Sha256: 70791fe20e6efa4423846aeb80fe84bbf9bcfe7ae26a6bb3caa8eab8104938e3

Contents?: true

Size: 1.92 KB

Versions: 4

Compression:

Stored size: 1.92 KB

Contents

require 'securerandom'
require 'active_model'
require 'active_support'


# :nodoc: namespace
module Authpwn

# Included by the model class that represents users.
#
# Parts of the codebase assume the model will be named User.
module UserModel
  extend ActiveSupport::Concern

  included do
    # Externally-visible user ID.
    #
    # This is decoupled from "id" column to avoid leaking information about
    # the application's usage.
    validates :exuid, :presence => true, :length => 1..32, :uniqueness => true
    
    # Credentials used to authenticate the user.
    has_many :credentials, :dependent => :destroy, :inverse_of => :user
    validates_associated :credentials
    # This is safe, because credentials use attr_accessible.
    accepts_nested_attributes_for :credentials, :allow_destroy => true
    
    # Automatically assign exuid.
    before_validation :set_default_exuid, :on => :create
    
    # Forms should not be able to touch any attribute.
    attr_accessible :credentials_attributes
  end

  # Class methods on models that include Authpwn::UserModel.
  module ClassMethods
    # Queries the database using the value returned by User#to_param.
    #
    # Returns nil if no matching User exists.
    def find_by_param(param)
      where(:exuid => param).first
    end
  end  # module Authpwn::UserModel::ClassMethods
  
  # Checks if a credential is acceptable for authenticating a user.
  #
  # Returns nil if the credential is acceptable, or a String containing a
  # user-visible reason why the credential is not acceptable. 
  def auth_bounce_reason(crdential)
    nil
  end
  
  # Use e-mails instead of exposing ActiveRecord IDs.
  def to_param
    exuid
  end
  
  # :nodoc: sets exuid to a (hopefully) unique value before validations occur. 
  def set_default_exuid
    self.exuid ||=
        SecureRandom.random_bytes(8).unpack('Q').first & 0x7fffffffffffffff
  end
end  # namespace Authpwn::UserModel

end  # namespace Authpwn

Version data entries

4 entries across 4 versions & 1 rubygems

Version Path
authpwn_rails-0.11.0 lib/authpwn_rails/user_model.rb
authpwn_rails-0.10.12 lib/authpwn_rails/user_model.rb
authpwn_rails-0.10.11 lib/authpwn_rails/user_model.rb
authpwn_rails-0.10.10 lib/authpwn_rails/user_model.rb