@@ -10,16 +10,16 @@ class <%= class_name %> < ActiveRecord::Base include Authorization::StatefulRoles<% end %> validates_presence_of :login validates_length_of :login, :within => 3..40 - validates_uniqueness_of :login, :case_sensitive => false - validates_format_of :login, :with => RE_LOGIN_OK, :message => MSG_LOGIN_BAD + validates_uniqueness_of :login + validates_format_of :login, :with => Authentication.login_regex, :message => Authentication.bad_login_message - validates_format_of :name, :with => RE_NAME_OK, :message => MSG_NAME_BAD, :allow_nil => true + validates_format_of :name, :with => Authentication.name_regex, :message => Authentication.bad_name_message, :allow_nil => true validates_length_of :name, :maximum => 100 validates_presence_of :email validates_length_of :email, :within => 6..100 #r@a.wk - validates_uniqueness_of :email, :case_sensitive => false - validates_format_of :email, :with => RE_EMAIL_OK, :message => MSG_EMAIL_BAD + validates_uniqueness_of :email + validates_format_of :email, :with => Authentication.email_regex, :message => Authentication.bad_email_message <% if options[:include_activation] && !options[:stateful] %>before_create :make_activation_code <% end %> @@ -54,12 +54,21 @@ class <%= class_name %> < ActiveRecord::Base # This will also let us return a human error message. # def self.authenticate(login, password) + return nil if login.blank? || password.blank? u = <% if options[:stateful] %>find_in_state :first, :active, :conditions => {:login => login}<% elsif options[:include_activation] %>find :first, :conditions => ['login = ? and activated_at IS NOT NULL', login]<% else %>find_by_login(login)<% end %> # need to get the salt u && u.authenticated?(password) ? u : nil end + def login=(value) + write_attribute :login, (value ? value.downcase : nil) + end + + def email=(value) + write_attribute :email, (value ? value.downcase : nil) + end + protected <% if options[:include_activation] -%> generators/authenticated/templates/model.rb @@ -1,24 +1,22 @@ module Authentication - unless defined? CONSTANTS_DEFINED - # Uncomment to suit - RE_LOGIN_OK = /\A\w[\w\.\-_@]+\z/ # ASCII, strict - # RE_LOGIN_OK = /\A[[:alnum:]][[:alnum:]\.\-_@]+\z/ # Unicode, strict - # RE_LOGIN_OK = /\A[^[:cntrl:]\\<>\/&]*\z/ # Unicode, permissive - MSG_LOGIN_BAD = "use only letters, numbers, and .-_@ please." - - RE_NAME_OK = /\A[^[:cntrl:]\\<>\/&]*\z/ # Unicode, permissive - MSG_NAME_BAD = "avoid non-printing characters and \\&gt;&lt;&amp;/ please." - - # This is purposefully imperfect -- it's just a check for bogus input. See - # http://www.regular-expressions.info/email.html - RE_EMAIL_NAME = '[\w\.%\+\-]+' # what you actually see in practice - #RE_EMAIL_NAME = '0-9A-Z!#\$%\&\'\*\+_/=\?^\-`\{|\}~\.' # technically allowed by RFC-2822 - RE_DOMAIN_HEAD = '(?:[A-Z0-9\-]+\.)+' - RE_DOMAIN_TLD = '(?:[A-Z]{2}|com|org|net|edu|gov|mil|biz|info|mobi|name|aero|jobs|museum)' - RE_EMAIL_OK = /\A#{RE_EMAIL_NAME}@#{RE_DOMAIN_HEAD}#{RE_DOMAIN_TLD}\z/i - MSG_EMAIL_BAD = "should look like an email address." - CONSTANTS_DEFINED = true # sorry for the C idiom - end + mattr_accessor :login_regex, :bad_login_message, + :name_regex, :bad_name_message, + :email_name_regex, :domain_head_regex, :domain_tld_regex, :email_regex, :bad_email_message + + self.login_regex = /\A\w[\w\.\-_@]+\z/ # ASCII, strict + # self.login_regex = /\A[[:alnum:]][[:alnum:]\.\-_@]+\z/ # Unicode, strict + # self.login_regex = /\A[^[:cntrl:]\\<>\/&]*\z/ # Unicode, permissive + + self.bad_login_message = "use only letters, numbers, and .-_@ please.".freeze + + self.name_regex = /\A[^[:cntrl:]\\<>\/&]*\z/ # Unicode, permissive + self.bad_name_message = "avoid non-printing characters and \\&gt;&lt;&amp;/ please.".freeze + + self.email_name_regex = '[\w\.%\+\-]+'.freeze + self.domain_head_regex = '(?:[A-Z0-9\-]+\.)+'.freeze + self.domain_tld_regex = '(?:[A-Z]{2}|com|org|net|edu|gov|mil|biz|info|mobi|name|aero|jobs|museum)'.freeze + self.email_regex = /\A#{email_name_regex}@#{domain_head_regex}#{domain_tld_regex}\z/i + self.bad_email_message = "should look like an email address.".freeze def self.included(recipient) recipient.extend(ModelClassMethods) lib/authentication.rb e2c59cad93265d067d808d092089a9d4597d7fcd rick technoweenie@gmail.com http://github.com/quirkey/restful-authentication/commit/20881213f76c8c8e817e18a7b276555922bb69f5 20881213f76c8c8e817e18a7b276555922bb69f5 2008-08-25T09:51:32-07:00 2008-08-25T09:51:32-07:00 change Authentication constants to mattr_accessors to allow them to be customized in apps. also, force logins and emails to be downcased (be nice to your db) 70b08ded9abf6a130047dc98d7f7c96487951708 rick technoweenie@gmail.com