summaryrefslogtreecommitdiff
path: root/users/app/models/user.rb
blob: dda5a41c27f1797a1f7f59780cd9f3ad73470fed (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
class User < CouchRest::Model::Base

  use_database :users

  property :login, String, :accessible => true
  property :password_verifier, String, :accessible => true
  property :password_salt, String, :accessible => true

  property :email_forward, String, :accessible => true
  property :email_aliases, [LocalEmail]

  property :public_key, :accessible => true

  property :enabled, TrueClass, :default => true

  validates :login, :password_salt, :password_verifier,
    :presence => true

  validates :login,
    :uniqueness => true,
    :if => :serverside?

  # Have multiple regular expression validations so we can get specific error messages:
  validates :login,
    :format => { :with => /\A.{2,}\z/,
      :message => "Login must have at least two characters"}
  validates :login,
    :format => { :with => /\A[a-z\d_\.-]+\z/,
      :message => "Only lowercase letters, digits, . - and _ allowed."}
  validates :login,
    :format => { :with => /\A[a-z].*\z/,
      :message => "Login must begin with a lowercase letter"}
  validates :login,
    :format => { :with => /\A.*[a-z\d]\z/,
      :message => "Login must end with a letter or digit"}

  validate :login_is_unique_alias

  validates :password_salt, :password_verifier,
    :format => { :with => /\A[\dA-Fa-f]+\z/, :message => "Only hex numbers allowed" }

  validates :password, :presence => true,
    :confirmation => true,
    :format => { :with => /.{8}.*/, :message => "needs to be at least 8 characters long" }

  validates :email_forward,
    :allow_blank => true,
    :format => { :with => /\A(([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,}))?\Z/, :message => "needs to be a valid email address"}

  timestamps!

  design do
    own_path = Pathname.new(File.dirname(__FILE__))
    load_views(own_path.join('..', 'designs', 'user'))
    view :by_login
    view :by_created_at
    view :pgp_key_by_handle,
      map: <<-EOJS
      function(doc) {
        if (doc.type != 'User') {
          return;
        }
        emit(doc.login, doc.public_key);
        doc.email_aliases.forEach(function(alias){
          emit(alias.username, doc.public_key);
        });
      }
    EOJS

  end # end of design

  class << self
    alias_method :find_by_param, :find
  end

  def create_identity(attribs = {}, &block)
    build_identity(attribs, &block)
    identity.save
    identity
  end

  def build_identity(attribs = {}, &block)
    attribs.reverse_merge! user_id: self.id,
      address: self.email_address,
      destination: self.email_address
    Identity.new(attribs, &block)
  end

  def to_param
    self.id
  end

  def to_json(options={})
    {
      :login => login,
      :ok => valid?
    }.to_json(options)
  end

  def salt
    password_salt.hex
  end

  def verifier
    password_verifier.hex
  end

  def username
    login
  end

  def email_address
    LocalEmail.new(login)
  end

  # Since we are storing admins by login, we cannot allow admins to change their login.
  def is_admin?
    APP_CONFIG['admins'].include? self.login
  end

  # this currently only adds the first email address submitted.
  # All the ui needs for now.
  def email_aliases_attributes=(attrs)
    email_aliases.build(attrs.values.first) if attrs
  end

  def most_recent_tickets(count=3)
    Ticket.for_user(self).limit(count).all #defaults to having most recent updated first
  end

  protected

  ##
  #  Validation Functions
  ##

  def login_is_unique_alias
    has_alias = User.find_by_login_or_alias(username)
    return if has_alias.nil?
    if has_alias != self
      errors.add(:login, "has already been taken")
    elsif has_alias.login != self.login
      errors.add(:login, "may not be the same as one of your aliases")
    end
  end

  def password
    password_verifier
  end

  # used as a condition for validations that are server side only
  def serverside?
    true
  end
end