From: Date: Tue, 31 Jul 2007 20:03:10 +0000 (-0400) Subject: I have added the acts_as_authenticated plugin to code, and have gotten VERY BASIC... X-Git-Url: https://projects.mako.cc/source/selectricity-live/commitdiff_plain/dc635b6d39be19a09a428282b6d639d029908df6?ds=sidebyside;hp=b8482ad1846436439b9ef3ba0ddcb3b42588d916 I have added the acts_as_authenticated plugin to code, and have gotten VERY BASIC functionality. This isn't my last addition fortoday but I wanted to commit before my battery died. A lot of the detailed documentation about where to find help with acts_as_authenticated is in the README, the website is here :http://technoweenie.stikipad.com/plugins/show/Acts+as+Authenticated. The acts_as_authenitcated generator also heavily modifed the user class (model) but I kept theo original lines as well. I havne't begun tothrow anyting out yet, because im using it as a refernce to get the new system running. --- diff --git a/README b/README index 1c1f548..341ef6d 100644 --- a/README +++ b/README @@ -3,3 +3,23 @@ Contributors to Selectricity Include: * Benjamin Mako Hill * John Dong * Justin Sharps + +07/31/07 +jlsharps: I've added a user authentication system known as +"acts_as_authenticated" to the code. The plugin is the the vendor/plugins +directory. The two most noticeable changes are the AccountController and a +redone User model. I've left the UserController in place for now, but the +AccountController works in a different manner, so am switching over to that +gradually. I saved the 5 lines or so in the old User model, overwrote +it with the authenticated generator and then recopied the old stuff back in: +has_many :elections and the name() method. The generator also creates its own +migration file, but since we are using a create.sql file I adopted the +migration file into a new users table in the create.sql file. I have yet to +delete the old table because I haven't fully combed through the code yet and +determined how many of the old attributes (such as first_name, last_name) may +need to be retained. +http://technoweenie.stikipad.com/plugins/show/Acts+as+Authenticated is the +best site for documentation regarding acts_as_authenticaed. Also, currently +it only stores the user_id in the session, but i just found a guide to help +me make it store the entire user object, so I'll do that while my battery +charges. \ No newline at end of file diff --git a/app/controllers/quickvote_controller.rb b/app/controllers/quickvote_controller.rb index 5e29a10..10815b3 100644 --- a/app/controllers/quickvote_controller.rb +++ b/app/controllers/quickvote_controller.rb @@ -66,7 +66,7 @@ class QuickvoteController < ApplicationController @voter = nil end - # if the voter does not exist or as has been destroyed, lets + # if the voter does not exist or has has been destroyed, lets # create a new one unless @voter # create a new voter and populate it diff --git a/app/controllers/site_controller.rb b/app/controllers/site_controller.rb index d5eab86..3307d88 100644 --- a/app/controllers/site_controller.rb +++ b/app/controllers/site_controller.rb @@ -1,6 +1,6 @@ class SiteController < ApplicationController layout 'hc' - model :user, :election + model :user, :election, :account def index @quickvotes = QuickVote.find_all(["quickvote = 1"]).sort {|a,b| b.enddate <=> a.enddate}[0..1] diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb index f1aff78..4752f00 100755 --- a/app/helpers/application_helper.rb +++ b/app/helpers/application_helper.rb @@ -1,4 +1,4 @@ # Methods added to this helper will be available to all templates in the application. module ApplicationHelper - include LoginEngine + end diff --git a/app/models/user.rb b/app/models/user.rb index 17f58a1..64fd71c 100755 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -1,8 +1,70 @@ +require 'digest/sha1' class User < ActiveRecord::Base has_many :elections + # Virtual attribute for the unencrypted password + attr_accessor :password + + validates_presence_of :login, :email + validates_presence_of :password, :if => :password_required? + validates_presence_of :password_confirmation, :if => :password_required? + validates_length_of :password, :within => 4..40, :if => :password_required? + validates_confirmation_of :password, :if => :password_required? + validates_length_of :login, :within => 3..40 + validates_length_of :email, :within => 3..100 + validates_uniqueness_of :login, :email, :case_sensitive => false + before_save :encrypt_password + def name - [ firstname, lastname].join(" ") + [ firstname, lastname].join(" ") + end + + # Authenticates a user by their login name and unencrypted password. Returns the user or nil. + def self.authenticate(login, password) + u = find_by_login(login) # need to get the salt + u && u.authenticated?(password) ? u : nil + end + + # Encrypts some data with the salt. + def self.encrypt(password, salt) + Digest::SHA1.hexdigest("--#{salt}--#{password}--") + end + + # Encrypts the password with the user salt + def encrypt(password) + self.class.encrypt(password, salt) end -end + def authenticated?(password) + crypted_password == encrypt(password) + end + + def remember_token? + remember_token_expires_at && Time.now.utc < remember_token_expires_at + end + + # These create and unset the fields required for remembering users between browser closes + def remember_me + self.remember_token_expires_at = 2.weeks.from_now.utc + self.remember_token = encrypt("#{email}--#{remember_token_expires_at}") + save(false) + end + + def forget_me + self.remember_token_expires_at = nil + self.remember_token = nil + save(false) + end + + protected + # before filter + def encrypt_password + return if password.blank? + self.salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}--#{login}--") if new_record? + self.crypted_password = encrypt(password) + end + + def password_required? + crypted_password.blank? || !password.blank? + end +end diff --git a/app/views/layouts/hc.rhtml b/app/views/layouts/hc.rhtml index 860992a..2408083 100755 --- a/app/views/layouts/hc.rhtml +++ b/app/views/layouts/hc.rhtml @@ -17,14 +17,15 @@