X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/7f598ab412674ce5a78da98c54aa2fe2e4a05792..15d29c646b545b65bbedeed1f49329b9292671ba:/app/models/user.rb

diff --git a/app/models/user.rb b/app/models/user.rb
index 778afbf8a..4c51089e6 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -52,6 +52,7 @@ class User < ActiveRecord::Base
 
   after_initialize :set_defaults
   before_save :encrypt_password
+  after_save :spam_check
 
   has_attached_file :image,
     :default_url => "/assets/:class/:attachment/:style.png",
@@ -69,7 +70,7 @@ class User < ActiveRecord::Base
         end
       end
 
-      user = nil if user and user.pass_crypt != OSM::encrypt_password(options[:password], user.pass_salt)
+      user = nil if user and not PasswordHash.check(user.pass_crypt, user.pass_salt, options[:password])
     elsif options[:token]
       token = UserToken.find_by_token(options[:token])
       user = token.user if token
@@ -216,6 +217,14 @@ class User < ActiveRecord::Base
     return score.to_i
   end
 
+  ##
+  # perform a spam check on a user
+  def spam_check
+    if status == "active" and spam_score > SPAM_THRESHOLD
+      update_column(:status, "suspended")
+    end
+  end
+
   ##
   # return an oauth access token for a specified application
   def access_token(application_key)
@@ -231,8 +240,7 @@ private
 
   def encrypt_password
     if pass_crypt_confirmation
-      self.pass_salt = OSM::make_token(8)
-      self.pass_crypt = OSM::encrypt_password(pass_crypt, pass_salt)
+      self.pass_crypt, self.pass_salt = PasswordHash.create(pass_crypt)
       self.pass_crypt_confirmation = nil
     end
   end