From dc635b6d39be19a09a428282b6d639d029908df6 Mon Sep 17 00:00:00 2001
From:  <jlsharps@mit.edu>
Date: Tue, 31 Jul 2007 16:03:10 -0400
Subject: [PATCH] I have added the acts_as_authenticated plugin to code, and
 have gotten VERY BASIC functionality. This isn't my last addition fortoday
 but I wanted to commit before my battery died. A lot of the detailed
 documentation about where to find help with acts_as_authenticated is in the
 README, the website is here
 :http://technoweenie.stikipad.com/plugins/show/Acts+as+Authenticated. The
 acts_as_authenitcated generator also heavily modifed the user class (model)
 but I kept theo original lines as well. I havne't begun tothrow anyting out
 yet, because im using it as a refernce to get the new system running.

---
 README                                  | 20 ++++++++
 app/controllers/quickvote_controller.rb |  2 +-
 app/controllers/site_controller.rb      |  2 +-
 app/helpers/application_helper.rb       |  2 +-
 app/models/user.rb                      | 66 ++++++++++++++++++++++++-
 app/views/layouts/hc.rhtml              |  9 ++--
 app/views/site/_basic_login.rhtml       | 18 ++++---
 db/create.sql                           | 57 +++++++++++++--------
 8 files changed, 140 insertions(+), 36 deletions(-)

diff --git a/README b/README
index 1c1f548..341ef6d 100644
--- a/README
+++ b/README
@@ -3,3 +3,23 @@ Contributors to Selectricity Include:
  * Benjamin Mako Hill <mako@atdot.cc>
  * John Dong          <jdong@ubuntu.com>
  * Justin Sharps      <jlsharps@mit.edu>
+
+07/31/07
+jlsharps: I've added a user authentication system known as
+"acts_as_authenticated" to the code. The plugin is the the vendor/plugins 
+directory. The two most noticeable changes are the AccountController and a 
+redone User model. I've left the UserController in place for now, but the 
+AccountController works in a different manner, so am switching over to that 
+gradually. I saved the 5 lines or so in the old User model, overwrote 
+it with the authenticated generator and then recopied the old stuff back in: 
+has_many :elections and the name() method. The generator also creates its own 
+migration file, but since we are using a create.sql file I adopted the 
+migration file into a new users table in the create.sql file. I have yet to 
+delete the old table because I haven't fully combed through the code yet and 
+determined how many of the old attributes (such as first_name, last_name) may 
+need to be retained. 
+http://technoweenie.stikipad.com/plugins/show/Acts+as+Authenticated is the 
+best site for documentation regarding acts_as_authenticaed. Also, currently
+it only stores the user_id in the session, but i just found a guide to help 
+me make it store the entire user object, so I'll do that while my battery 
+charges.
\ No newline at end of file
diff --git a/app/controllers/quickvote_controller.rb b/app/controllers/quickvote_controller.rb
index 5e29a10..10815b3 100644
--- a/app/controllers/quickvote_controller.rb
+++ b/app/controllers/quickvote_controller.rb
@@ -66,7 +66,7 @@ class QuickvoteController < ApplicationController
 	@voter = nil
       end
 
-      # if the voter does not exist or as has been destroyed, lets
+      # if the voter does not exist or has has been destroyed, lets
       # create a new one
       unless @voter
         # create a new voter and populate it
diff --git a/app/controllers/site_controller.rb b/app/controllers/site_controller.rb
index d5eab86..3307d88 100644
--- a/app/controllers/site_controller.rb
+++ b/app/controllers/site_controller.rb
@@ -1,6 +1,6 @@
 class SiteController < ApplicationController
   layout 'hc'
-  model :user, :election
+  model :user, :election, :account
 
   def index
     @quickvotes = QuickVote.find_all(["quickvote = 1"]).sort {|a,b| b.enddate <=> a.enddate}[0..1]
diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
index f1aff78..4752f00 100755
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -1,4 +1,4 @@
 # Methods added to this helper will be available to all templates in the application.
 module ApplicationHelper
-  include LoginEngine
+ 
 end
diff --git a/app/models/user.rb b/app/models/user.rb
index 17f58a1..64fd71c 100755
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -1,8 +1,70 @@
+require 'digest/sha1'
 class User < ActiveRecord::Base
   has_many :elections
 
