Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ## schema
- create_table "emails", :force => true do |t|
- t.integer "user_id"
- t.string "display_name"
- t.string "address"
- t.datetime "created_at"
- t.datetime "updated_at"
- end
- create_table "users", :force => true do |t|
- t.string "login", :limit => 40
- t.string "display_name", :limit => 100, :default => ""
- t.string "crypted_password", :limit => 40
- t.string "salt", :limit => 40
- t.datetime "created_at"
- t.datetime "updated_at"
- t.string "remember_token", :limit => 40
- t.datetime "remember_token_expires_at"
- t.string "activation_code", :limit => 40
- t.datetime "activated_at"
- t.date "birthday"
- t.text "about_me"
- t.string "forgot_password_hash", :limit => 40
- t.datetime "forgot_password_timeout"
- t.string "forgot_password_email"
- end
- ## user model
- require 'digest/sha1'
- class User < ActiveRecord::Base
- has_many :emails, :dependent => :destroy do
- def default
- first :order => 'defaulted_at DESC'
- end
- end
- include Authentication
- include Authentication::ByPassword
- include Authentication::ByCookieToken
- before_validation_on_create :generate_password
- validates_format_of :display_name, :with => Authentication.name_regex, :message => Authentication.bad_name_message, :allow_nil => true
- validates_length_of :display_name, :within => 3..100, :allow_blank => true
- validates_uniqueness_of :display_name, :allow_nil => true, :allow_blank => true
- attr_accessible :display_name, :password, :password_confirmation
- # Authenticates a user by their login name and unencrypted password. Returns the user or nil.
- def self.authenticate(email, password)
- return nil if email.blank? || password.blank?
- u = find :first,
- :include => :emails,
- :conditions => ['emails.address = ?', email] # need to get the salt
- u && u.authenticated?(password) ? u : nil
- end
- private
- def generate_password
- return unless password.blank?
- pass = PasswordGenerator.generate_password
- self.send(:password=, pass)
- self.send(:password_confirmation=, pass)
- end
- end
- ## email model
- class Email < ActiveRecord::Base
- include EmailValidation
- belongs_to :user
- validates_email_address :address
- validates_uniqueness_of :address
- attr_accessible :address
- end
- ## emails controller
- class EmailsController < ApplicationController
- # This method takes a provided email address and creates them an account.
- # It also sends them a confirmation email with login information.
- def create
- @user = User.new
- @email = @user.emails.build(params[:email])
- if @user.save
- self.current_user = @user
- flash[:notice] = "Thank you for signing up. You should receive an email at #{@email.address} shortly containing your temporary password."
- redirect_to wishlists_path and return
- end
- raise ApplicationError
- rescue
- render :action => 'new'
- end
- end
- ## sessions controller
- # This controller handles the login/logout function of the site.
- class SessionsController < ApplicationController
- # authentication request page
- def new
- end
- # post to log in
- def create
- logout_keeping_session!
- user = User.authenticate(params[:login], params[:password])
- if user
- # Protects against session fixation attacks, causes request forgery
- # protection if user resubmits an earlier form using back
- # button. Uncomment if you understand the tradeoffs.
- # reset_session
- self.current_user = user
- new_cookie_flag = (params[:remember_me] == "1")
- handle_remember_cookie! new_cookie_flag
- redirect_back_or_default(wishlists_path)
- flash[:notice] = "Logged in successfully"
- else
- note_failed_signin
- @login = params[:login]
- @remember_me = params[:remember_me]
- render :action => 'new'
- end
- end
- # delete method for clearing session
- def destroy
- logout_killing_session!
- flash[:notice] = "You have been logged out."
- redirect_back_or_default('/')
- end
- protected
- # Track failed login attempts
- # TODO: Time lock account support + failed attempt email to owner
- def note_failed_signin
- flash.now[:error] = "Couldn't log you in as '#{params[:login]}'"
- logger.warn "Failed login for '#{params[:login]}' from #{request.remote_ip} at #{Time.now.utc}"
- end
- end
Add Comment
Please, Sign In to add comment