changelog shortlog tags changeset manifest revisions annotate raw

app/models/user.rb

changeset 5: 233c1cbacd12
author: moriq@moriq.com
date: Wed Mar 05 01:21:23 2008 +0900 (16 years ago)
permissions: -rw-r--r--
description: generate authenticated. 
     1require 'digest/sha1'

     2class User < ActiveRecord::Base

     3  # Virtual attribute for the unencrypted password

     4  attr_accessor :password

     5

     6  validates_presence_of     :login, :email

     7  validates_presence_of     :password,                   :if => :password_required?

     8  validates_presence_of     :password_confirmation,      :if => :password_required?

     9  validates_length_of       :password, :within => 4..40, :if => :password_required?

    10  validates_confirmation_of :password,                   :if => :password_required?

    11  validates_length_of       :login,    :within => 3..40

    12  validates_length_of       :email,    :within => 3..100

    13  validates_uniqueness_of   :login, :email, :case_sensitive => false

    14  before_save :encrypt_password

    15  

    16  # prevents a user from submitting a crafted form that bypasses activation

    17  # anything else you want your user to change should be added here.

    18  attr_accessible :login, :email, :password, :password_confirmation

    19

    20  # Authenticates a user by their login name and unencrypted password.  Returns the user or nil.

    21  def self.authenticate(login, password)

    22    u = find_by_login(login) # need to get the salt

    23    u && u.authenticated?(password) ? u : nil

    24  end

    25

    26  # Encrypts some data with the salt.

    27  def self.encrypt(password, salt)

    28    Digest::SHA1.hexdigest("--#{salt}--#{password}--")

    29  end

    30

    31  # Encrypts the password with the user salt

    32  def encrypt(password)

    33    self.class.encrypt(password, salt)

    34  end

    35

    36  def authenticated?(password)

    37    crypted_password == encrypt(password)

    38  end

    39

    40  def remember_token?

    41    remember_token_expires_at && Time.now.utc < remember_token_expires_at 

    42  end

    43

    44  # These create and unset the fields required for remembering users between browser closes

    45  def remember_me

    46    remember_me_for 2.weeks

    47  end

    48

    49  def remember_me_for(time)

    50    remember_me_until time.from_now.utc

    51  end

    52

    53  def remember_me_until(time)

    54    self.remember_token_expires_at = time

    55    self.remember_token            = encrypt("#{email}--#{remember_token_expires_at}")

    56    save(false)

    57  end

    58

    59  def forget_me

    60    self.remember_token_expires_at = nil

    61    self.remember_token            = nil

    62    save(false)

    63  end

    64

    65  protected

    66    # before filter 

    67    def encrypt_password

    68      return if password.blank?

    69      self.salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}--#{login}--") if new_record?

    70      self.crypted_password = encrypt(password)

    71    end

    72      

    73    def password_required?

    74      crypted_password.blank? || !password.blank?

    75    end

    76    

    77    

    78end