+  # Virtual attribute for the unencrypted password
+  attr_accessor :password
+
+  validates_presence_of     :login, :email
+  validates_presence_of     :password,                   :if => :password_required?
+  validates_presence_of     :password_confirmation,      :if => :password_required?
+  validates_length_of       :password, :within => 4..40, :if => :password_required?
+  validates_confirmation_of :password,                   :if => :password_required?
+  validates_length_of       :login,    :within => 3..40
+  validates_length_of       :email,    :within => 3..100
+  validates_uniqueness_of   :login, :email, :case_sensitive => false
+  before_save :encrypt_password
+
   def name
-    [ firstname, lastname].join(" ")
+     [ firstname, lastname].join(" ")
+  end
+
+  # Authenticates a user by their login name and unencrypted password.  Returns the user or nil.
+  def self.authenticate(login, password)
+    u = find_by_login(login) # need to get the salt
+    u && u.authenticated?(password) ? u : nil
+  end
+
+  # Encrypts some data with the salt.
+  def self.encrypt(password, salt)
+    Digest::SHA1.hexdigest("--#{salt}--#{password}--")
+  end
+
+  # Encrypts the password with the user salt
+  def encrypt(password)
+    self.class.encrypt(password, salt)
   end
-end
 
+  def authenticated?(password)
+    crypted_password == encrypt(password)
+  end
+
+  def remember_token?
+    remember_token_expires_at && Time.now.utc < remember_token_expires_at 
+  end
+
+  # These create and unset the fields required for remembering users between browser closes
+  def remember_me
+    self.remember_token_expires_at = 2.weeks.from_now.utc
+    self.remember_token            = encrypt("#{email}--#{remember_token_expires_at}")
+    save(false)
+  end
+
+  def forget_me
+    self.remember_token_expires_at = nil
+    self.remember_token            = nil
+    save(false)
+  end
+
+  protected
+    # before filter 
+    def encrypt_password
+      return if password.blank?
+      self.salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}--#{login}--") if new_record?
+      self.crypted_password = encrypt(password)
+    end
+    
+    def password_required?
+      crypted_password.blank? || !password.blank?
+    end
+end
diff --git a/app/views/layouts/hc.rhtml b/app/views/layouts/hc.rhtml
index 860992a..2408083 100755
--- a/app/views/layouts/hc.rhtml
+++ b/app/views/layouts/hc.rhtml
@@ -17,14 +17,15 @@
 
            <div id="links">
              <% if session[:user] %>
-               Welcome <strong><%= session[:user].login.capitalize %></strong>
+<% breakpoint%>
+               Welcome <strong><%= User.find(session[:user]).login.capitalize %></strong>
              <% else %>
-               <%= link_to("Login",:controller => "user", :action => "login")
-	         %>/<%= link_to("Sign up", :controller => "user", :action => "signup")%>
+               <%= link_to("Login", :controller => "account", :action => "login")
+	         %>/<%= link_to("Sign up", :controller => "account", :action => "signup")%>
              <% end %> |
 	  
              <% if session[:user] %>
-               <%= link_to("Logout", :controller => "user", :action => "logout") %>  |
+               <%= link_to("Logout", :controller => "account", :action => "logout") %>  |
              <% end %>
              
 	     <%= link_to("Help/About", :controller => "site", :action => "about") %>
diff --git a/app/views/site/_basic_login.rhtml b/app/views/site/_basic_login.rhtml
index d3043db..f02d362 100755
--- a/app/views/site/_basic_login.rhtml
+++ b/app/views/site/_basic_login.rhtml
@@ -1,15 +1,19 @@
 <% -%>
-  <%= start_form_tag :controller => 'user', :action => 'login'  %>
+ <% form_tag :controller => 'account', :action => 'login'  do %>
     <table>
-      <%= form_input :text_field, "Login ID", "login", :size => 30 %>
-      <%= form_input :password_field, "Password", "password", :size => 30 %>
+	  <label for="login">Login</label>
+      <%= text_field "Login", "login", :size => 30 %><br />
+      <label for="password">Password</label>
+      <%= password_field "Password", "password", :size => 30 %><br />
     </table>
 
