## schema create_table "emails", :force => true do |t| t.integer "u

1. ## schema
2.  
3.  
4. create_table "emails", :force => true do |t|
5. t.integer "user_id"
6. t.string "display_name"
7. t.string "address"
8. t.datetime "created_at"
9. t.datetime "updated_at"
10. end
11.  
12. create_table "users", :force => true do |t|
13. t.string "login", :limit => 40
14. t.string "display_name", :limit => 100, :default => ""
15. t.string "crypted_password", :limit => 40
16. t.string "salt", :limit => 40
17. t.datetime "created_at"
18. t.datetime "updated_at"
19. t.string "remember_token", :limit => 40
20. t.datetime "remember_token_expires_at"
21. t.string "activation_code", :limit => 40
22. t.datetime "activated_at"
23. t.date "birthday"
24. t.text "about_me"
25. t.string "forgot_password_hash", :limit => 40
26. t.datetime "forgot_password_timeout"
27. t.string "forgot_password_email"
28. end
29.  
30. ## user model
31.  
32. require 'digest/sha1'
33. class User < ActiveRecord::Base
34. has_many :emails, :dependent => :destroy do
35. def default
36. first :order => 'defaulted_at DESC'
37. end
38. end
39.  
40. include Authentication
41. include Authentication::ByPassword
42. include Authentication::ByCookieToken
43.  
44. before_validation_on_create :generate_password
45.  
46. validates_format_of :display_name, :with => Authentication.name_regex, :message => Authentication.bad_name_message, :allow_nil => true
47. validates_length_of :display_name, :within => 3..100, :allow_blank => true
48. validates_uniqueness_of :display_name, :allow_nil => true, :allow_blank => true
49.  
50. attr_accessible :display_name, :password, :password_confirmation
51.  
52. # Authenticates a user by their login name and unencrypted password. Returns the user or nil.
53. def self.authenticate(email, password)
54. return nil if email.blank? || password.blank?
55. u = find :first,
56. :include => :emails,
57. :conditions => ['emails.address = ?', email] # need to get the salt
58. u && u.authenticated?(password) ? u : nil
59. end
60.  
61. private
62.  
63. def generate_password
64. return unless password.blank?
65. pass = PasswordGenerator.generate_password
66. self.send(:password=, pass)
67. self.send(:password_confirmation=, pass)
68. end
69. end
70.  
71. ## email model
72. class Email < ActiveRecord::Base
73. include EmailValidation
74.  
75. belongs_to :user
76. validates_email_address :address
77. validates_uniqueness_of :address
78. attr_accessible :address
79. end
80.  
81. ## emails controller
82.  
83. class EmailsController < ApplicationController
84.  
85. # This method takes a provided email address and creates them an account.
86. # It also sends them a confirmation email with login information.
87. def create
88. @user = User.new
89. @email = @user.emails.build(params[:email])
90. if @user.save
91. self.current_user = @user
92. flash[:notice] = "Thank you for signing up. You should receive an email at #{@email.address} shortly containing your temporary password."
93. redirect_to wishlists_path and return
94. end
95. raise ApplicationError
96. rescue
97. render :action => 'new'
98. end
99.  
100. end
101.  
102. ## sessions controller
103.  
104. # This controller handles the login/logout function of the site.
105. class SessionsController < ApplicationController
106.  
107. # authentication request page
108. def new
109. end
110.  
111. # post to log in
112. def create
113. logout_keeping_session!
114. user = User.authenticate(params[:login], params[:password])
115. if user
116. # Protects against session fixation attacks, causes request forgery
117. # protection if user resubmits an earlier form using back
118. # button. Uncomment if you understand the tradeoffs.
119. # reset_session
120. self.current_user = user
121. new_cookie_flag = (params[:remember_me] == "1")
122. handle_remember_cookie! new_cookie_flag
123. redirect_back_or_default(wishlists_path)
124. flash[:notice] = "Logged in successfully"
125. else
126. note_failed_signin
127. @login = params[:login]
128. @remember_me = params[:remember_me]
129. render :action => 'new'
130. end
131. end
132.  
133. # delete method for clearing session
134. def destroy
135. logout_killing_session!
136. flash[:notice] = "You have been logged out."
137. redirect_back_or_default('/')
138. end
139.  
140.  
141. protected
142.  
143. # Track failed login attempts
144. # TODO: Time lock account support + failed attempt email to owner
145. def note_failed_signin
146. flash.now[:error] = "Couldn't log you in as '#{params[:login]}'"
147. logger.warn "Failed login for '#{params[:login]}' from #{request.remote_ip} at #{Time.now.utc}"
148. end
149.  
150. end