# File lib/hobo/model/user_base.rb, line 102 def account_active? !self.class.has_lifecycle? || lifecycle.active_state? end
Check if the encrypted passwords match
# File lib/hobo/model/user_base.rb, line 112 def authenticated?(password) crypted_password == encrypt(password) end
Encrypts the password with the user salt
# File lib/hobo/model/user_base.rb, line 107 def encrypt(password) self.class.encrypt(password, salt) end
Expire the login token, resulting in a forced login next time.
# File lib/hobo/model/user_base.rb, line 129 def forget_me self.remember_token_expires_at = nil self.remember_token = nil save(:validate => :false) end
# File lib/hobo/model/user_base.rb, line 135 def guest? false end
These create and unset the fields required for remembering users between browser closes
# File lib/hobo/model/user_base.rb, line 122 def remember_me self.remember_token_expires_at = 2.weeks.from_now.utc self.remember_token = encrypt("#{login}--#{remember_token_expires_at}") save(:validate => false) end
Do we still need to remember the login token, or has it expired?
# File lib/hobo/model/user_base.rb, line 117 def remember_token? remember_token_expires_at && Time.now.utc < remember_token_expires_at end
# File lib/hobo/model/user_base.rb, line 139 def signed_up? true end
# File lib/hobo/model/user_base.rb, line 159 def changing_password? !new_record? && !lifecycle_changing_password? && (current_password.present? || password.present? || password_confirmation.present?) end
Downcase emails used for logging in before saving them to the database
# File lib/hobo/model/user_base.rb, line 186 def downcase_email if self.login.class == HoboFields::Types::EmailAddress self.login = self.login.downcase end end
Before filter that encrypts the password before having it stored in the database.
# File lib/hobo/model/user_base.rb, line 145 def encrypt_password return if password.blank? self.salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}--#{login}--") if salt.blank? self.crypted_password = encrypt(password) end
# File lib/hobo/model/user_base.rb, line 165 def lifecycle_changing_password? self.class.has_lifecycle? && lifecycle.active_step && :password.in?(lifecycle.active_step.parameters) end
Is a new password (and confirmation) required? (i.e. signing up or changing password)
# File lib/hobo/model/user_base.rb, line 170 def new_password_required? (new_record? && password) || lifecycle_changing_password? || changing_password? end
after filter that sets current_password so we can pass #validate_current_password_when_changing_password if you save again. See hobo.lighthouseapp.com/projects/8324-hobo/tickets/590
# File lib/hobo/model/user_base.rb, line 155 def stash_current_password @current_password ||= password end
# File lib/hobo/model/user_base.rb, line 180 def validate_current_password_when_changing_password errors.add :current_password, I18n.t("hobo.messages.current_password_is_not_correct", :default => "is not correct") if changing_password? && !authenticated?(current_password) end
Validation of the plaintext password. Override this function to change your validation.
# File lib/hobo/model/user_base.rb, line 175 def validate_password errors.add(:password, I18n.t("hobo.messages.validate_password", :default => "must be at least 6 characters long and must not consist solely of lowercase letters")) if new_password_required? && (password.nil? || password.length<6 || /^[[:lower:]]*$/.match(password)) end
# File lib/hobo/model/user_base.rb, line 9 def self.default_user_model @user_models.first._?.constantize end
Extend the base class with AuthenticatedUser functionality This includes:
plaintext password during login and encrypted password in the database
plaintext password validation
login token for rembering a login during multiple browser sessions
# File lib/hobo/model/user_base.rb, line 20 def self.included(base) @user_models << base.name base.extend(ClassMethods) base.class_eval do fields do crypted_password :string, :limit => 40 salt :string, :limit => 40 remember_token :string remember_token_expires_at :datetime end validates_confirmation_of :password, :if => :new_password_required? validate :validate_password validate :validate_current_password_when_changing_password # Virtual attributes for setting and changing the password # note that :password_confirmation= is also defined by # validates_confirmation_of, so this line must follow any # validates_confirmation_of statements. # https://hobo.lighthouseapp.com/projects/8324-hobo/tickets/530 attr_accessor :current_password, :password, :password_confirmation, :type => :password before_save :encrypt_password, :downcase_email after_save :stash_current_password never_show *AUTHENTICATION_FIELDS attr_protected *AUTHENTICATION_FIELDS end end