# -*- encoding : utf-8 -*- # This file is part of Wiki UFC. # Copyright (C) 2007-2015 by Álinson Xavier # Copyright (C) 2007-2008 by Adriano Freitas # Copyright (C) 2007-2008 by André Castro # Copyright (C) 2007-2008 by Rafael Barbosa <86.rafael@gmail.com> # Copyright (C) 2007-2008 by Henrique Bustamante # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as # published by the Free Software Foundation, either version 3 of the # License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . require 'digest/sha1' class User < ActiveRecord::Base acts_as_paranoid has_and_belongs_to_many :courses, order: 'full_name', conditions: "period = #{App.current_period}" validates_length_of :login, within: 3..40 validates_length_of :name, within: 3..40 validates_length_of :display_name, within: 3..40 validates_presence_of :login, :email, :display_name validates_uniqueness_of :login, :email, :display_name validates_format_of :login, with: /^[^0-9]/ validates_format_of :display_name, with: /^[^0-9]/ validates_format_of :email, with: /^([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})$/i attr_protected :id, :salt attr_accessor :password, :password_confirmation def self.find_by_login_and_pass(login, pass) user = find(:first, conditions: ['login = ?', login]) (!user.nil? && User.encrypt(pass, user.salt) == user.hashed_password) ? user : nil end def to_xml(options = {}) options[:indent] ||= 2 xml = options[:builder] ||= Builder::XmlMarkup.new(indent: options[:indent]) xml.instruct! unless options[:skip_instruct] xml.user do xml.id id xml.name name xml.display_name display_name xml.login login xml.created_at created_at xml.last_seen last_seen xml.description description end end # Gera uma nova senha, e a envia por email. def generate_password_reset_key! update_attribute(:password_reset_key, User.random_string(30)) save! Notifications.deliver_forgot_password(email, password_reset_key) end def reset_login_key self.login_key = Digest::SHA1.hexdigest(Time.now.to_s + password.to_s + rand(123_456_789).to_s).to_s end def reset_login_key! reset_login_key save! login_key end def to_param login.match(/^[-_a-z0-9]*$/i).nil? ? id.to_s : login end def courses_not_enrolled(period) Course.all(conditions: ['period = ? and hidden = ? and id not in (?)', period, false, courses]) end protected def validate if new_record? errors.add_on_blank :password errors.add_on_blank :password_confirmation end return unless @password.blank? errors.add(:password_confirmation) if @password_confirmation.blank? || @password != @password_confirmation errors.add(:password, 'é muito curta') unless @password.length >= 5 end def before_save self.salt = User.random_string(10) unless self.salt? self.secret = User.random_string(32) unless self.secret? self.hashed_password = User.encrypt(@password, salt) unless @password.blank? end def self.encrypt(pass, salt) Digest::SHA1.hexdigest(pass + salt) end def self.random_string(len) chars = ('a'..'z').to_a + ('A'..'Z').to_a + ('0'..'9').to_a newpass = '' 1.upto(len) { |_i| newpass << chars[rand(chars.size - 1)] } newpass end end