changelog shortlog tags changeset manifest revisions annotate raw

vendor/plugins/restful_authentication/generators/authenticated/templates/model.rb

changeset 4: 43c5e6930eee
author: moriq@moriq.com
date: Wed Mar 05 01:17:41 2008 +0900 (16 years ago)
permissions: -rw-r--r--
description: add plugin restful_authentication. 
     1require 'digest/sha1'

     2class <%= class_name %> < ActiveRecord::Base

     3  # Virtual attribute for the unencrypted password

     4  attr_accessor :password

     5

     6  validates_presence_of     :login, :email

     7  validates_presence_of     :password,                   :if => :password_required?

     8  validates_presence_of     :password_confirmation,      :if => :password_required?

     9  validates_length_of       :password, :within => 4..40, :if => :password_required?

    10  validates_confirmation_of :password,                   :if => :password_required?

    11  validates_length_of       :login,    :within => 3..40

    12  validates_length_of       :email,    :within => 3..100

    13  validates_uniqueness_of   :login, :email, :case_sensitive => false

    14  before_save :encrypt_password

    15  <% if options[:include_activation] && !options[:stateful] %>before_create :make_activation_code <% end %>

    16  # prevents a user from submitting a crafted form that bypasses activation

    17  # anything else you want your user to change should be added here.

    18  attr_accessible :login, :email, :password, :password_confirmation

    19<% if options[:stateful] %>

    20  acts_as_state_machine :initial => :pending

    21  state :passive

    22  state :pending, :enter => :make_activation_code

    23  state :active,  :enter => :do_activate

    24  state :suspended

    25  state :deleted, :enter => :do_delete

    26

    27  event :register do

    28    transitions :from => :passive, :to => :pending, :guard => Proc.new {|u| !(u.crypted_password.blank? && u.password.blank?) }

    29  end

    30  

    31  event :activate do

    32    transitions :from => :pending, :to => :active 

    33  end

    34  

    35  event :suspend do

    36    transitions :from => [:passive, :pending, :active], :to => :suspended

    37  end

    38  

    39  event :delete do

    40    transitions :from => [:passive, :pending, :active, :suspended], :to => :deleted

    41  end

    42

    43  event :unsuspend do

    44    transitions :from => :suspended, :to => :active,  :guard => Proc.new {|u| !u.activated_at.blank? }

    45    transitions :from => :suspended, :to => :pending, :guard => Proc.new {|u| !u.activation_code.blank? }

    46    transitions :from => :suspended, :to => :passive

    47  end

    48<% elsif options[:include_activation] %>

    49  # Activates the user in the database.

    50  def activate

    51    @activated = true

    52    self.activated_at = Time.now.utc

    53    self.activation_code = nil

    54    save(false)

    55  end

    56

    57  def active?

    58    # the existence of an activation code means they have not activated yet

    59    activation_code.nil?

    60  end

    61

    62  # Returns true if the user has just been activated.

    63  def pending?

    64    @activated

    65  end

    66<% end %>

    67  # Authenticates a user by their login name and unencrypted password.  Returns the user or nil.

    68  def self.authenticate(login, password)

    69    u = <% 

    70    if options[:stateful] %>find_in_state :first, :active, :conditions => {:login => login}<%

    71    elsif options[:include_activation] %>find :first, :conditions => ['login = ? and activated_at IS NOT NULL', login]<% 

    72    else %>find_by_login(login)<% 

    73    end %> # need to get the salt

    74    u && u.authenticated?(password) ? u : nil

    75  end

    76

    77  # Encrypts some data with the salt.

    78  def self.encrypt(password, salt)

    79    Digest::SHA1.hexdigest("--#{salt}--#{password}--")

    80  end

    81

    82  # Encrypts the password with the user salt

    83  def encrypt(password)

    84    self.class.encrypt(password, salt)

    85  end

    86

    87  def authenticated?(password)

    88    crypted_password == encrypt(password)

    89  end

    90

    91  def remember_token?

    92    remember_token_expires_at && Time.now.utc < remember_token_expires_at 

    93  end

    94

    95  # These create and unset the fields required for remembering users between browser closes

    96  def remember_me

    97    remember_me_for 2.weeks

    98  end

    99

   100  def remember_me_for(time)

   101    remember_me_until time.from_now.utc

   102  end

   103

   104  def remember_me_until(time)

   105    self.remember_token_expires_at = time

   106    self.remember_token            = encrypt("#{email}--#{remember_token_expires_at}")

   107    save(false)

   108  end

   109

   110  def forget_me

   111    self.remember_token_expires_at = nil

   112    self.remember_token            = nil

   113    save(false)

   114  end

   115

   116  protected

   117    # before filter 

   118    def encrypt_password

   119      return if password.blank?

   120      self.salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}--#{login}--") if new_record?

   121      self.crypted_password = encrypt(password)

   122    end

   123      

   124    def password_required?

   125      crypted_password.blank? || !password.blank?

   126    end

   127    <% if options[:include_activation] %>

   128    def make_activation_code

   129<% if options[:stateful] %>      self.deleted_at = nil<% end %>

   130      self.activation_code = Digest::SHA1.hexdigest( Time.now.to_s.split(//).sort_by {rand}.join )

   131    end<% end %>

   132    <% if options[:stateful] %>

   133    def do_delete

   134      self.deleted_at = Time.now.utc

   135    end

   136

   137    def do_activate

   138      self.activated_at = Time.now.utc

   139      self.deleted_at = self.activation_code = nil

   140    end<% end %>

   141end