]> projects.mako.cc - selectricity/blob - app/models/full_voter.rb
fix security issue
[selectricity] / app / models / full_voter.rb
1 # Selectricity: Voting Machinery for the Masses
2 # Copyright (C) 2007, 2008 Benjamin Mako Hill <mako@atdot.cc>
3 # Copyright (C) 2007 Massachusetts Institute of Technology
4 #
5 # This program is free software. Please see the COPYING file for
6 # details.
7
8 class FullVoter < Voter
9   validates_presence_of :email, :password
10
11   def initialize(params={})
12     super
13     create_password
14   end
15   
16   def create_password
17     token_generator = UniqueTokenGenerator.new( 16 )
18     until password and not password.empty? \
19           and Voter.find(:all, :conditions => [ "password = ?", password ]).empty?
20       self.password = token_generator.token
21     end
22   end
23   
24   protected
25   def validate
26     # E-mail regex, moderate complexity
27     # Stolen from http://www.regular-expressions.info/email.html
28     errors.add(:email, "is not valid") unless email  =~
29                   /^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i
30   end
31 end

Benjamin Mako Hill || Want to submit a patch?