Remove the PostgreSQL random_string function

[LawnGnome]

random_string is implemented in terms of the built-in PostgreSQL random function, which is explicitly documented as not to be relied upon for anything security-sensitive. While we migrated API token generation to use a more secure alternative several years ago, e-mail verification and crate invitation tokens are still generated using random_string.

In practice, I'm not terribly concerned about this (hence why I'm opening it as a regular PR and not via the GitHub security features), but we may as well clean this up. I've basically done this the same way API tokens are implemented: by creating a new GenericToken type that re-uses the same generator as API tokens, and implements the right traits to be used as a field type directly with Diesel.

One user-visible change here is that tokens created after this is deployed will be 32 characters instead of 26, but I think that's fine. (We could change GenericToken::generate to take a length, but that feels unnecessary.)

[Turbo87]

out of curiosity, is this a mythical PR?

[LawnGnome]

out of curiosity, is this a mythical PR?

Yes, the issue came out of a Mythos security scan of crates.io.

[Turbo87]

if that's the worst it could find then I'd be pretty happy 😂

[LawnGnome]

if that's the worst it could find then I'd be pretty happy 😂

Don't worry; I told it to try harder.

[Turbo87]

just so it doesn't get lost in Slack DMs:

the random_string function is still being used by the reconfirm_email_on_email_change database trigger that has not been replaced yet by the first commit in this PR. that is why the CI runs are currently failing with function random_string(integer) does not exist (not visible in CI, but locally with small adjustments to make the error visible).

View changes since the review

[rustbot]

☔ The latest upstream changes (possibly #13532) made this pull request unmergeable. Please resolve the merge conflicts.