Allow setting the session token manually

app/models/passwordless/session.rb

@@ -24,15 +24,20 @@ class Session < ApplicationRecord
 
  before_validation :set_defaults
 
- # save the token in memory so we can put it in emails but only save the
- # hashed version in the database
- attr_accessor :token
-
  scope(
  :available,
  lambda { where("expires_at > ?", Time.current) }
  )
 
+ # save the token in memory so we can put it in emails but only save the
+ # hashed version in the database
+ attr_reader :token
+
+ def token=(plaintext)
+ self.token_digest = Passwordless.digest(plaintext)
+ @token = (plaintext)
+ end
+
  def expired?
  expires_at <= Time.current
  end

test/models/passwordless/session_test.rb

@@ -68,6 +68,12 @@ def call(_session)
  Passwordless.token_generator = old_generator
  end
 
+ test("setting token manually") do
+ session = Session.new(token: "hi")
+ assert_equal "hi", session.token
+ assert_equal Passwordless.digest("hi"), session.token_digest
+ end
+
  test("with a custom expire at function") do
  custom_expire_at = Time.parse("01-01-2100").utc
  old_expires_at = Passwordless.expires_at