From: John Dong <jdong@mit.edu>
Date: Wed, 29 Aug 2007 21:42:55 +0000 (-0400)
Subject: Validate usernames and passwords for accounts more closely. E-mails too
X-Git-Url: https://projects.mako.cc/source/selectricity-live/commitdiff_plain/22a46a7e2d408fa64e55abd839e6b448f73ed760

Validate usernames and passwords for accounts more closely. E-mails too
---

diff --git a/app/models/full_voter.rb b/app/models/full_voter.rb
index 980fb5c..b82667c 100644
--- a/app/models/full_voter.rb
+++ b/app/models/full_voter.rb
@@ -9,4 +9,12 @@ class FullVoter < Voter
       self.password = token_generator.token
     end
   end
+  
+  protected
+  def validate
+    # E-mail regex, moderate complexity
+    # Stolen from http://www.regular-expressions.info/email.html
+    errors.add(:email, "is not valid") unless email  =~
+                  /^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i
+  end
 end
diff --git a/app/models/user.rb b/app/models/user.rb
index 78266ad..eca592d 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -6,13 +6,12 @@ class User < ActiveRecord::Base
   attr_accessor :password
   attr_accessor :current_user
   
-  validates_presence_of     :login, :email
+  validates_presence_of     :email
   validates_presence_of     :password,                   :if => :password_required?
   validates_presence_of     :password_confirmation,      :if => :password_required?
   validates_length_of       :password, :within => 4..40, :if => :password_required?
   validates_confirmation_of :password,                   :if => :password_required?
   validates_length_of       :login,    :within => 3..40
-  validates_length_of       :email,    :within => 3..100
   validates_uniqueness_of   :login, :email, :case_sensitive => false
   before_save :encrypt_password
 
@@ -68,4 +67,12 @@ class User < ActiveRecord::Base
     def password_required?
       crypted_password.blank? || !password.blank?
     end
+    def validate
+      # E-mail regex, moderate complexity
+      # Stolen from http://www.regular-expressions.info/email.html
+      errors.add(:email, "is not valid") unless email  =~
+                  /^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i
+      errors.add(:login, "should not begin or end with spaces") if login.strip!
+      errors.add(:login, "should contain only letters, numbers, and spaces") unless login =~ /^[A-Za-z0-9 ]*$/
+    end
 end