def lost_password
(redirect_to(home_url); return) unless Setting.lost_password?
if params[:token]
- @token = Token.find_by_action_and_value("recovery", params[:token].to_s)
+ @token = Token.find_token("recovery", params[:token].to_s)
if @token.nil? || @token.expired?
redirect_to home_url
return
# Token based account activation
def activate
(redirect_to(home_url); return) unless Setting.self_registration? && params[:token].present?
- token = Token.find_by_action_and_value('register', params[:token].to_s)
+ token = Token.find_token('register', params[:token].to_s)
(redirect_to(home_url); return) unless token and !token.expired?
user = token.user
(redirect_to(home_url); return) unless user.registered?
# Returns the active user who owns the key for the given action
def self.find_active_user(action, key, validity_days=nil)
+ user = find_user(action, key, validity_days)
+ if user && user.active?
+ user
+ end
+ end
+
+ # Returns the user who owns the key for the given action
+ def self.find_user(action, key, validity_days=nil)
+ token = find_token(action, key, validity_days)
+ if token
+ token.user
+ end
+ end
+
+ # Returns the token for action and key with an optional
+ # validity duration (in number of days)
+ def self.find_token(action, key, validity_days=nil)
action = action.to_s
key = key.to_s
- return nil unless action.present? && key =~ /\A[a-f0-9]+\z/
+ return nil unless action.present? && key =~ /\A[a-z0-9]+\z/i
- token = find_by_action_and_value(action, key)
- if token && token.user && token.user.active?
+ token = Token.where(:action => action, :value => key).first
+ if token && (token.action == action) && (token.value == key) && token.user
if validity_days.nil? || (token.created_on > validity_days.days.ago)
- token.user
+ token
end
end
end
assert_equal 2, Token.destroy_expired
end
end
+
+ def test_find_active_user_should_return_user
+ token = Token.create!(:user_id => 1, :action => 'api')
+ assert_equal User.find(1), Token.find_active_user('api', token.value)
+ end
+
+ def test_find_active_user_should_return_nil_for_locked_user
+ token = Token.create!(:user_id => 1, :action => 'api')
+ User.find(1).lock!
+ assert_nil Token.find_active_user('api', token.value)
+ end
+
+ def test_find_user_should_return_user
+ token = Token.create!(:user_id => 1, :action => 'api')
+ assert_equal User.find(1), Token.find_user('api', token.value)
+ end
+
+ def test_find_user_should_return_locked_user
+ token = Token.create!(:user_id => 1, :action => 'api')
+ User.find(1).lock!
+ assert_equal User.find(1), Token.find_user('api', token.value)
+ end
+
+ def test_find_token_should_return_the_token
+ token = Token.create!(:user_id => 1, :action => 'api')
+ assert_equal token, Token.find_token('api', token.value)
+ end
+
+ def test_find_token_should_return_the_token_with_validity
+ token = Token.create!(:user_id => 1, :action => 'api', :created_on => 1.hour.ago)
+ assert_equal token, Token.find_token('api', token.value, 1)
+ end
+
+ def test_find_token_should_return_nil_with_wrong_action
+ token = Token.create!(:user_id => 1, :action => 'feeds')
+ assert_nil Token.find_token('api', token.value)
+ end
+
+ def test_find_token_should_return_nil_with_wrong_action
+ token = Token.create!(:user_id => 1, :action => 'feeds')
+ assert_nil Token.find_token('api', Token.generate_token_value)
+ end
+
+ def test_find_token_should_return_nil_without_user
+ token = Token.create!(:user_id => 999, :action => 'api')
+ assert_nil Token.find_token('api', token.value)
+ end
+
+ def test_find_token_should_return_nil_with_validity_expired
+ token = Token.create!(:user_id => 999, :action => 'api', :created_on => 2.days.ago)
+ assert_nil Token.find_token('api', token.value, 1)
+ end
end