diff options
Diffstat (limited to 'app/models')
| -rw-r--r-- | app/models/change_email_validator.rb | 42 | ||||
| -rw-r--r-- | app/models/user.rb | 10 |
2 files changed, 49 insertions, 3 deletions
diff --git a/app/models/change_email_validator.rb b/app/models/change_email_validator.rb new file mode 100644 index 000000000..a796489f7 --- /dev/null +++ b/app/models/change_email_validator.rb @@ -0,0 +1,42 @@ +# models/changeemail_validator.rb: +# Validates email change form submissions. +# +# Copyright (c) 2010 UK Citizens Online Democracy. All rights reserved. +# Email: francis@mysociety.org; WWW: http://www.mysociety.org/ +# +# $Id: contact_validator.rb,v 1.32 2009-09-17 21:10:05 francis Exp $ + +class ChangeEmailValidator < ActiveRecord::BaseWithoutTable + strip_attributes! + + column :old_email, :string + column :new_email, :string + column :password, :string + + attr_accessor :logged_in_user + + validates_presence_of :old_email, :message => "^Please enter your old email address" + validates_presence_of :new_email, :message => "^Please enter your new email address" + validates_presence_of :password, :message => "^Please enter your password" + + def validate + if !self.old_email.blank? && !MySociety::Validate.is_valid_email(self.old_email) + errors.add(:old_email, "doesn't look like a valid address") + end + + if !errors[:old_email] + if self.old_email != self.logged_in_user.email + errors.add(:old_email, "address isn't the same as the address of the account you are logged in with") + elsif !self.logged_in_user.has_this_password?(self.password) + if !errors[:password] + errors.add(:password, "is not correct") + end + end + end + + if !self.new_email.blank? && !MySociety::Validate.is_valid_email(self.new_email) + errors.add(:new_email, "doesn't look like a valid address") + end + end + +end diff --git a/app/models/user.rb b/app/models/user.rb index e0698a47f..b27677d6e 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -134,8 +134,7 @@ class User < ActiveRecord::Base user = self.find_user_by_email(params[:email]) if user # There is user with email, check password - expected_password = encrypted_password(params[:password], user.salt) - if user.hashed_password != expected_password + if !user.has_this_password?(params[:password]) user.errors.add_to_base(auth_fail_message) end else @@ -184,7 +183,12 @@ class User < ActiveRecord::Base self.hashed_password = User.encrypted_password(self.password, self.salt) end - # For use in to/from in email messages + def has_this_password?(password) + expected_password = User.encrypted_password(password, self.salt) + return self.hashed_password == expected_password + end + +# For use in to/from in email messages def name_and_email return TMail::Address.address_from_name_and_email(self.name, self.email).to_s end |