5 files changed, 72 insertions, 24 deletions

diff --git a/users/app/controllers/users_controller.rb b/users/app/controllers/users_controller.rb
index de21983..3cbb6dc 100644
--- a/users/app/controllers/users_controller.rb
+++ b/users/app/controllers/users_controller.rb
@@ -47,7 +47,7 @@ class UsersController < UsersBaseController
   end
 
   def destroy
-    @user.destroy
+    @user.account.destroy
     flash[:notice] = I18n.t(:account_destroyed)
     # admins can destroy other users
     if @user != current_user
diff --git a/users/app/controllers/v1/users_controller.rb b/users/app/controllers/v1/users_controller.rb
index 03a5a62..0903888 100644
--- a/users/app/controllers/v1/users_controller.rb
+++ b/users/app/controllers/v1/users_controller.rb
@@ -24,15 +24,9 @@ module V1
     end
 
     def update
-      account.update params[:user]
+      @user.account.update params[:user]
       respond_with @user
     end
 
-    protected
-
-    def account
-      @user.account
-    end
-
   end
 end
diff --git a/users/app/models/account.rb b/users/app/models/account.rb
index 5368a1b..5c943bb 100644
--- a/users/app/models/account.rb
+++ b/users/app/models/account.rb
@@ -1,5 +1,10 @@
 #
-# A Composition of a User record and it's identity records.
+# The Account model takes care of the livecycle of a user.
+# It composes a User record and it's identity records.
+# It also allows for other engines to hook into the livecycle by
+# monkeypatching the create, update and destroy methods.
+# There's an ActiveSupport load_hook at the end of this file to
+# make this more easy.
 #
 class Account
 
@@ -29,9 +34,7 @@ class Account
 
   def destroy
     return unless @user
-    Identity.by_user_id.key(@user.id).each do |identity|
-      identity.destroy
-    end
+    Identity.disable_all_for(@user)
     @user.destroy
   end
 
@@ -54,4 +57,7 @@ class Account
     @new_identity.try(:save) && @old_identity.try(:save)
   end
 
+  # You can hook into the account lifecycle from different engines using
+  #   ActiveSupport.on_load(:account) do ...
+  ActiveSupport.run_load_hooks(:account, self)
 end
diff --git a/users/app/models/identity.rb b/users/app/models/identity.rb
index e0a24e9..97966d0 100644
--- a/users/app/models/identity.rb
+++ b/users/app/models/identity.rb
@@ -27,6 +27,17 @@ class Identity < CouchRest::Model::Base
         emit(doc.address, doc.keys["pgp"]);
       }
     EOJS
+    view :disabled,
+      map: <<-EOJS
+      function(doc) {
+        if (doc.type != 'Identity') {
+          return;
+        }
+        if (typeof doc.user_id === "undefined") {
+          emit(doc._id, 1);
+        }
+      }
+    EOJS
 
   end
 
@@ -50,6 +61,19 @@ class Identity < CouchRest::Model::Base
     identity
   end
 
+  def self.disable_all_for(user)
+    Identity.by_user_id.key(user.id).each do |identity|
+      identity.disable
+      identity.save
+    end
+  end
+
+  def self.destroy_all_disabled
+    Identity.disabled.each do |identity|
+      identity.destroy
+    end
+  end
+
   def self.attributes_from_user(user)
     { user_id: user.id,
       address: user.email_address,
@@ -57,6 +81,15 @@ class Identity < CouchRest::Model::Base
     }
   end
 
+  def enabled?
+    self.destination && self.user_id
+  end
+
+  def disable
+    self.destination = nil
+    self.user_id = nil
+  end
+
   def keys
     read_attribute('keys') || HashWithIndifferentAccess.new
   end
@@ -93,7 +126,8 @@ class Identity < CouchRest::Model::Base
   end
 
   def destination_email
-    return if destination.valid? #this ensures it is Email
+    return if destination.nil?   # this identity is disabled
+    return if destination.valid? # this ensures it is Email
     self.errors.add(:destination, destination.errors.messages[:email].first) #assumes only one error #TODO
   end
 
diff --git a/users/app/models/token.rb b/users/app/models/token.rb
index dd87344..001eb40 100644
--- a/users/app/models/token.rb
+++ b/users/app/models/token.rb
@@ -11,6 +11,25 @@ class Token < CouchRest::Model::Base
 
   validates :user_id, presence: true
 
+  design do
+    view :by_last_seen_at
+  end
+
+  def self.expires_after
+    APP_CONFIG[:auth] && APP_CONFIG[:auth][:token_expires_after]
+  end
+
+  def self.expired
+    return [] unless expires_after
+    by_last_seen_at.endkey(expires_after.minutes.ago)
+  end
+
+  def self.destroy_all_expired
+    self.expired.each do |token|
+      token.destroy
+    end
+  end
+
   def authenticate
     if expired?
       destroy
@@ -27,21 +46,16 @@ class Token < CouchRest::Model::Base
   end
 
   def expired?
-    expires_after and
-    last_seen_at + expires_after.minutes < Time.now
-  end
-
-  def expires_after
-    APP_CONFIG[:auth] && APP_CONFIG[:auth][:token_expires_after]
+    Token.expires_after and
+    last_seen_at < Token.expires_after.minutes.ago
   end
 
   def initialize(*args)
     super
-    self.id = SecureRandom.urlsafe_base64(32).gsub(/^_*/, '')
-    self.last_seen_at = Time.now
-  end
-
-  design do
+    if new_record?
+      self.id = SecureRandom.urlsafe_base64(32).gsub(/^_*/, '')
+      self.last_seen_at = Time.now
+    end
   end
 end