require 'digest/sha1'class User < ActiveRecord::Base include SavageBe

1. require 'digest/sha1'
2.  
3. class User < ActiveRecord::Base
4.  
5. include SavageBeast::UserInit
6.  
7. # Virtual attribute for the unencrypted password
8. attr_accessor :password
9. validates_presence_of :first_name, :surname, :email
10. validates_presence_of :password, :if => :password_required?
11. validates_presence_of :password_confirmation, :if => :password_required?
12. validates_length_of :password, :within => 4..40, :if => :password_required?
13. validates_confirmation_of :password, :if => :password_required?
14. validates_length_of :first_name, :within => 3..40
15. validates_length_of :surname, :within => 3..40
16. validates_length_of :email, :within => 6..100
17. validates_uniqueness_of :email, :case_sensitive => false
18. validates_format_of :email, :with => /(^([^@\s]+)@((?:[-_a-z0-9]+\.)+[a-z]{2,})$)|(^$)/i
19.  
20. has_many :permissions, :dependent => :destroy
21. has_many :roles, :through => :permissions
22.  
23. has_many :business_ownerships, :dependent => :destroy
24. has_many :businesses, :through => :business_ownerships
25.  
26. has_many :business_claims, :dependent => :destroy
27. has_many :claimed_businesses, :through => :business_claims, :source => :business
28.  
29. before_save :encrypt_password
30. before_create :make_activation_code
31.  
32. # prevents a user from submitting a crafted form that bypasses activation
33. # anything else you want your user to change should be added here.
34. attr_accessible :first_name, :surname, :email, :password, :password_confirmation
35.  
36. class ActivationCodeNotFound < StandardError; end
37. class AlreadyActivated < StandardError
38. attr_reader :user, :message;
39. def initialize(user, message=nil)
40. @message, @user = message, user
41. end
42. end
43.  
44. # Finds the user with the corresponding activation code, activates their account and returns the user.
45. #
46. # Raises:
47. # +User::ActivationCodeNotFound+ if there is no user with the corresponding activation code
48. # +User::AlreadyActivated+ if the user with the corresponding activation code has already activated their account
49. def self.find_and_activate!(activation_code)
50. raise ArgumentError if activation_code.nil?
51. user = find_by_activation_code(activation_code)
52. raise ActivationCodeNotFound if !user
53. raise AlreadyActivated.new(user) if user.active?
54. user.send(:activate!)
55. user
56. end
57.  
58. def active?
59. # the presence of an activation date means they have activated
60. !activated_at.nil?
61. end
62.  
63. # Returns true if the user has just been activated.
64. def pending?
65. @activated
66. end
67.  
68. # Authenticates a user by their email name and unencrypted password. Returns the user or nil.
69. # Updated 2/20/08
70. def self.authenticate(email, password)
71. u = find :first, :conditions => ['email = ?', email] # need to get the salt
72. u && u.authenticated?(password) ? u : nil
73. end
74.  
75. # Encrypts some data with the salt.
76. def self.encrypt(password, salt)
77. Digest::SHA1.hexdigest("--#{salt}--#{password}--")
78. end
79.  
80. # Encrypts the password with the user salt
81. def encrypt(password)
82. self.class.encrypt(password, salt)
83. end
84.  
85. def authenticated?(password)
86. crypted_password == encrypt(password)
87. end
88.  
89. def remember_token?
90. remember_token_expires_at && Time.now.utc < remember_token_expires_at
91. end
92.  
93. # These create and unset the fields required for remembering users between browser closes
94. def remember_me
95. remember_me_for 2.weeks
96. end
97.  
98. def remember_me_for(time)
99. remember_me_until time.from_now.utc
100. end
101.  
102. def remember_me_until(time)
103. self.remember_token_expires_at = time
104. self.remember_token = encrypt("#{email}--#{remember_token_expires_at}")
105. save(false)
106. end
107.  
108. def forget_me
109. self.remember_token_expires_at = nil
110. self.remember_token = nil
111. save(false)
112. end
113.  
114. def forgot_password
115. @forgotten_password = true
116. self.make_password_reset_code
117. end
118.  
119. def reset_password
120. # First update the password_reset_code before setting the
121. # reset_password flag to avoid duplicate email notifications.
122. update_attribute(:password_reset_code, nil)
123. @reset_password = true
124. end
125.  
126. #used in user_observer
127. def recently_forgot_password?
128. @forgotten_password
129. end
130.  
131. def recently_reset_password?
132. @reset_password
133. end
134.  
135. def self.find_for_forget(email)
136. find :first, :conditions => ['email = ? and activated_at IS NOT NULL', email]
137. end
138.  
139. def has_role?(rolename)
140. self.roles.find_by_rolename(rolename) ? true : false
141. end
142.  
143. def has_business?(name)
144. self.businesses.find_by_name(name) ? true : false
145. end
146.  
147. # Added as part of Savage Beast Forum
148. def display_name
149. self.first_name + self.surname
150. end
151.  
152. def admin?
153. false
154. end
155.  
156. def currently_online
157. false
158. end
159. # End of Savage Beast inclusions
160.  
161. protected
162.  
163. # before filter
164. def encrypt_password
165. return if password.blank?
166. self.salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}--#{email}--") if new_record?
167. self.crypted_password = encrypt(password)
168. end
169.  
170. def password_required?
171. crypted_password.blank? || !password.blank?
172. end
173.  
174. def make_activation_code
175. self.activation_code = Digest::SHA1.hexdigest( Time.now.to_s.split(//).sort_by {rand}.join )
176. end
177.  
178. def make_password_reset_code
179. self.password_reset_code = Digest::SHA1.hexdigest( Time.now.to_s.split(//).sort_by {rand}.join )
180. end
181.  
182. private
183.  
184. def activate!
185. @activated = true
186. self.update_attribute(:activated_at, Time.now.utc)
187. end
188.  
189. end