Class: Credential

Inherits:

ActiveRecord::Base

• Object
• ActiveRecord::Base
• Credential

Defined in:

app/models/credential.rb

Instance Attribute Summary

• #password ⇒ Object

  Returns the value of attribute password.

Class Method Summary

• .find_by_email(email_address) ⇒ Object
• .find_using_auth(email, password, find_at = Time.now) ⇒ Object
• .guest_permitted?(controller, action) ⇒ Boolean
• .humanize_duration_from_seconds(seconds) ⇒ Object
• .salt_and_hash(password) ⇒ Object

Instance Method Summary

• #accept_password?(password, find_at) ⇒ Boolean
• #default_post_login_url_to ⇒ Object
• #generate_reset_token! ⇒ Object
• #is_request_permitted?(controller, action) ⇒ Boolean
• #locked_out?(find_at) ⇒ Boolean
• #locked_until(find_at) ⇒ Object
• #reset_password_by_token!(supplied_token, newpassword, find_at = Time.now) ⇒ Object

Instance Attribute Details

#password ⇒ Object

Returns the value of attribute password.

# File 'app/models/credential.rb', line 12

def password
  @password
end

Class Method Details

.find_by_email(email_address) ⇒ Object

# File 'app/models/credential.rb', line 39

def self.find_by_email(email_address)
  Credential.find :first, :conditions => ['email_address = ?', email_address]
end

.find_using_auth(email, password, find_at = Time.now) ⇒ Object

# File 'app/models/credential.rb', line 33

def self.find_using_auth(email, password, find_at = Time.now)
  credential = Credential.find(:first, :conditions => ['email_address = ?', email])

  (credential and credential.accept_password?(password, find_at)) ? credential : nil
end

.guest_permitted?(controller, action) ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/credential.rb', line 120

def self.guest_permitted?(controller,action)
  # These are controller/actions that don't require auth to access. Probably these acl type questions should go into their own models eventually
  controller == 'authentication'
end

.humanize_duration_from_seconds(seconds) ⇒ Object

# File 'app/models/credential.rb', line 43

def self.humanize_duration_from_seconds(seconds)
  # I did it this way so we can test easier
  until_citation = [
    (seconds/3600).floor,
    ((seconds % 3600)/60).floor,
    (seconds % 60)
  ]

  {0 => 'hour', 1 => 'minute', 2 => 'second'}.each_pair do |i, unit|
    until_citation[i] = '%d %s' % [
      until_citation[i], 
      ((until_citation[i] > 1) ? unit.pluralize : unit)
    ] if until_citation[i] and until_citation[i] > 0
  end
  
  until_citation.reject!{|i| i.nil? or i == 0 }
  
  until_citation.join ' '
end

.salt_and_hash(password) ⇒ Object

# File 'app/models/credential.rb', line 22

def self.salt_and_hash(password)
  begin
    @salt = Rails.configuration.authentication_salt
  rescue
    @salt = t(:salt_is_missing)
    logger.error @salt # cheeky?
  end unless @salt

  Digest::SHA256.hexdigest( "%s%s" % [password, @salt] )
end

Instance Method Details

#accept_password?(password, find_at) ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/credential.rb', line 82

def accept_password?(password, find_at)
  password_security_transaction!(
    password_hash == self.class.salt_and_hash(password), 
    find_at
  ) { self.reset_password_token = nil }
end

#default_post_login_url_to ⇒ Object

# File 'app/models/credential.rb', line 110

def default_post_login_url_to
  # NOTE: This should be different for non-admins when we get around to it ...
  { :controller => 'admin/activities', :action => 'index' }
end

#generate_reset_token! ⇒ Object

# File 'app/models/credential.rb', line 89

def generate_reset_token!
  raise_on_disabled
  
  char_pool = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a

  token = Array.new(32){char_pool[rand(char_pool.size-1)]}.join
  
  self.reset_password_token = token
  reset_failed_login_fields
  save!
  
  token
end

#is_request_permitted?(controller, action) ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/credential.rb', line 115

def is_request_permitted?(controller, action)
  # NOTE: Highly rudimentary, but until we want to do the public side and proper ACLs, this will work.
  user_type == 'Employee'
end

#locked_out?(find_at) ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/credential.rb', line 63

def locked_out?(find_at)
  account_lockout_threshold > 0 and
  failed_login_at and
  (failed_login_count % account_lockout_threshold) == 0 and 
  locked_until(find_at) > 0
end

#locked_until(find_at) ⇒ Object

# File 'app/models/credential.rb', line 70

def locked_until(find_at)
  # NOTE: There's a multiplier effect here. So, if the lockout_threshold is 3, and there's been 12 unsuccessful logins
  # we're not going to let them in for another 4*lockout_duration seconds

  # How long we've been locked out for
  been_locked_out_for = (find_at - failed_login_at).seconds
  
  lockout_multiplier = (failed_login_count / account_lockout_threshold).floor
  
  account_lockout_duration * lockout_multiplier - been_locked_out_for
end

#reset_password_by_token!(supplied_token, newpassword, find_at = Time.now) ⇒ Object

# File 'app/models/credential.rb', line 103

def reset_password_by_token!(supplied_token, newpassword, find_at = Time.now)
  password_security_transaction!(supplied_token == reset_password_token, find_at) do 
    self.password = newpassword
    self.reset_password_token = nil
  end
end