module Hobo::Model::UserBase

Constants

AUTHENTICATION_FIELDS

Public Instance Methods

account_active?() click to toggle source
# File lib/hobo/model/user_base.rb, line 102
def account_active?
  !self.class.has_lifecycle? || lifecycle.active_state?
end
authenticated?(password) click to toggle source

Check if the encrypted passwords match

# File lib/hobo/model/user_base.rb, line 112
def authenticated?(password)
  crypted_password == encrypt(password)
end
encrypt(password) click to toggle source

Encrypts the password with the user salt

# File lib/hobo/model/user_base.rb, line 107
def encrypt(password)
  self.class.encrypt(password, salt)
end
forget_me() click to toggle source

Expire the login token, resulting in a forced login next time.

# File lib/hobo/model/user_base.rb, line 129
def forget_me
  self.remember_token_expires_at = nil
  self.remember_token            = nil
  save(:validate => :false)
end
guest?() click to toggle source
# File lib/hobo/model/user_base.rb, line 135
def guest?
  false
end
remember_me() click to toggle source

These create and unset the fields required for remembering users between browser closes

# File lib/hobo/model/user_base.rb, line 122
def remember_me
  self.remember_token_expires_at = 2.weeks.from_now.utc
  self.remember_token            = encrypt("#{login}--#{remember_token_expires_at}")
  save(:validate => false)
end
remember_token?() click to toggle source

Do we still need to remember the login token, or has it expired?

# File lib/hobo/model/user_base.rb, line 117
def remember_token?
  remember_token_expires_at && Time.now.utc < remember_token_expires_at
end
signed_up?() click to toggle source
# File lib/hobo/model/user_base.rb, line 139
def signed_up?
  true
end

Protected Instance Methods

changing_password?() click to toggle source
# File lib/hobo/model/user_base.rb, line 159
def changing_password?
  !new_record? && !lifecycle_changing_password? &&
    (current_password.present? || password.present? || password_confirmation.present?)
end
downcase_email() click to toggle source

Downcase emails used for logging in before saving them to the database

# File lib/hobo/model/user_base.rb, line 186
def downcase_email
  if self.login.class == HoboFields::Types::EmailAddress
    self.login = self.login.downcase
  end
end
encrypt_password() click to toggle source

Before filter that encrypts the password before having it stored in the database.

# File lib/hobo/model/user_base.rb, line 145
def encrypt_password
  return if password.blank?
  self.salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}--#{login}--") if salt.blank?
  self.crypted_password = encrypt(password)
end
lifecycle_changing_password?() click to toggle source
# File lib/hobo/model/user_base.rb, line 165
def lifecycle_changing_password?
  self.class.has_lifecycle? && lifecycle.active_step && :password.in?(lifecycle.active_step.parameters)
end
new_password_required?() click to toggle source

Is a new password (and confirmation) required? (i.e. signing up or changing password)

# File lib/hobo/model/user_base.rb, line 170
def new_password_required?
  (new_record? && password) || lifecycle_changing_password? || changing_password?
end
stash_current_password() click to toggle source

after filter that sets current_password so we can pass #validate_current_password_when_changing_password if you save again. See hobo.lighthouseapp.com/projects/8324-hobo/tickets/590

# File lib/hobo/model/user_base.rb, line 155
def stash_current_password
  @current_password ||= password
end
validate_current_password_when_changing_password() click to toggle source
# File lib/hobo/model/user_base.rb, line 180
def validate_current_password_when_changing_password
  errors.add :current_password, I18n.t("hobo.messages.current_password_is_not_correct", :default => "is not correct")            if changing_password? && !authenticated?(current_password)
end
validate_password() click to toggle source

Validation of the plaintext password. Override this function to change your validation.

# File lib/hobo/model/user_base.rb, line 175
def validate_password
  errors.add(:password, I18n.t("hobo.messages.validate_password", :default => "must be at least 6 characters long and must not consist solely of lowercase letters"))            if new_password_required? && (password.nil? || password.length<6 || /^[[:lower:]]*$/.match(password))
end

Public Class Methods

default_user_model() click to toggle source
# File lib/hobo/model/user_base.rb, line 9
def self.default_user_model
  @user_models.first._?.constantize
end
included(base) click to toggle source

Extend the base class with AuthenticatedUser functionality This includes:

  • plaintext password during login and encrypted password in the database

  • plaintext password validation

  • login token for rembering a login during multiple browser sessions

# File lib/hobo/model/user_base.rb, line 20
def self.included(base)
  @user_models << base.name

  base.extend(ClassMethods)

  base.class_eval do

    fields do
      crypted_password          :string, :limit => 40
      salt                      :string, :limit => 40
      remember_token            :string
      remember_token_expires_at :datetime
    end

    validates_confirmation_of :password,              :if => :new_password_required?
    validate :validate_password
    validate :validate_current_password_when_changing_password

    # Virtual attributes for setting and changing the password
    # note that :password_confirmation= is also defined by
    # validates_confirmation_of, so this line must follow any
    # validates_confirmation_of statements.
    # https://hobo.lighthouseapp.com/projects/8324-hobo/tickets/530
    attr_accessor :current_password, :password, :password_confirmation, :type => :password

    before_save :encrypt_password, :downcase_email
    after_save :stash_current_password

    never_show *AUTHENTICATION_FIELDS

    attr_protected *AUTHENTICATION_FIELDS


  end
end