app/models/user.rb

   1 require 'digest/sha1'
   2
   3 class User < ActiveRecord::Base
   4   validates_presence_of :name
   5   validates_uniqueness_of :name
   6
   7   attr_accessor :password_confirmation
   8   validates_confirmation_of :password
   9
  10   validate :password_non_blank
  11
  12   def password
  13     @password
  14   end
  15
  16   def password=(passwd)
  17     @password = passwd
  18     return if passwd.blank?
  19     create_new_salt
  20     self.hashed_password = User.encrypted_password(self.password, self.salt)
  21   end
  22
  23   def self.authenticate(name, password)
  24     user = self.find_by_name(name)
  25     if user
  26       expected_password = encrypted_password(password, user.salt)
  27       if user.hashed_password != expected_password
  28         user = nil
  29       end
  30     end
  31     user
  32   end
  33
  34   def after_destroy
  35     if User.count.zero?
  36       raise "Can't delete last user"
  37     end
  38   end
  39
  40 private
  41
  42   def password_non_blank
  43     errors.add(:password, "Missing password" ) if hashed_password.blank?
  44   end
  45
  46   def self.encrypted_password(password, salt)
  47     string_to_hash = password + 'wibble' + salt
  48     Digest::SHA1.hexdigest string_to_hash
  49   end
  50
  51   def create_new_salt
  52     self.salt = self.object_id.to_s + rand.to_s
  53   end
  54
  55 end