blob: 986d5dc3db2ff6e77a894c3838dd8922b6df8559 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
# models/user.rb:
# Model of people who use the site to file requests, make comments etc.
#
# Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved.
# Email: francis@mysociety.org; WWW: http://www.mysociety.org/
#
# $Id: user.rb,v 1.11 2007-11-01 16:14:43 francis Exp $
require 'digest/sha1'
class User < ActiveRecord::Base
validates_presence_of :email
validates_uniqueness_of :email, :case_sensitive => false
validates_presence_of :name
has_many :info_requests
attr_accessor :password_confirmation
validates_confirmation_of :password
def validate
errors.add_to_base("Missing password") if hashed_password.blank?
errors.add(:email, "doesn't look like a valid address") unless MySociety::Validate.is_valid_email(self.email)
end
# Return user given login email and password
def self.authenticate(email, password)
user = self.find(:first, :conditions => [ 'email ilike ?', email ] ) # using ilike for case insensitive
if user
expected_password = encrypted_password(password, user.salt)
if user.hashed_password != expected_password
user = nil
end
end
user
end
# Virtual password attribute, which stores the hashed password, rather than plain text.
def password
@password
end
def password=(pwd)
@password = pwd
return if pwd.blank?
create_new_salt
self.hashed_password = User.encrypted_password(self.password, self.salt)
end
private
def self.encrypted_password(password, salt)
string_to_hash = password + salt # XXX need to add a secret here too?
Digest::SHA1.hexdigest(string_to_hash)
end
def create_new_salt
self.salt = self.object_id.to_s + rand.to_s
end
end
|
