summaryrefslogtreecommitdiff
path: root/users/app/models/user.rb
blob: b531dfdb46db30981753dce3a86c2200c529c4fc (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
class User < CouchRest::Model::Base

  property :login, String, :accessible => true
  property :password_verifier, String, :accessible => true
  property :password_salt, String, :accessible => true

  property :email, String, :accessible => true
  property :email_forward, String, :accessible => true
  property :email_aliases, [LocalEmail]

  validates :login, :password_salt, :password_verifier,
    :presence => true

  validates :login,
    :uniqueness => true,
    :if => :serverside?

  validates :login,
    :format => { :with => /\A[A-Za-z\d_]+\z/,
      :message => "Only letters, digits and _ allowed" }

  validates :password_salt, :password_verifier,
    :format => { :with => /\A[\dA-Fa-f]+\z/, :message => "Only hex numbers allowed" }

  validates :password, :presence => true,
    :confirmation => true,
    :format => { :with => /.{8}.*/, :message => "needs to be at least 8 characters long" }

  # TODO: write a proper email validator to be used in the different places
  validates :email,
    :format => { :with => /\A(([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,}))?\Z/, :message => "needs to be a valid email address"}

  validates :email_forward,
    :format => { :with => /\A(([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,}))?\Z/, :message => "needs to be a valid email address"}

  validate :no_duplicate_email_aliases

  validate :email_aliases_differ_from_email

  timestamps!

  design do
    view :by_login
    view :by_created_at
    view :by_email
    view :by_email_alias,
      :map => <<-EOJS
    function(doc) {
      if (doc.type != 'User') {
        return;
      }
      doc.email_aliases.forEach(function(alias){
        emit(alias.email, doc);
      });
    }
    EOJS
    view :by_email_or_alias,
      :map => <<-EOJS
    function(doc) {
      if (doc.type != 'User') {
        return;
      }
      if (doc.email) {
        emit(doc.email, doc);
      }
      doc.email_aliases.forEach(function(alias){
        emit(alias.email, doc);
      });
    }
    EOJS
  end

  class << self
    alias_method :find_by_param, :find

    # valid set of attributes for testing
    def valid_attributes_hash
      { :login => "me",
        :password_verifier => "1234ABCD",
        :password_salt => "4321AB" }
    end

  end

  alias_method :to_param, :id

  def to_json(options={})
    {
      :login => login,
      :ok => valid?
    }.to_json(options)
  end

  def initialize_auth(aa)
    return SRP::Session.new(self, aa)
  end

  def salt
    password_salt.hex
  end

  def verifier
    password_verifier.hex
  end

  def username
    login
  end

  # Since we are storing admins by login, we cannot allow admins to change their login.
  def is_admin?
    APP_CONFIG['admins'].include? self.login
  end

  def add_email(email)
    email = LocalEmail.new(email) unless email.is_a? Email
    email_aliases << email
  end

  # this currently only adds the first email address submitted.
  # All the ui needs for now.
  def email_aliases_attributes=(attrs)
    if attrs && attrs.values.first
      add_email attrs.values.first
    end
  end

  ##
  #  Validation Functions
  ##

  # TODO: How do we handle these errors?
  def no_duplicate_email_aliases
    if email_aliases.count != email_aliases.map(&:email).uniq.count
      errors.add(:email_aliases, "include a duplicate")
    end
  end

  def email_aliases_differ_from_email
    if email_aliases.map(&:email).include?(email)
      errors.add(:email_aliases, "include the original email address")
    end
  end

  protected
  def password
    password_verifier
  end

  # used as a condition for validations that are server side only
  def serverside?
    true
  end
end