Ensure signed tokens exist during rollout

Until all existing pengin signatures have been verified it's possible
that signed_token may be nil so generate it dynamically if it's not
been set. This ensures that anyone following the verify link sees the
signed page and any existing sharing of a signed link with a token in
the url gets redirected to the petition page.

Author: pixeltrix

app/models/signature.rb

@@ -374,6 +374,10 @@ def validate!(now = Time.current)
           attributes[:constituency_id] = new_constituency_id
         end
 
+        unless signed_token?
+          attributes[:signed_token] = Authlogic::Random.friendly_token
+        end
+
         update_columns(attributes)
       end
     end
@@ -447,6 +451,10 @@ def constituency
     end
   end
 
+  def signed_token
+    super || generate_and_save_signed_token
+  end
+
   def get_email_sent_at_for(timestamp)
     self[column_name_for(timestamp)]
   end
@@ -488,6 +496,20 @@ def generate_uuid
     Digest::UUID.uuid_v5(Digest::UUID::URL_NAMESPACE, "mailto:#{email}")
   end
 
+  def generate_and_save_signed_token
+    token = Authlogic::Random.friendly_token
+
+    retry_lock do
+      if signed_token?
+        token = read_attribute(:signed_token)
+      else
+        update_column(:signed_token, token)
+      end
+    end
+
+    token
+  end
+
   def column_name_for(timestamp)
     self.class.column_name_for(timestamp)
   end

spec/models/signature_spec.rb

@@ -1274,6 +1274,16 @@
         expect{ signature.validate! }.to change{ petition.reload.signature_count }.by(0)
       end
 
+      it "generates a signed_token if it's missing" do
+        signature.update_column(:signed_token, nil)
+
+        expect {
+          signature.validate!
+        }.to change {
+          signature.reload[:signed_token]
+        }.from(nil).to(be_present)
+      end
+
       it 'tells the relevant constituency petition journal to record a new signature' do
         expect(ConstituencyPetitionJournal).to receive(:record_new_signature_for).with(signature)
         signature.validate!
@@ -1697,6 +1707,38 @@
     end
   end
 
+  describe "#signed_token" do
+    let(:signature) { FactoryBot.create(:validated_signature) }
+
+    context "when the underlying column is nil" do
+      before do
+        signature.update_column(:signed_token, nil)
+      end
+
+      it "generates and saves a new token" do
+        expect {
+          signature.signed_token
+        }.to change {
+          signature.reload[:signed_token]
+        }.from(nil).to(be_present)
+      end
+    end
+
+    context "when another process has updated the column" do
+      let(:token) { Authlogic::Random.friendly_token }
+
+      before do
+        signature.update_column(:signed_token, nil)
+      end
+
+      it "returns the token from the database" do
+        expect(signature).to receive(:signed_token?).and_return(true)
+        expect(signature).to receive(:read_attribute).with(:signed_token).and_return(token)
+        expect(signature.signed_token).to eq(token)
+      end
+    end
+  end
+
   describe 'email sent timestamps' do
     describe '#get_email_sent_at_for' do
       let(:signature) { FactoryBot.create(:validated_signature) }