diff options
Diffstat (limited to 'app/models')
-rw-r--r-- | app/models/game.rb | 1 | ||||
-rw-r--r-- | app/models/user.rb | 119 |
2 files changed, 120 insertions, 0 deletions
diff --git a/app/models/game.rb b/app/models/game.rb index a181c26..b3b6977 100644 --- a/app/models/game.rb +++ b/app/models/game.rb @@ -1,2 +1,3 @@ class Game < ActiveRecord::Base + has_many :game_attributes end diff --git a/app/models/user.rb b/app/models/user.rb index 4a57cf0..a4fafa0 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -1,2 +1,121 @@ class User < ActiveRecord::Base + + before_save { self.email = email.downcase } + before_save { self.user_name = user_name.downcase } + + ## + # Rails looks for the create_remember_token and runs the method + # before anything else. + # + # This method cannot be called by a user since it is denoted + # as private. + before_create :create_remember_token + + ## + # VAILD_EMAIL is the regex used to valid a user given email. + # + # A break down of the regex is listed below. + # + # / -------------> Start of the regex + # \A ------------> match start of a string + # [\w+\-.]+ -----> at least one owrd character, plus, hyphen, + # or dot + # @ -------------> literal ampersand + # [a-z\d\-.]+ ---> at least one letter, digit, hyphen, or dot + # (?:\.[a-z]+) --> ensures that the error of example@foo..com + # does not occur + # \z ------------> match end of a string + # / -------------> end of the regex + # i -------------> case insensative + VALID_EMAIL_REG = /\A[\w+\-.]+@[a-z\d\-.]+(?:\.[a-z]+)\z/i + + ## + # VALID_USER_NAME checks to make sure a user's user_name + # is in the proper format. + VALID_USER_NAME_REG = /[a-zA-Z0-9\-]/ + + ## + # The following lines put a user accout through a series of + # validations in order to make sure all of their information + # is in the proper format. + # + # validates :symbol_to_be_valided + # + # - presence: determines whether or not a symbol is filled or not + # - length: ensures there is a length limit on the symbol + # - format: checks the format of given information to ensure + # validity + validates(:name, presence: true, length: { maximum: 50 }) + validates(:email, presence: true, format: {with: + VALID_EMAIL_REG}, + uniqueness: { case_sensitive: false }) + validates(:user_name, presence: true, length:{maximum: 50}, + format: {with: VALID_USER_NAME_REG }, + uniqueness: {case_sensitive: false }) + + ## + # Instead of adding password and password_confirmation + # attributes, requiring the presence of a password, + # requirin that pw and pw_com match, and add an authenticate + # method to compare an encrypted password to the + # password_digest to authenticate users, I can just add + # has_secure_password which does all of this for me. + has_secure_password + + validates :password, length: { minimum: 6 } + + ## + # Create a random remember token for the user. This will be + # changed every time the user creates a new session. + # + # By changing the cookie every new session, any hijacked sessions + # (where the attacker steals a cookie to sign in as a certain + # user) will expire the next time the user signs back in. + # + # The random string is of length 16 composed of A-Z, a-z, 0-9 + # This is the browser's cookie value. + def User.new_remember_token + SecureRandom.urlsafe_base64 + end + + ## + # Encrypt the remember token. + # This is the encrypted version of the cookie stored on + # the database. + # + # The reasoning for storing a hashed token is so that even if + # the database is compromised, the atacker won't be able to use + # the remember tokens to sign in. + def User.hash(token) + Digest::SHA1.hexdigest(token.to_s) + end + + ## + # SHA-1 (Secure Hash Algorithm) is a US engineered hash + # function that produces a 20 byte hash value which typically + # forms a hexadecimal number 40 digits long. + # The reason I am not using the Bcrypt algorithm is because + # SHA-1 is much faster and I will be calling this on + # every page a user accesses. + # + # https://en.wikipedia.org/wiki/SHA-1 + + + # Everything under private is hidden so you cannot call. + private + + ## + # Create_remember_token in order to ensure a user always has + # a remember token. + def create_remember_token + self.remember_token = User.hash(User.new_remember_token) + end + + ## + # In order to ensure that someone did not accidently submit + # two accounts rapidly (which would throw off the validates + # for user_name and email), I added an index to the Users + # email and user_name in the database to ensure uniqueness + # This also gives and index to the user_name and email + # so finding a user SHOULD be easier for the database. end |