Skip to content

Regenerate submitter slug when recipient email/phone is changed #605

New issue
New issue
Open
Open
Regenerate submitter slug when recipient email/phone is changed#605
@StevieDrew

Description

@StevieDrew
StevieDrew
opened on Mar 3, 2026

Problem

When a submitter's email or phone is changed (reassigning a document to a different recipient), the signing slug
remains the same. This means the old recipient can still access the signing page via the old URL (/s/{slug}),
which is a security concern.

Expected Behavior

When a submitter's email or phone is updated from a previously set value, the slug should be regenerated so the old
signing link is automatically invalidated.

Proposed Solution

Add a before_save callback on the Submitter model that regenerates the slug when:

  • Email changes from a non-blank value (reassignment, not initial assignment)
  • Phone changes from a non-blank value

This approach centralizes the logic in the model so it works across all code paths (web UI, API, console) without
modifying any controllers.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions