X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/b61e4f77e86fd2535a88b0d3e5aec97809c8ec5e..6ba4e831a78ac9d753a775f437f8fa0b1f03951f:/app/models/user.rb

diff --git a/app/models/user.rb b/app/models/user.rb
index 783a9bc3b..054695e5b 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -1,12 +1,13 @@
 class User < ActiveRecord::Base
   require 'xml/libxml'
-  require 'digest/md5'
 
   has_many :traces
   has_many :diary_entries, :order => 'created_at DESC'
   has_many :messages, :foreign_key => :to_user_id
   has_many :new_messages, :class_name => "Message", :foreign_key => :to_user_id, :conditions => "message_read = 0"
   has_many :friends
+  has_many :tokens, :class_name => "UserToken"
+  has_many :preferences, :class_name => "UserPreference"
 
   validates_confirmation_of :pass_crypt, :message => 'Password must match the confirmation password'
   validates_uniqueness_of :display_name, :allow_nil => true
@@ -18,34 +19,34 @@ class User < ActiveRecord::Base
 
   before_save :encrypt_password
 
-  def set_defaults
-    self.creation_time = Time.now
-    self.timeout = Time.now
-    self.token = User.make_token()
+  def after_initialize
+    self.creation_time = Time.now if self.creation_time.nil?
   end
 
   def encrypt_password
-    self.pass_crypt = Digest::MD5.hexdigest(pass_crypt) unless pass_crypt_confirmation.nil?
+    if pass_crypt_confirmation
+      self.pass_salt = OSM::make_token(8)
+      self.pass_crypt = OSM::encrypt_password(pass_crypt, pass_salt)
+    end
   end
 
-  def self.authenticate(email, passwd, active = true)
-    find(:first, :conditions => [ "email = ? AND pass_crypt = ? AND active = ?", email, Digest::MD5.hexdigest(passwd), active])
-  end 
-
-  def self.authenticate_token(token) 
-    find(:first, :conditions => [ "token = ? ", token])
-  end 
-
-  def self.make_token(length=30)
-    chars = 'abcdefghijklmnopqrtuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'
-    confirmstring = ''
+  def self.authenticate(options)
+    if options[:username] and options[:password]
+      user = find(:first, :conditions => ["email = ? OR display_name = ?", options[:username], options[:username]])
+      user = nil if user and user.pass_crypt != OSM::encrypt_password(options[:password], user.pass_salt)
+    elsif options[:token]
+      token = UserToken.find(:first, :include => :user, :conditions => ["user_tokens.token = ?", options[:token]])
+      user = token.user if token
+    end
 
-    length.times do
-      confirmstring += chars[(rand * chars.length).to_i].chr
+    if user
+      user = nil unless user.active? or options[:inactive]
     end
 
-    return confirmstring
-  end
+    token.update_attribute(:expiry, 1.week.from_now) if token and user
+
+    return user
+  end 
 
   def to_xml
     doc = OSM::API.new.get_xml_doc