1 files changed, 78 insertions, 0 deletions
diff --git a/app/services/users/email_verification/validate_token_service.rb b/app/services/users/email_verification/validate_token_service.rb
new file mode 100644
index 00000000000..b1b34e94f49
--- /dev/null
+++ b/app/services/users/email_verification/validate_token_service.rb
@@ -0,0 +1,78 @@
+# frozen_string_literal: true
+
+module Users
+  module EmailVerification
+    class ValidateTokenService < EmailVerification::BaseService
+      include ActionView::Helpers::DateHelper
+
+      TOKEN_VALID_FOR_MINUTES = 60
+
+      def initialize(attr:, user:, token:)
+        super(attr: attr)
+
+        @user = user
+        @token = token
+      end
+
+      def execute
+        return failure(:rate_limited) if verification_rate_limited?
+        return failure(:invalid) unless valid?
+        return failure(:expired) if expired_token?
+
+        success
+      end
+
+      private
+
+      attr_reader :user
+
+      def verification_rate_limited?
+        Gitlab::ApplicationRateLimiter.throttled?(:email_verification, scope: user[attr])
+      end
+
+      def valid?
+        return false unless token.present?
+
+        Devise.secure_compare(user[attr], digest)
+      end
+
+      def expired_token?
+        generated_at = case attr
+                       when :unlock_token then user.locked_at
+                       when :confirmation_token then user.confirmation_sent_at
+                       end
+
+        generated_at < TOKEN_VALID_FOR_MINUTES.minutes.ago
+      end
+
+      def success
+        { status: :success }
+      end
+
+      def failure(reason)
+        {
+          status: :failure,
+          reason: reason,
+          message: failure_message(reason)
+        }
+      end
+
+      def failure_message(reason)
+        case reason
+        when :rate_limited
+          format(s_("IdentityVerification|You've reached the maximum amount of tries. "\
+             'Wait %{interval} or send a new code and try again.'), interval: email_verification_interval)
+        when :expired
+          s_('IdentityVerification|The code has expired. Send a new code and try again.')
+        when :invalid
+          s_('IdentityVerification|The code is incorrect. Enter it again, or send a new code.')
+        end
+      end
+
+      def email_verification_interval
+        interval_in_seconds = Gitlab::ApplicationRateLimiter.rate_limits[:email_verification][:interval]
+        distance_of_time_in_words(interval_in_seconds)
+      end
+    end
+  end
+end