require 'digest/sha1'

# = Domain
#
# This is actually nothing more than a User class generated by the
# standard Rails login generator.
#
# Its data structure is very basic, as a result:
# name::     The domain's name.
# password:: A SHA1 hash of the domain's password.
#
# Its use as a login service is mainly for the purposes of the
# Mailservice web service--the middle layer (the SOAP client) logs into
# the domain, and then the users can log into _that_.
class Domain < ActiveRecord::Base

    #----------------------------------------
    # First of all, email address stuff
    #----------------------------------------
    has_many :users
    has_many :mailinglists, :through => :users

    # Please change the salt to something else, 
    # Every application should use a different one 
    @@salt = 'thuchpog10.?guf'
    cattr_accessor :salt

    # Authenticate a user. 
    #
    # Example:
    #   @user = User.authenticate('bob', 'bobpass')
    #
    def self.authenticate(name, pass)
        find_first(["name = ? AND password = ?", name, sha1(pass)])
    end  


    protected

    # Apply SHA1 encryption to the supplied password. 
    # We will additionally surround the password with a salt 
    # for additional security. 
    def self.sha1(pass)
        Digest::SHA1.hexdigest("#{salt}--#{pass}--")
    end

    before_create :crypt_password

    # Before saving the record to database we will crypt the password 
    # using SHA1. 
    # We never store the actual password in the DB.
    def crypt_password
        write_attribute "password", self.class.sha1(password)
    end

    before_update :crypt_unless_empty

    # If the record is updated we will check if the password is empty.
    # If its empty we assume that the user didn't want to change his
    # password and just reset it to the old value.
    def crypt_unless_empty
        if password.empty?      
            user = self.class.find(self.id)
            self.password = user.password
        else
            write_attribute "password", self.class.sha1(password)
        end        
    end  

    validates_uniqueness_of :name, :on => :create

    validates_confirmation_of :password
    validates_length_of :name, :within => 3..40
    validates_length_of :password, :within => 5..40
    validates_presence_of :name, :password, :password_confirmation, 
        :on => :create
end