change Authentication constants to mattr_accessors to allow them to b…

…e customized in apps. also, force logins and emails to be downcased (be nice to your db)
fmiopensource · Aug 25, 2008 · 2088121 · 2088121
1 parent e2c59ca
commit 2088121
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 25 deletions.
diff --git a/generators/authenticated/templates/model.rb b/generators/authenticated/templates/model.rb
@@ -10,16 +10,16 @@ class <%= class_name %> < ActiveRecord::Base
   include Authorization::StatefulRoles<% end %>
   validates_presence_of     :login
   validates_length_of       :login,    :within => 3..40
-  validates_uniqueness_of   :login,    :case_sensitive => false
-  validates_format_of       :login,    :with => RE_LOGIN_OK, :message => MSG_LOGIN_BAD
+  validates_uniqueness_of   :login
+  validates_format_of       :login,    :with => Authentication.login_regex, :message => Authentication.bad_login_message
 
-  validates_format_of       :name,     :with => RE_NAME_OK,  :message => MSG_NAME_BAD, :allow_nil => true
+  validates_format_of       :name,     :with => Authentication.name_regex,  :message => Authentication.bad_name_message, :allow_nil => true
   validates_length_of       :name,     :maximum => 100
 
   validates_presence_of     :email
   validates_length_of       :email,    :within => 6..100 #r@a.wk
-  validates_uniqueness_of   :email,    :case_sensitive => false
-  validates_format_of       :email,    :with => RE_EMAIL_OK, :message => MSG_EMAIL_BAD
+  validates_uniqueness_of   :email
+  validates_format_of       :email,    :with => Authentication.email_regex, :message => Authentication.bad_email_message
 
   <% if options[:include_activation] && !options[:stateful] %>before_create :make_activation_code <% end %>
 
@@ -54,12 +54,21 @@ def active?
   # This will also let us return a human error message.
   #
   def self.authenticate(login, password)
+    return nil if login.blank? || password.blank?
     u = <% if    options[:stateful]           %>find_in_state :first, :active, :conditions => {:login => login}<%
            elsif options[:include_activation] %>find :first, :conditions => ['login = ? and activated_at IS NOT NULL', login]<%
            else %>find_by_login(login)<% end %> # need to get the salt
     u && u.authenticated?(password) ? u : nil
   end
 
+  def login=(value)
+    write_attribute :login, (value ? value.downcase : nil)
+  end
+
+  def email=(value)
+    write_attribute :email, (value ? value.downcase : nil)
+  end
+
   protected
 
 <% if options[:include_activation] -%>

diff --git a/lib/authentication.rb b/lib/authentication.rb
@@ -1,24 +1,22 @@
 module Authentication
-  unless defined? CONSTANTS_DEFINED
-    # Uncomment to suit
-    RE_LOGIN_OK     = /\A\w[\w\.\-_@]+\z/                     # ASCII, strict
-    # RE_LOGIN_OK   = /\A[[:alnum:]][[:alnum:]\.\-_@]+\z/     # Unicode, strict
-    # RE_LOGIN_OK   = /\A[^[:cntrl:]\\<>\/&]*\z/              # Unicode, permissive
-    MSG_LOGIN_BAD   = "use only letters, numbers, and .-_@ please."
-
-    RE_NAME_OK      = /\A[^[:cntrl:]\\<>\/&]*\z/              # Unicode, permissive
-    MSG_NAME_BAD    = "avoid non-printing characters and \\&gt;&lt;&amp;/ please."
-
-    # This is purposefully imperfect -- it's just a check for bogus input. See
-    # http://www.regular-expressions.info/email.html
-    RE_EMAIL_NAME   = '[\w\.%\+\-]+'                          # what you actually see in practice
-    #RE_EMAIL_NAME   = '0-9A-Z!#\$%\&\'\*\+_/=\?^\-`\{|\}~\.' # technically allowed by RFC-2822
-    RE_DOMAIN_HEAD  = '(?:[A-Z0-9\-]+\.)+'
-    RE_DOMAIN_TLD   = '(?:[A-Z]{2}|com|org|net|edu|gov|mil|biz|info|mobi|name|aero|jobs|museum)'
-    RE_EMAIL_OK     = /\A#{RE_EMAIL_NAME}@#{RE_DOMAIN_HEAD}#{RE_DOMAIN_TLD}\z/i
-    MSG_EMAIL_BAD   = "should look like an email address."
-    CONSTANTS_DEFINED = true # sorry for the C idiom
-  end
+  mattr_accessor :login_regex, :bad_login_message, 
+    :name_regex, :bad_name_message,
+    :email_name_regex, :domain_head_regex, :domain_tld_regex, :email_regex, :bad_email_message
+
+  self.login_regex       = /\A\w[\w\.\-_@]+\z/                     # ASCII, strict
+  # self.login_regex       = /\A[[:alnum:]][[:alnum:]\.\-_@]+\z/     # Unicode, strict
+  # self.login_regex       = /\A[^[:cntrl:]\\<>\/&]*\z/              # Unicode, permissive
+
+  self.bad_login_message = "use only letters, numbers, and .-_@ please.".freeze
+
+  self.name_regex        = /\A[^[:cntrl:]\\<>\/&]*\z/              # Unicode, permissive
+  self.bad_name_message  = "avoid non-printing characters and \\&gt;&lt;&amp;/ please.".freeze
+
+  self.email_name_regex  = '[\w\.%\+\-]+'.freeze
+  self.domain_head_regex = '(?:[A-Z0-9\-]+\.)+'.freeze
+  self.domain_tld_regex  = '(?:[A-Z]{2}|com|org|net|edu|gov|mil|biz|info|mobi|name|aero|jobs|museum)'.freeze
+  self.email_regex       = /\A#{email_name_regex}@#{domain_head_regex}#{domain_tld_regex}\z/i
+  self.bad_email_message = "should look like an email address.".freeze
 
   def self.included(recipient)
     recipient.extend(ModelClassMethods)