Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 1. require 'digest/sha1'
- 2. class User < ActiveRecord::Base
- 3. # Virtual attribute for the unencrypted password
- 4. attr_accessor :password
- 5.
- 6. validates_presence_of :login, :email
- 7. validates_presence_of :password, :if => :password_required?
- 8. validates_presence_of :password_confirmation, :if => :password_required?
- 9. validates_length_of :password, :within => 4..40, :if => :password_required?
- 10. validates_confirmation_of :password, :if => :password_required?
- 11. validates_length_of :login, :within => 3..40
- 12. validates_length_of :email, :within => 6..100
- 13. validates_uniqueness_of :login, :email, :case_sensitive => false
- 14. validates_format_of :email, :with => /(^([^@\s]+)@((?:[-_a-z0-9]+\.)+[a-z]{2,})$)|(^$)/i
- 15.
- 16. has_many :permissions
- 17. has_many :roles, :through => :permissions
- 18.
- 19. before_save :encrypt_password
- 20. before_create :make_activation_code
- 21.
- 22. # prevents a user from submitting a crafted form that bypasses activation
- 23. # anything else you want your user to change should be added here.
- 24. attr_accessible :login, :email, :password, :password_confirmation
- 25.
- 26. class ActivationCodeNotFound < StandardError; end
- 27. class AlreadyActivated < StandardError
- 28. attr_reader :user, :message;
- 29. def initialize(user, message=nil)
- 30. @message, @user = message, user
- 31. end
- 32. end
- 33.
- 34. # Finds the user with the corresponding activation code, activates their account and returns the user.
- 35. #
- 36. # Raises:
- 37. # +User::ActivationCodeNotFound+ if there is no user with the corresponding activation code
- 38. # +User::AlreadyActivated+ if the user with the corresponding activation code has already activated their account
- 39. def self.find_and_activate!(activation_code)
- 40. raise ArgumentError if activation_code.nil?
- 41. user = find_by_activation_code(activation_code)
- 42. raise ActivationCodeNotFound if !user
- 43. raise AlreadyActivated.new(user) if user.active?
- 44. user.send(:activate!)
- 45. user
- 46. end
- 47.
- 48. def active?
- 49. # the presence of an activation date means they have activated
- 50. !activated_at.nil?
- 51. end
- 52.
- 53. # Returns true if the user has just been activated.
- 54. def pending?
- 55. @activated
- 56. end
- 57.
- 58. # Authenticates a user by their login name and unencrypted password. Returns the user or nil.
- 59. # Updated 2/20/08
- 60. def self.authenticate(login, password)
- 61. u = find :first, :conditions => ['login = ?', login] # need to get the salt
- 62. u && u.authenticated?(password) ? u : nil
- 63. end
- 64.
- 65. # Encrypts some data with the salt.
- 66. def self.encrypt(password, salt)
- 67. Digest::SHA1.hexdigest("--#{salt}--#{password}--")
- 68. end
- 69.
- 70. # Encrypts the password with the user salt
- 71. def encrypt(password)
- 72. self.class.encrypt(password, salt)
- 73. end
- 74.
- 75. def authenticated?(password)
- 76. crypted_password == encrypt(password)
- 77. end
- 78.
- 79. def remember_token?
- 80. remember_token_expires_at && Time.now.utc < remember_token_expires_at
- 81. end
- 82.
- 83. # These create and unset the fields required for remembering users between browser closes
- 84. def remember_me
- 85. remember_me_for 2.weeks
- 86. end
- 87.
- 88. def remember_me_for(time)
- 89. remember_me_until time.from_now.utc
- 90. end
- 91.
- 92. def remember_me_until(time)
- 93. self.remember_token_expires_at = time
- 94. self.remember_token = encrypt("#{email}--#{remember_token_expires_at}")
- 95. save(false)
- 96. end
- 97.
- 98. def forget_me
- 99. self.remember_token_expires_at = nil
- 100. self.remember_token = nil
- 101. save(false)
- 102. end
- 103.
- 104. def forgot_password
- 105. @forgotten_password = true
- 106. self.make_password_reset_code
- 107. end
- 108.
- 109. def reset_password
- 110. # First update the password_reset_code before setting the
- 111. # reset_password flag to avoid duplicate email notifications.
- 112. update_attribute(:password_reset_code, nil)
- 113. @reset_password = true
- 114. end
- 115.
- 116. #used in user_observer
- 117. def recently_forgot_password?
- 118. @forgotten_password
- 119. end
- 120.
- 121. def recently_reset_password?
- 122. @reset_password
- 123. end
- 124.
- 125. def self.find_for_forget(email)
- 126. find :first, :conditions => ['email = ? and activated_at IS NOT NULL', email]
- 127. end
- 128.
- 129. def has_role?(rolename)
- 130. self.roles.find_by_rolename(rolename) ? true : false
- 131. end
- 132.
- 133.
- 134. protected
- 135.
- 136. # before filter
- 137. def encrypt_password
- 138. return if password.blank?
- 139. self.salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}--#{login}--") if new_record?
- 140. self.crypted_password = encrypt(password)
- 141. end
- 142.
- 143. def password_required?
- 144. crypted_password.blank? || !password.blank?
- 145. end
- 146.
- 147. def make_activation_code
- 148. self.activation_code = Digest::SHA1.hexdigest( Time.now.to_s.split(//).sort_by {rand}.join )
- 149. end
- 150.
- 151. def make_password_reset_code
- 152. self.password_reset_code = Digest::SHA1.hexdigest( Time.now.to_s.split(//).sort_by {rand}.join )
- 153. end
- 154.
- 155. private
- 156.
- 157. def activate!
- 158. @activated = true
- 159. self.update_attribute(:activated_at, Time.now.utc)
- 160. end
- 161.
- 162. end
Add Comment
Please, Sign In to add comment