Generating a unique token for invitation system. Anything I'm missing?

before_validation :generate_token, on: :create, if: :token_blank?

private

def generate_token
  self.token = SecureRandom.hex(32)
end

There’s a unique index on the database field itself (using migration) - but on the model this is all I have.

Anything I should add to make this more robust?

If you are using Rails 7.1, rails adds the method generates_token_for.

Your model could look like this:

class User < ActiveRecord::Base
  generates_token_for :invitation_token
end

You can get new token by calling:

token = User.first.generate_token_for(:invitation_token)

You can find a user by this token:

user = User.find_by_token_for(:invitation_token, token)

Note that you don’t have to create additional database field. The best part

Check: ActiveRecord::TokenFor::ClassMethods - Ruby on Rails API

2 Likes

Thank you, that worked beautifully! Bonus: no need for another database field!

You can use a GUID, it’s even a good idea. Just make sure your GUID generator is using a cryptographically secure random number generator.