team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b6d5fbbc3af367fd8bbd8789e1f6ff3815c7a11d
railsgoat/app/models/user.rb
T
Joseph Mastey 8b2f93516d fix user password field to not accidentally re-encrypt itself on save 
currently this is flagged manually in one place, but there's no reason not to
let the user model handle it. this way, you can update your user model from a
console or some other area without accidentally changing your password.
2017-09-27 18:57:40 -05:00

83 lines
2.7 KiB
Ruby
Executable File
Raw Blame History

require 'encryption'
class User < ApplicationRecord
validates :password, :presence => true,
:confirmation => true,
:length => {:within => 6..40},
:on => :create,
:if => :password
validates_presence_of :email
validates_uniqueness_of :email
validates_format_of :email, :with => /.+@.+\..+/i
attr_accessor :skip_user_id_assign
before_save :assign_user_id, :on => :create
before_save :hash_password
has_one :retirement, :foreign_key => :user_id, :primary_key => :user_id, :dependent => :destroy
has_one :paid_time_off, :foreign_key => :user_id, :primary_key => :user_id, :dependent => :destroy
has_one :work_info, :foreign_key => :user_id, :primary_key => :user_id, :dependent => :destroy
has_many :performance, :foreign_key => :user_id, :primary_key => :user_id, :dependent => :destroy
has_many :messages, :foreign_key => :receiver_id, :primary_key => :user_id, :dependent => :destroy
has_many :pay, :foreign_key => :user_id, :primary_key => :user_id, :dependent => :destroy
before_create { generate_token(:auth_token) }
before_create :build_benefits_data
def build_benefits_data
build_retirement(POPULATE_RETIREMENTS.shuffle.first)
build_paid_time_off(POPULATE_PAID_TIME_OFF.shuffle.first).schedule.build(POPULATE_SCHEDULE.shuffle.first)
build_work_info(POPULATE_WORK_INFO.shuffle.first)
# Uncomment below line to use encrypted SSN(s)
#work_info.build_key_management(:iv => SecureRandom.hex(32))
performance.build(POPULATE_PERFORMANCE.shuffle.first)
end
def full_name
"#{self.first_name} #{self.last_name}"
end
=begin
# Instead of the entire user object being returned, we can use this to filter.
def as_json
super(only: [:user_id, :email, :first_name, :last_name])
end
=end
private
def self.authenticate(email, password)
auth = nil
user = find_by_email(email)
raise "#{email} doesn't exist!" if !(user)
if user.password == Digest::MD5.hexdigest(password)
auth = user
else
raise "Incorrect Password!"
end
return auth
end
def assign_user_id
unless @skip_user_id_assign.present? || self.user_id.present?
user = User.order("user_id").last
uid = if user && user.user_id && !(User.exists?(:user_id => "#{user.user_id.to_i + 1}"))
user.user_id.to_i + 1
else
1
end
self.user_id = uid.to_s if uid
end
end
def hash_password
if password.present? && password_changed?
self.password = Digest::MD5.hexdigest(password)
end
end
def generate_token(column)
begin
self[column] = Encryption.encrypt_sensitive_value(self.user_id)
end while User.exists?(column => self[column])
end
end
Reference in New Issue View Git Blame Copy Permalink