summaryrefslogtreecommitdiff
path: root/app/models/account.rb
blob: d77c61f52b562212ede08c76eba0ddc968aff246 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
#
# The Account model takes care of the lifecycle of a user.
# It composes a User record and it's identity records.
# It also allows for other engines to hook into the lifecycle by
# monkeypatching the create, update and destroy methods.
# There's an ActiveSupport load_hook at the end of this file to
# make this more easy.
#
class Account

  attr_reader :user

  def initialize(user = nil)
    @user = user
  end

  #
  # Creates a new user, with matching identity record.
  #
  # Returns the user record so it can be used in views.
  #
  # options:
  #
  #  :invite_required -- if 'false', will overrides app-wide
  #                      configuration by same name.
  #
  def self.create(attrs, options={})
    User.new(attrs).tap do |user|
      self.new(user).create(options)
    end
  end

  def create(options={})
    identity = nil
    if options[:invite_required] == false
      user.ignore_invites!
    end
    user.save

    # this is not very atomic, but we do the best we can:
    return unless user.persisted?
    if !user.is_tmp?
      identity = user.identity
      identity.user_id = user.id
      identity.save
      identity.errors.each do |attr, msg|
        user.errors.add(attr, msg)
      end
    end
    consume_invite_code if user.invite_required?
  rescue VALIDATION_FAILED => ex
    user.errors.add(:base, ex.to_s)
  ensure
    if creation_problem?(identity)
      user.destroy     if user     && user.persisted?
      identity.destroy if identity && identity.persisted?
    end
  end

  def update(attrs)
    if attrs[:password_verifier].present?
      update_login(attrs[:login])
      user.update_attributes attrs.slice(:password_verifier, :password_salt)
    end
    if attrs[:recovery_code_verifier].present?
      user.update_attributes attrs.slice(:recovery_code_verifier, :recovery_code_salt)
    end
    # TODO: move into identity controller
    key = update_pgp_key(attrs[:public_key])
    user.errors.set :public_key, key.errors.full_messages
    user.save && save_identities
    user.refresh_identity
  end

  def destroy(release_handles=false)
    return unless user
    if !user.is_tmp?
      user.identities.each do |id|
        if release_handles == false
          id.orphan!
        else
          id.destroy
        end
      end
    end
    user.destroy
  end

  # when a user is disable, all their data and associations remain
  # in place, but the user should not be able to send email or
  # create new authentication certificates.
  def disable
    if user && !user.is_tmp?
      user.enabled = false
      user.save
      user.identities.each do |id|
        id.disable!
      end
    end
  end

  def enable
    user.enabled = true
    user.save
    user.identities.each do |id|
      id.enable!
    end
  end

  protected

  attr_reader :user

  def consume_invite_code
    invite_code = InviteCode.find_by_invite_code user.invite_code
    if user.is_test? && invite_code.max_uses == 1
      invite_code.destroy
    else
      invite_code.invite_count += 1
      invite_code.save
    end
  end

  def update_login(login)
    return unless login.present?
    @old_identity = Identity.for(user)
    user.login = login
    @new_identity = Identity.for(user) # based on the new login
    @old_identity.destination = user.email_address # alias old -> new
  end

  def update_pgp_key(key)
    PgpKey.new(key).tap do |key|
      if key.present? && key.valid?
        @new_identity ||= Identity.for(user)
        @new_identity.set_key(:pgp, key)
      end
    end
  end

  def save_identities
    @new_identity.try(:save) && @old_identity.try(:save)
  end

  def creation_problem?(identity)
    return true if user.nil? || !user.persisted? || user.errors.any?
    if !user.is_tmp?
      return true if identity.nil? || !identity.persisted? || identity.errors.any?
    end
    return false
  end

  # You can hook into the account lifecycle from different engines using
  #   ActiveSupport.on_load(:account) do ...
  ActiveSupport.run_load_hooks(:account, self)
end