     <div class="button-bar">
       <p><%= submit_tag 'Login' %></p>
-<!--      <p><%= link_to 'Register for an account', :controller =>
-'user', :action => 'signup' %></p> -->
-      <p><%= link_to 'Lost or forgot your password?', :controller => 'user', :action => 'forgot_password' %></p>
+<% end %>
+     <p><%= link_to 'Register for an account', :controller =>
+'account', :action => 'signup' %></p>
+
+      <p><%= link_to 'Lost or forgot your password?', :controller => 'account', :action => 'forgot_password' %></p>
 
       <p>Unfortunately, Selectricity is currently being tested and new
       accounts for full votes (i.e., non-<em>QuickVotes</em>) can not
@@ -19,4 +23,4 @@
       href="http://mako.cc/contact.html">Benjamin Mako Hill</a>.</p>
 
     </div>
-  <%= end_form_tag %>
+
diff --git a/db/create.sql b/db/create.sql
index e0c264f..cee33a3 100755
--- a/db/create.sql
+++ b/db/create.sql
@@ -86,24 +86,41 @@ create table rankings (
 
 # CREATE users TABLE
 #####################################
-DROP TABLE IF EXISTS `users`;
-CREATE TABLE `users` (
-  `id` int(11) NOT NULL auto_increment,
-  `login` varchar(80) NOT NULL default '',
-  `salted_password` varchar(40) NOT NULL default '',
-  `email` varchar(60) NOT NULL default '',
-  `firstname` varchar(40) default NULL,
-  `lastname` varchar(40) default NULL,
-  `salt` varchar(40) NOT NULL default '',
-  `verified` int(11) default '0',
-  `role` varchar(40) default NULL,
-  `security_token` varchar(40) default NULL,
-  `token_expiry` datetime default NULL,
-  `created_at` datetime default NULL,
-  `updated_at` datetime default NULL,
-  `logged_in_at` datetime default NULL,
-  `deleted` int(11) default '0',
-  `delete_after` datetime default NULL,
-  PRIMARY KEY  (`id`)
-) ENGINE=InnoDB DEFAULT CHARSET=latin1;
+#DROP TABLE IF EXISTS `users`;
+#CREATE TABLE `users` (
+#  `id` int(11) NOT NULL auto_increment,
+#  `login` varchar(80) NOT NULL default '',
+#  `salted_password` varchar(40) NOT NULL default '',
+#  `email` varchar(60) NOT NULL default '',
+#  `firstname` varchar(40) default NULL,
+#  `lastname` varchar(40) default NULL,
+#  `salt` varchar(40) NOT NULL default '',
+#  `verified` int(11) default '0',
+#  `role` varchar(40) default NULL,
+#  `security_token` varchar(40) default NULL,
+#  `token_expiry` datetime default NULL,
+#  `created_at` datetime default NULL,
+#  `updated_at` datetime default NULL,
+#  `logged_in_at` datetime default NULL,
+#  `deleted` int(11) default '0',
+#  `delete_after` datetime default NULL,
+#  PRIMARY KEY  (`id`)
+#) ENGINE=InnoDB DEFAULT CHARSET=latin1;
 
+#Following is the new users table that goes with acts_as_authenticated
+#Is simpler for now, saving the old table while in transition between 
+#the two for ideas on what attributes may be helpful/necessary
+drop table if exists users;
+create table users (
+	id                        int         not null auto_increment,
+	login                     text,
+	ip                        text not null,
+	email                     text,
+	crypted_password          varchar(40),
+	salt                      varchar(40),
+	created_at                datetime,
+	updated_at                datetime,
+	remember_token            text,
+	remember_token_expires_at datetime,
+	primary key(id)
+);
\ No newline at end of file
-- 
2.30.2