Problem
When a submitter's email or phone is changed (reassigning a document to a different recipient), the signing slug
remains the same. This means the old recipient can still access the signing page via the old URL (/s/{slug}),
which is a security concern.
Expected Behavior
When a submitter's email or phone is updated from a previously set value, the slug should be regenerated so the old
signing link is automatically invalidated.
Proposed Solution
Add a before_save callback on the Submitter model that regenerates the slug when:
- Email changes from a non-blank value (reassignment, not initial assignment)
- Phone changes from a non-blank value
This approach centralizes the logic in the model so it works across all code paths (web UI, API, console) without
modifying any controllers.
Problem
When a submitter's email or phone is changed (reassigning a document to a different recipient), the signing slug
remains the same. This means the old recipient can still access the signing page via the old URL (
/s/{slug}),which is a security concern.
Expected Behavior
When a submitter's email or phone is updated from a previously set value, the slug should be regenerated so the old
signing link is automatically invalidated.
Proposed Solution
Add a
before_savecallback on theSubmittermodel that regenerates the slug when:This approach centralizes the logic in the model so it works across all code paths (web UI, API, console) without
modifying any controllers.