Changesets can be listed by changeset number.
The Git repository is here.
- Revision:
- 108
- Log:
Substantial changes and additions to Hub. Now in a state where
it will integrate with other applications to an acceptable level.
Requires HubSsoLib gem 0.0.4 or later - see Changeset #107.
- Author:
- adh
- Date:
- Mon Oct 23 18:16:22 +0100 2006
- Size:
- 3845 Bytes
1 | require 'digest/sha1' |
2 | |
3 | class User < ActiveRecord::Base |
4 | belongs_to :member |
5 | before_create :make_activation_code |
6 | |
7 | # Virtual attribute for the unencrypted password |
8 | attr_accessor :password |
9 | |
10 | # Stop mass-assignment of the User model when we do something like |
11 | # "@user = User.new(params[:user])" in the Controller. Someone could |
12 | # build a form which submitted any value for all columns in the User |
13 | # table without this - e.g. they could assign "admin" to "roles". |
14 | # The line below states which attributes are accessible to mass |
15 | # assignment - everything else must be explicitly assigned. |
16 | attr_accessible :email, :real_name, :password, :password_confirmation |
17 | |
18 | validates_presence_of :email, :real_name |
19 | validates_presence_of :password, :if => :password_required? |
20 | validates_presence_of :password_confirmation, :if => :password_required? |
21 | validates_length_of :password, :within => 4..40, :if => :password_required? |
22 | validates_confirmation_of :password, :if => :password_required? |
23 | validates_length_of :email, :within => 3..200 |
24 | validates_length_of :real_name, :within => 3..200 |
25 | validates_uniqueness_of :email, :case_sensitive => false |
26 | before_save :encrypt_password |
27 | |
28 | # Authenticates a user by e-mail address and unencrypted password. Returns the user or nil. |
29 | def self.authenticate(email, password) |
30 | # hide records with a nil activated_at |
31 | u = find :first, :conditions => ['email = ? and activated_at IS NOT NULL', email] |
32 | u && u.authenticated?(password) ? u : nil |
33 | end |
34 | |
35 | # Encrypts some data with the salt. |
36 | def self.encrypt(password, salt) |
37 | Digest::SHA1.hexdigest("--#{salt}--#{password}--") |
38 | end |
39 | |
40 | # Encrypts the password with the user salt |
41 | def encrypt(password) |
42 | self.class.encrypt(password, salt) |
43 | end |
44 | |
45 | def authenticated?(password) |
46 | crypted_password == encrypt(password) |
47 | end |
48 | |
49 | # Activates the user in the database. |
50 | def activate |
51 | @activated = true |
52 | self.activated_at = Time.now.utc |
53 | self.activation_code = nil |
54 | save(false) |
55 | end |
56 | |
57 | # Returns true if the user has just been activated. |
58 | def recently_activated? |
59 | activated = @activated |
60 | @activated = false |
61 | return activated |
62 | end |
63 | |
64 | # Deal with forgotten passwords |
65 | def forgot_password |
66 | self.password_reset_code_expires_at = (Time.now.utc) + RESET_TIME_LIMIT |
67 | self.make_password_reset_code |
68 | save(false) |
69 | @forgotten_password = true |
70 | end |
71 | |
72 | def reset_password |
73 | # First update the password_reset_code before setting the |
74 | # reset_password flag to avoid duplicate email notifications. |
75 | self.password_reset_code_expires_at = nil |
76 | self.password_reset_code = nil |
77 | save(false) |
78 | @reset_password = true |
79 | end |
80 | |
81 | def recently_reset_password? |
82 | reset_password = @reset_password |
83 | @reset_password = false |
84 | return reset_password |
85 | end |
86 | |
87 | def recently_forgot_password? |
88 | forgotten_password = @forgotten_password |
89 | @forgotten_password = false |
90 | return forgotten_password |
91 | end |
92 | |
93 | def destroy |
94 | UserNotifier.deliver_destruction(self) |
95 | super |
96 | end |
97 | |
98 | protected |
99 | # before filter |
100 | def encrypt_password |
101 | return if password.blank? |
102 | self.salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}--#{email}--") if new_record? |
103 | self.crypted_password = encrypt(password) |
104 | end |
105 | |
106 | def password_required? |
107 | crypted_password.blank? || !password.blank? |
108 | end |
109 | |
110 | # Create a user activation code for activation e-mail messages |
111 | def make_activation_code |
112 | self.activation_code = Digest::SHA1.hexdigest(Time.now.to_s.split(//).sort_by {rand}.join) |
113 | end |
114 | |
115 | # Make a password reset code for users who've forgotten their password |
116 | def make_password_reset_code |
117 | self.password_reset_code = Digest::SHA1.hexdigest(Time.now.to_s.split(//).sort_by {rand}.join) |
118 | end |
119 | end |