Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- require 'digest/sha1'
- class User < ActiveRecord::Base
- # Virtual attribute for the unencrypted password
- attr_accessor :password
- validates_presence_of :login, :email
- validates_presence_of :password, :if => :password_required?
- validates_presence_of :password_confirmation, :if => :password_required?
- validates_length_of :password, :within => 4..40, :if => :password_required?
- 1 validates_confirmation_of :password, :if => :password_required?
- 1 validates_length_of :login, :within => 3..40
- 1 validates_length_of :email, :within => 6..100
- 1 validates_uniqueness_of :login, :email, :case_sensitive => false
- 1 validates_format_of :email, :with => /(^([^@\s]+)@((?:[-_a-z0-9]+\.)+[a-z]{2,})$)|(^$)/i
- 1
- 1 has_many :permissions
- 1 has_many :roles, :through => :permissions
- 1
- 1 before_save :encrypt_password
- 2 before_create :make_activation_code
- 2
- 2 # prevents a user from submitting a crafted form that bypasses activation
- 2 # anything else you want your user to change should be added here.
- 2 attr_accessible :login, :email, :password, :password_confirmation
- 2
- 2 class ActivationCodeNotFound < StandardError; end
- 2 class AlreadyActivated < StandardError
- 2 attr_reader :user, :message;
- 2 def initialize(user, message=nil)
- 3 @message, @user = message, user
- 3 end
- 3 end
- 3
- 3 # Finds the user with the corresponding activation code, activates their account and returns the user.
- 3 #
- 3 # Raises:
- 3 # +User::ActivationCodeNotFound+ if there is no user with the corresponding activation code
- 3 # +User::AlreadyActivated+ if the user with the corresponding activation code has already activated their account
- 3 def self.find_and_activate!(activation_code)
- 4 raise ArgumentError if activation_code.nil?
- 4 user = find_by_activation_code(activation_code)
- 4 raise ActivationCodeNotFound if !user
- 4 raise AlreadyActivated.new(user) if user.active?
- 4 user.send(:activate!)
- 4 user
- 4 end
- 4
- 4 def active?
- 4 # the presence of an activation date means they have activated
- 5 !activated_at.nil?
- 5 end
- 5
- 5 # Returns true if the user has just been activated.
- 5 def pending?
- 5 @activated
- 5 end
- 5
- 5 # Authenticates a user by their login name and unencrypted password. Returns the user or nil.
- 5 # Updated 2/20/08
- 6 def self.authenticate(login, password)
- 6 u = find :first, :conditions => ['login = ?', login] # need to get the salt
- 6 u && u.authenticated?(password) ? u : nil
- 6 end
- 6
- 6 # Encrypts some data with the salt.
- 6 def self.encrypt(password, salt)
- 6 Digest::SHA1.hexdigest("--#{salt}--#{password}--")
- 6 end
- 6
- 7 # Encrypts the password with the user salt
- 7 def encrypt(password)
- 7 self.class.encrypt(password, salt)
- 7 end
- 7
- 7 def authenticated?(password)
- 7 crypted_password == encrypt(password)
- 7 end
- 7
- 7 def remember_token?
- 8 remember_token_expires_at && Time.now.utc < remember_token_expires_at
- 8 end
- 8
- 8 # These create and unset the fields required for remembering users between browser closes
- 8 def remember_me
- 8 remember_me_for 2.weeks
- 8 end
- 8
- 8 def remember_me_for(time)
- 8 remember_me_until time.from_now.utc
- 9 end
- 9
- 9 def remember_me_until(time)
- 9 self.remember_token_expires_at = time
- 9 self.remember_token = encrypt("#{email}--#{remember_token_expires_at}")
- 9 save(false)
- 9 end
- 9
- 9 def forget_me
- 9 self.remember_token_expires_at = nil
- 10 self.remember_token = nil
- 10 save(false)
- 10 end
- 10
- 10 def forgot_password
- 10 @forgotten_password = true
- 10 self.make_password_reset_code
- 10 end
- 10
- 10 def reset_password
- 11 # First update the password_reset_code before setting the
- 11 # reset_password flag to avoid duplicate email notifications.
- 11 update_attribute(:password_reset_code, nil)
- 11 @reset_password = true
- 11 end
- 11
- 11 #used in user_observer
- 11 def recently_forgot_password?
- 11 @forgotten_password
- 11 end
- 12
- 12 def recently_reset_password?
- 12 @reset_password
- 12 end
- 12
- 12 def self.find_for_forget(email)
- 12 find :first, :conditions => ['email = ? and activated_at IS NOT NULL', email]
- 12 end
- 12
- 12 def has_role?(rolename)
- 13 self.roles.find_by_rolename(rolename) ? true : false
- 13 end
- 13
- 13
- 13 protected
- 13
- 13 # before filter
- 13 def encrypt_password
- 13 return if password.blank?
- 13 self.salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}--#{login}--") if new_record?
- 14 self.crypted_password = encrypt(password)
- 14 end
- 14
- 14 def password_required?
- 14 crypted_password.blank? || !password.blank?
- 14 end
- 14
- 14 def make_activation_code
- 14 self.activation_code = Digest::SHA1.hexdigest( Time.now.to_s.split(//).sort_by {rand}.join )
- 14 end
- 15
- 15 def make_password_reset_code
- 15 self.password_reset_code = Digest::SHA1.hexdigest( Time.now.to_s.split(//).sort_by {rand}.join )
- 15 end
- 15
- 15 private
- 15
- 15 def activate!
- 15 @activated = true
- 15 self.update_attribute(:activated_at, Time.now.utc)
- 16 end
- 16
- 16 end
Add Comment
Please, Sign In to add comment