user.rb require 'digest/sha1'class User < ActiveRecord::Base # Virtual

1. user.rb
2.  
3. require 'digest/sha1'
4. class User < ActiveRecord::Base
5. # Virtual attribute for the unencrypted password
6. attr_accessor :password
7.  
8. #validates_presence_of :login, :email, :first_name, :last_name
9. validates_presence_of :password, :if => :password_required?
10. validates_presence_of :password_confirmation, :if => :password_required?
11. validates_length_of :password, :within => 4..40, :if => :password_required?
12. validates_confirmation_of :password, :if => :password_required?
13. validates_length_of :first_name, :within => 3..40
14. validates_length_of :last_name, :within => 1..40
15. validates_length_of :login, :within => 3..40
16. validates_length_of :email, :within => 6..120
17. validates_uniqueness_of :login, :email, :case_sensitive => false
18. validates_format_of :email, :with => /(^([^@\s]+)@((?:[-_a-z0-9]+\.)+[a-z]{2,})$)|(^$)/i
19.  
20. has_many :permissions
21. has_many :roles, :through => :permissions
22. has_many :posts
23. has_many :comments
24.  
25. before_save :encrypt_password
26. before_create :make_activation_code
27.  
28. # prevents a user from submitting a crafted form that bypasses activation
29. # anything else you want your user to change should be added here.
30. attr_accessible :first_name, :last_name, :login, :email, :password, :password_confirmation
31.  
32. #------------- Activates the user in the database.
33. # def activate
34. # @activated = true
35. # self.activated_at = Time.now.utc
36. # self.activation_code = nil
37. # save(false)
38. # end
39.  
40. # Finds the user with the corresponding activation code, activates their account and returns the user.
41. #
42. # Raises:
43. # +User::ActivationCodeNotFound+ if there is no user with the corresponding activation code
44. # +User::AlreadyActivated+ if the user with the corresponding activation code has already activated their account
45. def self.find_and_activate!(activation_code)
46. raise ArgumentError if activation_code.nil?
47. user = find_by_activation_code(activation_code)
48. raise ActivationCodeNotFound if !user
49. raise AlreadyActivated.new(user) if user.active?
50. user.send(:activate!)
51. user
52. end
53.  
54. def full_name
55. "#{first_name} #{last_name}"
56. end
57.  
58. def active?
59. # the existence of an activation code means they have not activated yet
60. activation_code.nil?
61. end
62.  
63. # Returns true if the user has just been activated.
64. def pending?
65. @activated
66. end
67.  
68. # Authenticates a user by their login name and unencrypted password. Returns the user or nil.
69. def self.authenticate(login, password)
70. u = find :first, :conditions => ['login = ?', login] # need to get the salt
71. u && u.authenticated?(password) ? u : nil
72. end
73.  
74. # Encrypts some data with the salt.
75. def self.encrypt(password, salt)
76. Digest::SHA1.hexdigest("--#{salt}--#{password}--")
77. end
78.  
79. # Encrypts the password with the user salt
80. def encrypt(password)
81. self.class.encrypt(password, salt)
82. end
83.  
84. def authenticated?(password)
85. crypted_password == encrypt(password)
86. end
87.  
88. def remember_token?
89. remember_token_expires_at && Time.now.utc < remember_token_expires_at
90. end
91.  
92. # These create and unset the fields required for remembering users between browser closes
93. def remember_me
94. remember_me_for 2.weeks
95. end
96.  
97. def remember_me_for(time)
98. remember_me_until time.from_now.utc
99. end
100.  
101. def remember_me_until(time)
102. self.remember_token_expires_at = time
103. self.remember_token = encrypt("#{email}--#{remember_token_expires_at}")
104. save(false)
105. end
106.  
107. def forget_me
108. self.remember_token_expires_at = nil
109. self.remember_token = nil
110. save(false)
111. end
112.  
113. def forgot_password
114. @forgotten_password = true
115. self.make_password_reset_code
116. end
117.  
118. def reset_password
119. # First update the password_reset_code before setting the
120. # reset_password flag to avoid duplicate email notifications.
121. update_attribute(:password_reset_code, nil)
122. @reset_password = true
123. end
124.  
125. #used in user_observer
126. def recently_forgot_password?
127. @forgotten_password
128. end
129.  
130. def recently_reset_password?
131. @reset_password
132. end
133.  
134. def self.find_for_forget(email)
135. find :first, :conditions => ['email = ? and activated_at IS NOT NULL', email]
136. end
137.  
138. def has_role?(rolename)
139. self.roles.find_by_rolename(rolename) ? true : false
140. end
141.  
142. protected
143.  
144. # before filter
145. def encrypt_password
146. return if password.blank?
147. self.salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}--#{login}--") if new_record?
148. self.crypted_password = encrypt(password)
149. end
150.  
151. def password_required?
152. crypted_password.blank? || !password.blank?
153. end
154.  
155. def make_activation_code
156. self.activation_code = Digest::SHA1.hexdigest( Time.now.to_s.split(//).sort_by {rand}.join )
157. end
158.  
159. def make_password_reset_code
160. self.password_reset_code = Digest::SHA1.hexdigest( Time.now.to_s.split(//).sort_by {rand}.join )
161. end
162.  
163. private
164.  
165. def activate!
166. @activated = true
167. self.update_attribute(:activated_at, Time.now.utc)
168. end
169.  
170. end