auth_code_expires_at, actor.pending_email) with
-  | Some code, Some expires_at, Some _ ->
-      String.starts_with ~prefix:"eml-" code && expires_at > Util.now_ms ()
+  | Some _, Some expires_at, Some _ ->
+      expires_at > Util.now_ms ()
   | _ ->
       false
 
 let has_valid_email_confirmation_code (actor : Data_store.Types.actor) =
   match (actor.auth_code, actor.auth_code_expires_at, actor.pending_email) with
-  | Some code, Some expires_at, None ->
-      String.starts_with ~prefix:"eml-" code && expires_at > Util.now_ms ()
+  | Some _, Some expires_at, None ->
+      expires_at > Util.now_ms ()
   | _ ->
       false
 
diff --git a/pegasus/lib/api/identity/requestPlcOperationSignature.ml b/pegasus/lib/api/identity/requestPlcOperationSignature.ml
@@ -1,13 +1,7 @@
 let handler =
   Xrpc.handler ~auth:Authorization (fun {auth; db; _} ->
       let did = Auth.get_authed_did_exn auth in
-      let code =
-        "plc-"
-        ^ String.sub
-            Digestif.SHA256.(
-              digest_string (did ^ Int.to_string @@ Util.now_ms ()) |> to_hex )
-            0 8
-      in
+      let code = Util.make_code () in
       let expires_at = Util.now_ms () + (60 * 60 * 1000) in
       let%lwt () = Data_store.set_auth_code ~did ~code ~expires_at db in
       let%lwt {email; handle; _} =
diff --git a/pegasus/lib/api/identity/signPlcOperation.ml b/pegasus/lib/api/identity/signPlcOperation.ml
@@ -22,9 +22,7 @@ let handler =
       | Some actor -> (
         match (actor.auth_code, actor.auth_code_expires_at) with
         | Some auth_code, Some auth_expires_at
-          when String.starts_with ~prefix:"plc-" auth_code
-               && input.token = auth_code
-               && Util.now_ms () < auth_expires_at -> (
+          when input.token = auth_code && Util.now_ms () < auth_expires_at -> (
           match%lwt Plc.get_audit_log did with
           | Ok log ->
               let latest = Mist.Util.last log |> Option.get in
diff --git a/pegasus/lib/api/server/confirmEmail.ml b/pegasus/lib/api/server/confirmEmail.ml
@@ -10,9 +10,7 @@ let confirm_email ~email ~token (actor : Data_store.Types.actor) db =
   else
     match (actor.auth_code, actor.auth_code_expires_at) with
     | Some auth_code, Some expires_at
-      when String.starts_with ~prefix:"eml-" auth_code
-           && auth_code = token
-           && Util.now_ms () < expires_at ->
+      when auth_code = token && Util.now_ms () < expires_at ->
         let%lwt () = Data_store.confirm_email ~did:actor.did db in
         Lwt.return_ok ()
     | Some _, Some expires_at when Util.now_ms () >= expires_at ->
diff --git a/pegasus/lib/api/server/requestEmailConfirmation.ml b/pegasus/lib/api/server/requestEmailConfirmation.ml
@@ -5,14 +5,7 @@ let request_email_confirmation (actor : Data_store.Types.actor) db =
   | Some _ ->
       Lwt.return_error AlreadyConfirmed
   | None ->
-      let code =
-        "eml-"
-        ^ String.sub
-            Digestif.SHA256.(
-              digest_string (actor.did ^ Int.to_string @@ Util.now_ms ())
-              |> to_hex )
-            0 8
-      in
+      let code = Util.make_code () in
       let expires_at = Util.now_ms () + (10 * 60 * 1000) in
       let%lwt () =
         Data_store.set_auth_code ~did:actor.did ~code ~expires_at db
diff --git a/pegasus/lib/api/server/requestEmailUpdate.ml b/pegasus/lib/api/server/requestEmailUpdate.ml
@@ -8,13 +8,7 @@ let request_email_update ?pending_email (actor : Data_store.Types.actor) db =
   let%lwt () =
     if token_required then
       let did = actor.did in
-      let code =
-        "eml-"
-        ^ String.sub
-            Digestif.SHA256.(
-              digest_string (did ^ Int.to_string @@ Util.now_ms ()) |> to_hex )
-            0 8
-      in
+      let code = Util.make_code () in
       let expires_at = Util.now_ms () + (10 * 60 * 1000) in
       let%lwt () =
         match pending_email with
diff --git a/pegasus/lib/api/server/updateEmail.ml b/pegasus/lib/api/server/updateEmail.ml
@@ -29,9 +29,7 @@ let update_email ?email ~token (actor : Data_store.Types.actor) db =
       | Some token -> (
         match (actor.auth_code, actor.auth_code_expires_at) with
         | Some auth_code, Some expires_at
-          when String.starts_with ~prefix:"eml-" auth_code
-               && auth_code = token
-               && Util.now_ms () < expires_at ->
+          when auth_code = token && Util.now_ms () < expires_at ->
             let%lwt () = Data_store.update_email ~did ~email db in
             Lwt.return_ok email
         | Some _, Some expires_at when Util.now_ms () >= expires_at ->
diff --git a/pegasus/lib/util.ml b/pegasus/lib/util.ml
@@ -467,6 +467,18 @@ let str_contains ~affix str =
     true
   with Not_found -> false
 
+let make_code () =
+  let () = Random.self_init () in
+  let chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" in
+  let len = String.length chars in
+  let s = Bytes.create 10 in
+  for i = 0 to 9 do
+    let random_index = Random.int len in
+    Bytes.set s i chars.[random_index]
+  done ;
+  let str = Bytes.to_string s in
+  String.sub str 0 5 ^ "-" ^ String.sub str 5 5
+
 module type Template = sig
   type props
 
