summaryrefslogtreecommitdiff
path: root/app/models
diff options
context:
space:
mode:
Diffstat (limited to 'app/models')
-rw-r--r--app/models/alert.rb2
-rw-r--r--app/models/game_setting.rb2
-rw-r--r--app/models/match.rb6
-rw-r--r--app/models/pm.rb4
-rw-r--r--app/models/remote_username.rb4
-rw-r--r--app/models/score.rb4
-rw-r--r--app/models/session.rb41
-rw-r--r--app/models/team.rb6
-rw-r--r--app/models/tournament.rb2
-rw-r--r--app/models/tournament_preference.rb2
-rw-r--r--app/models/user.rb74
11 files changed, 63 insertions, 84 deletions
diff --git a/app/models/alert.rb b/app/models/alert.rb
index 343c269..0516355 100644
--- a/app/models/alert.rb
+++ b/app/models/alert.rb
@@ -1,3 +1,3 @@
class Alert < ActiveRecord::Base
- belongs_to :author
+ belongs_to :author
end
diff --git a/app/models/game_setting.rb b/app/models/game_setting.rb
index e147b15..bff8d97 100644
--- a/app/models/game_setting.rb
+++ b/app/models/game_setting.rb
@@ -1,3 +1,3 @@
class GameSetting < ActiveRecord::Base
- belongs_to :game
+ belongs_to :game
end
diff --git a/app/models/match.rb b/app/models/match.rb
index 782dce8..35deb20 100644
--- a/app/models/match.rb
+++ b/app/models/match.rb
@@ -1,8 +1,8 @@
class Match < ActiveRecord::Base
- belongs_to :tournament
+ belongs_to :tournament
- has_and_belongs_to_many :teams
+ has_and_belongs_to_many :teams
- belongs_to :winner, class_name: "Team"
+ belongs_to :winner, class_name: "Team"
end
diff --git a/app/models/pm.rb b/app/models/pm.rb
index ab5af3b..9fce2b3 100644
--- a/app/models/pm.rb
+++ b/app/models/pm.rb
@@ -1,4 +1,4 @@
class Pm < ActiveRecord::Base
- belongs_to :author
- belongs_to :recipient
+ belongs_to :author
+ belongs_to :recipient
end
diff --git a/app/models/remote_username.rb b/app/models/remote_username.rb
index 94e5063..c477f8a 100644
--- a/app/models/remote_username.rb
+++ b/app/models/remote_username.rb
@@ -1,4 +1,4 @@
class RemoteUsername < ActiveRecord::Base
- belongs_to :game
- belongs_to :user
+ belongs_to :game
+ belongs_to :user
end
diff --git a/app/models/score.rb b/app/models/score.rb
index a9b9c71..11ee9a6 100644
--- a/app/models/score.rb
+++ b/app/models/score.rb
@@ -1,4 +1,4 @@
class Score < ActiveRecord::Base
- belongs_to :user
- belongs_to :match
+ belongs_to :user
+ belongs_to :match
end
diff --git a/app/models/session.rb b/app/models/session.rb
index c66afec..f5e642b 100644
--- a/app/models/session.rb
+++ b/app/models/session.rb
@@ -1,3 +1,42 @@
class Session < ActiveRecord::Base
- belongs_to :user
+ belongs_to :user
+
+ ##
+ # Create a random remember token for the user. This will be
+ # changed every time the user creates a new session.
+ #
+ # If you want this value, hang on to it; the raw value is
+ # discarded afterward.
+ #
+ # By changing the cookie every new session, any hijacked sessions
+ # (where the attacker steals a cookie to sign in as a certain
+ # user) will expire the next time the user signs back in.
+ #
+ # The random string is of length 16 composed of A-Z, a-z, 0-9
+ # This is the browser's cookie value.
+ def create_token()
+ t = SecureRandom.urlsafe_base64
+ self.token = Session.hash_token(t)
+ t
+ end
+
+ ##
+ # Encrypt the remember token.
+ # This is the encrypted version of the cookie stored on
+ # the database.
+ #
+ # The reasoning for storing a hashed token is so that even if
+ # the database is compromised, the attacker won't be able to use
+ # the remember tokens to sign in.
+ def Session.hash_token(token)
+ # SHA-1 (Secure Hash Algorithm) is a US engineered hash
+ # function that produces a 20 byte hash value which typically
+ # forms a hexadecimal number 40 digits long.
+ # The reason I am not using the Bcrypt algorithm is because
+ # SHA-1 is much faster and I will be calling this on
+ # every page a user accesses.
