Untitled

require 'digest/sha1'
    class User < ActiveRecord::Base
      # Virtual attribute for the unencrypted password
      attr_accessor :password

      validates_presence_of     :login, :email
      validates_presence_of     :password,                   :if => :password_required?
      validates_presence_of     :password_confirmation,      :if => :password_required?
      validates_length_of       :password, :within => 4..40, :if => :password_required?
  1   validates_confirmation_of :password,                   :if => :password_required?
  1   validates_length_of       :login,    :within => 3..40
  1   validates_length_of       :email,    :within => 6..100
  1   validates_uniqueness_of   :login, :email, :case_sensitive => false
  1   validates_format_of       :email, :with => /(^([^@\s]+)@((?:[-_a-z0-9]+\.)+[a-z]{2,})$)|(^$)/i
  1
  1   has_many :permissions
  1   has_many :roles, :through => :permissions
  1
  1   before_save :encrypt_password
  2   before_create :make_activation_code
  2
  2   # prevents a user from submitting a crafted form that bypasses activation
  2   # anything else you want your user to change should be added here.
  2   attr_accessible :login, :email, :password, :password_confirmation
  2
  2   class ActivationCodeNotFound < StandardError; end
  2   class AlreadyActivated < StandardError
  2     attr_reader :user, :message;
  2     def initialize(user, message=nil)
  3       @message, @user = message, user
  3     end
  3   end
  3
  3   # Finds the user with the corresponding activation code, activates their account and returns the user.
  3   #
  3   # Raises:
  3   #  +User::ActivationCodeNotFound+ if there is no user with the corresponding activation code
  3   #  +User::AlreadyActivated+ if the user with the corresponding activation code has already activated their account
  3   def self.find_and_activate!(activation_code)
  4     raise ArgumentError if activation_code.nil?
  4     user = find_by_activation_code(activation_code)
  4     raise ActivationCodeNotFound if !user
  4     raise AlreadyActivated.new(user) if user.active?
  4     user.send(:activate!)
  4     user
  4   end
  4
  4   def active?
  4     # the presence of an activation date means they have activated
  5     !activated_at.nil?
  5   end
  5
  5   # Returns true if the user has just been activated.
  5   def pending?
  5     @activated
  5   end
  5
  5   # Authenticates a user by their login name and unencrypted password.  Returns the user or nil.
  5   # Updated 2/20/08
  6   def self.authenticate(login, password)
  6     u = find :first, :conditions => ['login = ?', login] # need to get the salt
  6     u && u.authenticated?(password) ? u : nil
  6   end
  6
  6   # Encrypts some data with the salt.
  6   def self.encrypt(password, salt)
  6     Digest::SHA1.hexdigest("--#{salt}--#{password}--")
  6   end
  6
  7   # Encrypts the password with the user salt
  7   def encrypt(password)
  7     self.class.encrypt(password, salt)
  7   end
  7
  7   def authenticated?(password)
  7     crypted_password == encrypt(password)
  7   end
  7
  7   def remember_token?
  8     remember_token_expires_at && Time.now.utc < remember_token_expires_at
  8   end
  8
  8   # These create and unset the fields required for remembering users between browser closes
  8   def remember_me
  8     remember_me_for 2.weeks
  8   end
  8
  8   def remember_me_for(time)
  8     remember_me_until time.from_now.utc
  9   end
  9
  9   def remember_me_until(time)
  9     self.remember_token_expires_at = time
  9     self.remember_token            = encrypt("#{email}--#{remember_token_expires_at}")
  9     save(false)
  9   end
  9
  9   def forget_me
  9     self.remember_token_expires_at = nil
 10     self.remember_token            = nil
 10     save(false)
 10   end
 10
 10   def forgot_password
 10     @forgotten_password = true
 10     self.make_password_reset_code
 10   end
 10
 10   def reset_password
 11     # First update the password_reset_code before setting the
 11     # reset_password flag to avoid duplicate email notifications.
 11     update_attribute(:password_reset_code, nil)
 11     @reset_password = true
 11   end
 11
 11   #used in user_observer
 11   def recently_forgot_password?
 11     @forgotten_password
 11   end
 12
 12   def recently_reset_password?
 12     @reset_password
 12   end
 12
 12   def self.find_for_forget(email)
 12     find :first, :conditions => ['email = ? and activated_at IS NOT NULL', email]
 12   end
 12
 12   def has_role?(rolename)
 13     self.roles.find_by_rolename(rolename) ? true : false
 13   end
 13
 13
 13   protected
 13
 13   # before filter
 13   def encrypt_password
 13     return if password.blank?
 13     self.salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}--#{login}--") if new_record?
 14     self.crypted_password = encrypt(password)
 14   end
 14
 14   def password_required?
 14     crypted_password.blank? || !password.blank?
 14   end
 14
 14   def make_activation_code
 14     self.activation_code = Digest::SHA1.hexdigest( Time.now.to_s.split(//).sort_by {rand}.join )
 14   end
 15
 15   def make_password_reset_code
 15     self.password_reset_code = Digest::SHA1.hexdigest( Time.now.to_s.split(//).sort_by {rand}.join )
 15   end
 15
 15   private
 15
 15   def activate!
 15     @activated = true
 15     self.update_attribute(:activated_at, Time.now.utc)
 16   end
 16
 16 end