class ExpiringToken < ActiveRecord::Base belongs_to :user validates :user, :token, :expires_at, presence: true scope :active, -> { where(used_at: nil).where('expires_at > ?', Time.now) } def self.create_for_user(user) create!( user: user, token: SecureRandom.urlsafe_base64, expires_at: 15.minutes.from_now ) end def self.active_for_token(token) active.where(token: token).first end def use! raise "token #{token} already used at #{used_at}" if used_at self.used_at = Time.now save! end end