+ #
+ # https://en.wikipedia.org/wiki/SHA-1
+ Digest::SHA1.hexdigest(token.to_s)
+ end
end
diff --git a/app/models/team.rb b/app/models/team.rb
index 2348de5..7aae7c2 100644
--- a/app/models/team.rb
+++ b/app/models/team.rb
@@ -1,5 +1,5 @@
class Team < ActiveRecord::Base
- belongs_to :match
- has_and_belongs_to_many :matches
- has_and_belongs_to_many :users
+ belongs_to :match
+ has_and_belongs_to_many :matches
+ has_and_belongs_to_many :users
end
diff --git a/app/models/tournament.rb b/app/models/tournament.rb
index 21dc9bb..87b516e 100644
--- a/app/models/tournament.rb
+++ b/app/models/tournament.rb
@@ -43,6 +43,4 @@ class Tournament < ActiveRecord::Base
end
end
end
-
-
end
diff --git a/app/models/tournament_preference.rb b/app/models/tournament_preference.rb
index 1f335e3..3d15061 100644
--- a/app/models/tournament_preference.rb
+++ b/app/models/tournament_preference.rb
@@ -1,3 +1,3 @@
class TournamentPreference < ActiveRecord::Base
- belongs_to :tournament
+ belongs_to :tournament
end
diff --git a/app/models/user.rb b/app/models/user.rb
index 6e439fb..277d885 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -2,17 +2,14 @@ class User < ActiveRecord::Base
has_and_belongs_to_many :tournaments_played, class_name: "Tournament", foreign_key: "player_id", join_table: "players_tournaments"
has_and_belongs_to_many :tournaments_hosted, class_name: "Tournament", foreign_key: "host_id", join_table: "hosts_tournaments"
has_and_belongs_to_many :teams
+ has_many :sessions
before_save { self.email = email.downcase }
before_save { self.user_name = user_name }
- ##
- # Rails looks for the create_remember_token and runs the method
- # before anything else.
- #
- # This method cannot be called by a user since it is denoted
- # as private.
- before_create :create_remember_token
+ def after_initialize
+ self.permissions = 0
+ end
def in_group?(group)
case group
@@ -77,11 +74,11 @@ class User < ActiveRecord::Base
# validity
validates(:name, presence: true, length: { maximum: 50 })
validates(:email, presence: true, format: {with:
- VALID_EMAIL_REG},
- uniqueness: { case_sensitive: false })
+ VALID_EMAIL_REG},
+ uniqueness: { case_sensitive: false })
validates(:user_name, presence: true, length:{maximum: 50},
- format: {with: VALID_USER_NAME_REG },
- uniqueness: {case_sensitive: false })
+ format: {with: VALID_USER_NAME_REG },
+ uniqueness: {case_sensitive: false })
##
# Instead of adding password and password_confirmation
@@ -93,59 +90,4 @@ class User < ActiveRecord::Base
has_secure_password
validates :password, length: { minimum: 6 }
-
- ##
- # Create a random remember token for the user. This will be
- # changed every time the user creates a new session.
- #
- # By changing the cookie every new session, any hijacked sessions
- # (where the attacker steals a cookie to sign in as a certain
- # user) will expire the next time the user signs back in.
- #
- # The random string is of length 16 composed of A-Z, a-z, 0-9
- # This is the browser's cookie value.
- def User.new_remember_token
- SecureRandom.urlsafe_base64
- end
-
- ##
- # Encrypt the remember token.
- # This is the encrypted version of the cookie stored on
- # the database.
- #
- # The reasoning for storing a hashed token is so that even if
- # the database is compromised, the attacker won't be able to use
- # the remember tokens to sign in.
- def User.hash(token)
- Digest::SHA1.hexdigest(token.to_s)
- end
-
- ##
- # SHA-1 (Secure Hash Algorithm) is a US engineered hash
- # function that produces a 20 byte hash value which typically
- # forms a hexadecimal number 40 digits long.
- # The reason I am not using the Bcrypt algorithm is because
- # SHA-1 is much faster and I will be calling this on
- # every page a user accesses.
- #
- # https://en.wikipedia.org/wiki/SHA-1
-
-
- # Everything under private is hidden so you cannot call.
- private
-
- ##
- # Create_remember_token in order to ensure a user always has
- # a remember token.
- def create_remember_token
- self.remember_token = User.hash(User.new_remember_token)
- end
-
- ##
- # In order to ensure that someone did not accidentally submit
- # two accounts rapidly (which would throw off the validates
- # for user_name and email), I added an index to the Users
- # email and user_name in the database to ensure uniqueness
- # This also gives and index to the user_name and email
- # so finding a user SHOULD be easier for the database.
end