1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
|
class User < CouchRest::Model::Base
use_database :users
property :login, String, :accessible => true
property :password_verifier, String, :accessible => true
property :password_salt, String, :accessible => true
property :email_forward, String, :accessible => true
property :email_aliases, [LocalEmail]
property :public_key, :accessible => true
property :enabled, TrueClass, :default => true
validates :login, :password_salt, :password_verifier,
:presence => true
validates :login,
:uniqueness => true,
:if => :serverside?
# Have multiple regular expression validations so we can get specific error messages:
validates :login,
:format => { :with => /\A.{2,}\z/,
:message => "Login must have at least two characters"}
validates :login,
:format => { :with => /\A[a-z\d_\.-]+\z/,
:message => "Only lowercase letters, digits, . - and _ allowed."}
validates :login,
:format => { :with => /\A[a-z].*\z/,
:message => "Login must begin with a lowercase letter"}
validates :login,
:format => { :with => /\A.*[a-z\d]\z/,
:message => "Login must end with a letter or digit"}
validate :login_is_unique_alias
validates :password_salt, :password_verifier,
:format => { :with => /\A[\dA-Fa-f]+\z/, :message => "Only hex numbers allowed" }
validates :password, :presence => true,
:confirmation => true,
:format => { :with => /.{8}.*/, :message => "needs to be at least 8 characters long" }
validates :email_forward,
:format => { :with => /\A(([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,}))?\Z/, :message => "needs to be a valid email address"}
timestamps!
design do
own_path = Pathname.new(File.dirname(__FILE__))
load_views(own_path.join('..', 'designs', 'user'))
view :by_login
view :by_created_at
view :pgp_key_by_handle,
map: <<-EOJS
function(doc) {
if (doc.type != 'User') {
return;
}
emit(doc.login, doc.public_key);
doc.email_aliases.forEach(function(alias){
emit(alias.username, doc.public_key);
});
}
EOJS
end # end of design
class << self
alias_method :find_by_param, :find
end
def to_param
self.id
end
def to_json(options={})
{
:login => login,
:ok => valid?
}.to_json(options)
end
def salt
password_salt.hex
end
def verifier
password_verifier.hex
end
def username
login
end
def email_address
LocalEmail.new(login)
end
# Since we are storing admins by login, we cannot allow admins to change their login.
def is_admin?
APP_CONFIG['admins'].include? self.login
end
# this currently only adds the first email address submitted.
# All the ui needs for now.
def email_aliases_attributes=(attrs)
email_aliases.build(attrs.values.first) if attrs
end
def most_recent_tickets(count=3)
Ticket.for_user(self).limit(count).all #defaults to having most recent updated first
end
protected
##
# Validation Functions
##
def login_is_unique_alias
has_alias = User.find_by_login_or_alias(username)
return if has_alias.nil?
if has_alias != self
errors.add(:login, "has already been taken")
elsif has_alias.login != self.login
errors.add(:login, "may not be the same as one of your aliases")
end
end
def password
password_verifier
end
# used as a condition for validations that are server side only
def serverside?
true
end
end
|