forked from technoweenie/restful-authentication
-
Notifications
You must be signed in to change notification settings - Fork 0
/
model.rb
83 lines (69 loc) · 2.96 KB
/
model.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
require 'digest/sha1'
class <%= class_name %> < ActiveRecord::Base
include Authentication
include Authentication::ByPassword
include Authentication::ByCookieToken
<% if options[:aasm] -%>
include Authorization::AasmRoles
<% elsif options[:stateful] -%>
include Authorization::StatefulRoles<% end %>
validates_presence_of :login
validates_length_of :login, :within => 3..40
validates_uniqueness_of :login
validates_format_of :login, :with => Authentication.login_regex, :message => Authentication.bad_login_message
validates_format_of :name, :with => Authentication.name_regex, :message => Authentication.bad_name_message, :allow_nil => true
validates_length_of :name, :maximum => 100
validates_presence_of :email
validates_length_of :email, :within => 6..100 #r@a.wk
validates_uniqueness_of :email
validates_format_of :email, :with => Authentication.email_regex, :message => Authentication.bad_email_message
<% if options[:include_activation] && !options[:stateful] %>before_create :make_activation_code <% end %>
# HACK HACK HACK -- how to do attr_accessible from here?
# prevents a user from submitting a crafted form that bypasses activation
# anything else you want your user to change should be added here.
attr_accessible :login, :email, :name, :password, :password_confirmation
<% if options[:include_activation] && !options[:stateful] %>
# Activates the user in the database.
def activate!
@activated = true
self.activated_at = Time.now.utc
self.activation_code = nil
save(false)
end
# Returns true if the user has just been activated.
def recently_activated?
@activated
end
def active?
# the existence of an activation code means they have not activated yet
activation_code.nil?
end<% end %>
# Authenticates a user by their login name and unencrypted password. Returns the user or nil.
#
# uff. this is really an authorization, not authentication routine.
# We really need a Dispatch Chain here or something.
# This will also let us return a human error message.
#
def self.authenticate(login, password)
return nil if login.blank? || password.blank?
u = <% if options[:stateful] %>find_in_state :first, :active, :conditions => {:login => login.downcase}<%
elsif options[:include_activation] %>find :first, :conditions => ['login = ? and activated_at IS NOT NULL', login]<%
else %>find_by_login(login.downcase)<% end %> # need to get the salt
u && u.authenticated?(password) ? u : nil
end
def login=(value)
write_attribute :login, (value ? value.downcase : nil)
end
def email=(value)
write_attribute :email, (value ? value.downcase : nil)
end
protected
<% if options[:include_activation] -%>
def make_activation_code
<% if options[:stateful] -%>
self.deleted_at = nil
<% end -%>
self.activation_code = self.class.make_token
end
<% end %>
end