From 8e3e46b7951120f1ec34949d607a7672ad03f820 Mon Sep 17 00:00:00 2001 From: shumakl Date: Thu, 3 Apr 2014 11:52:05 -0400 Subject: run generate.sh --- app/models/alert.rb | 2 +- app/models/game_setting.rb | 2 +- app/models/match.rb | 4 ++-- app/models/pm.rb | 4 ++-- app/models/remote_username.rb | 4 ++-- app/models/score.rb | 4 ++-- app/models/session.rb | 2 +- app/models/team.rb | 2 +- app/models/tournament.rb | 2 +- app/models/tournament_preference.rb | 2 +- 10 files changed, 14 insertions(+), 14 deletions(-) (limited to 'app/models') diff --git a/app/models/alert.rb b/app/models/alert.rb index 343c269..0516355 100644 --- a/app/models/alert.rb +++ b/app/models/alert.rb @@ -1,3 +1,3 @@ class Alert < ActiveRecord::Base - belongs_to :author + belongs_to :author end diff --git a/app/models/game_setting.rb b/app/models/game_setting.rb index e147b15..bff8d97 100644 --- a/app/models/game_setting.rb +++ b/app/models/game_setting.rb @@ -1,3 +1,3 @@ class GameSetting < ActiveRecord::Base - belongs_to :game + belongs_to :game end diff --git a/app/models/match.rb b/app/models/match.rb index bb814c1..fe68d31 100644 --- a/app/models/match.rb +++ b/app/models/match.rb @@ -1,4 +1,4 @@ class Match < ActiveRecord::Base - belongs_to :tournament - belongs_to :winner + belongs_to :tournament + belongs_to :winner end diff --git a/app/models/pm.rb b/app/models/pm.rb index ab5af3b..9fce2b3 100644 --- a/app/models/pm.rb +++ b/app/models/pm.rb @@ -1,4 +1,4 @@ class Pm < ActiveRecord::Base - belongs_to :author - belongs_to :recipient + belongs_to :author + belongs_to :recipient end diff --git a/app/models/remote_username.rb b/app/models/remote_username.rb index 94e5063..c477f8a 100644 --- a/app/models/remote_username.rb +++ b/app/models/remote_username.rb @@ -1,4 +1,4 @@ class RemoteUsername < ActiveRecord::Base - belongs_to :game - belongs_to :user + belongs_to :game + belongs_to :user end diff --git a/app/models/score.rb b/app/models/score.rb index a9b9c71..11ee9a6 100644 --- a/app/models/score.rb +++ b/app/models/score.rb @@ -1,4 +1,4 @@ class Score < ActiveRecord::Base - belongs_to :user - belongs_to :match + belongs_to :user + belongs_to :match end diff --git a/app/models/session.rb b/app/models/session.rb index c66afec..a5fd26e 100644 --- a/app/models/session.rb +++ b/app/models/session.rb @@ -1,3 +1,3 @@ class Session < ActiveRecord::Base - belongs_to :user + belongs_to :user end diff --git a/app/models/team.rb b/app/models/team.rb index 9e71557..8d89f51 100644 --- a/app/models/team.rb +++ b/app/models/team.rb @@ -1,3 +1,3 @@ class Team < ActiveRecord::Base - belongs_to :match + belongs_to :match end diff --git a/app/models/tournament.rb b/app/models/tournament.rb index cc915a0..dcdb8d5 100644 --- a/app/models/tournament.rb +++ b/app/models/tournament.rb @@ -1,3 +1,3 @@ class Tournament < ActiveRecord::Base - belongs_to :game + belongs_to :game end diff --git a/app/models/tournament_preference.rb b/app/models/tournament_preference.rb index 1f335e3..3d15061 100644 --- a/app/models/tournament_preference.rb +++ b/app/models/tournament_preference.rb @@ -1,3 +1,3 @@ class TournamentPreference < ActiveRecord::Base - belongs_to :tournament + belongs_to :tournament end -- cgit v1.2.3-2-g168b From c0b705f1397ce442427638f92b185d630db73ec5 Mon Sep 17 00:00:00 2001 From: shumakl Date: Thu, 3 Apr 2014 12:12:04 -0400 Subject: normalize to tab indent --- app/models/alert.rb | 2 +- app/models/game_setting.rb | 2 +- app/models/match.rb | 6 +++--- app/models/pm.rb | 4 ++-- app/models/remote_username.rb | 4 ++-- app/models/score.rb | 4 ++-- app/models/session.rb | 2 +- app/models/team.rb | 6 +++--- app/models/tournament_preference.rb | 2 +- app/models/user.rb | 8 ++++---- 10 files changed, 20 insertions(+), 20 deletions(-) (limited to 'app/models') diff --git a/app/models/alert.rb b/app/models/alert.rb index 343c269..0516355 100644 --- a/app/models/alert.rb +++ b/app/models/alert.rb @@ -1,3 +1,3 @@ class Alert < ActiveRecord::Base - belongs_to :author + belongs_to :author end diff --git a/app/models/game_setting.rb b/app/models/game_setting.rb index e147b15..bff8d97 100644 --- a/app/models/game_setting.rb +++ b/app/models/game_setting.rb @@ -1,3 +1,3 @@ class GameSetting < ActiveRecord::Base - belongs_to :game + belongs_to :game end diff --git a/app/models/match.rb b/app/models/match.rb index 782dce8..35deb20 100644 --- a/app/models/match.rb +++ b/app/models/match.rb @@ -1,8 +1,8 @@ class Match < ActiveRecord::Base - belongs_to :tournament + belongs_to :tournament - has_and_belongs_to_many :teams + has_and_belongs_to_many :teams - belongs_to :winner, class_name: "Team" + belongs_to :winner, class_name: "Team" end diff --git a/app/models/pm.rb b/app/models/pm.rb index ab5af3b..9fce2b3 100644 --- a/app/models/pm.rb +++ b/app/models/pm.rb @@ -1,4 +1,4 @@ class Pm < ActiveRecord::Base - belongs_to :author - belongs_to :recipient + belongs_to :author + belongs_to :recipient end diff --git a/app/models/remote_username.rb b/app/models/remote_username.rb index 94e5063..c477f8a 100644 --- a/app/models/remote_username.rb +++ b/app/models/remote_username.rb @@ -1,4 +1,4 @@ class RemoteUsername < ActiveRecord::Base - belongs_to :game - belongs_to :user + belongs_to :game + belongs_to :user end diff --git a/app/models/score.rb b/app/models/score.rb index a9b9c71..11ee9a6 100644 --- a/app/models/score.rb +++ b/app/models/score.rb @@ -1,4 +1,4 @@ class Score < ActiveRecord::Base - belongs_to :user - belongs_to :match + belongs_to :user + belongs_to :match end diff --git a/app/models/session.rb b/app/models/session.rb index c66afec..a5fd26e 100644 --- a/app/models/session.rb +++ b/app/models/session.rb @@ -1,3 +1,3 @@ class Session < ActiveRecord::Base - belongs_to :user + belongs_to :user end diff --git a/app/models/team.rb b/app/models/team.rb index 2348de5..7aae7c2 100644 --- a/app/models/team.rb +++ b/app/models/team.rb @@ -1,5 +1,5 @@ class Team < ActiveRecord::Base - belongs_to :match - has_and_belongs_to_many :matches - has_and_belongs_to_many :users + belongs_to :match + has_and_belongs_to_many :matches + has_and_belongs_to_many :users end diff --git a/app/models/tournament_preference.rb b/app/models/tournament_preference.rb index 1f335e3..3d15061 100644 --- a/app/models/tournament_preference.rb +++ b/app/models/tournament_preference.rb @@ -1,3 +1,3 @@ class TournamentPreference < ActiveRecord::Base - belongs_to :tournament + belongs_to :tournament end diff --git a/app/models/user.rb b/app/models/user.rb index 6e439fb..85f1982 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -77,11 +77,11 @@ class User < ActiveRecord::Base # validity validates(:name, presence: true, length: { maximum: 50 }) validates(:email, presence: true, format: {with: - VALID_EMAIL_REG}, - uniqueness: { case_sensitive: false }) + VALID_EMAIL_REG}, + uniqueness: { case_sensitive: false }) validates(:user_name, presence: true, length:{maximum: 50}, - format: {with: VALID_USER_NAME_REG }, - uniqueness: {case_sensitive: false }) + format: {with: VALID_USER_NAME_REG }, + uniqueness: {case_sensitive: false }) ## # Instead of adding password and password_confirmation -- cgit v1.2.3-2-g168b From 9f19d0e16d7920e07255c0fbe596c518d1aa415f Mon Sep 17 00:00:00 2001 From: shumakl Date: Thu, 3 Apr 2014 15:04:42 -0400 Subject: fix login with tokens belonging to sessions --- app/models/session.rb | 39 ++++++++++++++++++++++++++++++ app/models/user.rb | 66 ++++----------------------------------------------- 2 files changed, 43 insertions(+), 62 deletions(-) (limited to 'app/models') diff --git a/app/models/session.rb b/app/models/session.rb index a5fd26e..f5e642b 100644 --- a/app/models/session.rb +++ b/app/models/session.rb @@ -1,3 +1,42 @@ class Session < ActiveRecord::Base belongs_to :user + + ## + # Create a random remember token for the user. This will be + # changed every time the user creates a new session. + # + # If you want this value, hang on to it; the raw value is + # discarded afterward. + # + # By changing the cookie every new session, any hijacked sessions + # (where the attacker steals a cookie to sign in as a certain + # user) will expire the next time the user signs back in. + # + # The random string is of length 16 composed of A-Z, a-z, 0-9 + # This is the browser's cookie value. + def create_token() + t = SecureRandom.urlsafe_base64 + self.token = Session.hash_token(t) + t + end + + ## + # Encrypt the remember token. + # This is the encrypted version of the cookie stored on + # the database. + # + # The reasoning for storing a hashed token is so that even if + # the database is compromised, the attacker won't be able to use + # the remember tokens to sign in. + def Session.hash_token(token) + # SHA-1 (Secure Hash Algorithm) is a US engineered hash + # function that produces a 20 byte hash value which typically + # forms a hexadecimal number 40 digits long. + # The reason I am not using the Bcrypt algorithm is because + # SHA-1 is much faster and I will be calling this on + # every page a user accesses. + # + # https://en.wikipedia.org/wiki/SHA-1 + Digest::SHA1.hexdigest(token.to_s) + end end diff --git a/app/models/user.rb b/app/models/user.rb index 85f1982..277d885 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -2,17 +2,14 @@ class User < ActiveRecord::Base has_and_belongs_to_many :tournaments_played, class_name: "Tournament", foreign_key: "player_id", join_table: "players_tournaments" has_and_belongs_to_many :tournaments_hosted, class_name: "Tournament", foreign_key: "host_id", join_table: "hosts_tournaments" has_and_belongs_to_many :teams + has_many :sessions before_save { self.email = email.downcase } before_save { self.user_name = user_name } - ## - # Rails looks for the create_remember_token and runs the method - # before anything else. - # - # This method cannot be called by a user since it is denoted - # as private. - before_create :create_remember_token + def after_initialize + self.permissions = 0 + end def in_group?(group) case group @@ -93,59 +90,4 @@ class User < ActiveRecord::Base has_secure_password validates :password, length: { minimum: 6 } - - ## - # Create a random remember token for the user. This will be - # changed every time the user creates a new session. - # - # By changing the cookie every new session, any hijacked sessions - # (where the attacker steals a cookie to sign in as a certain - # user) will expire the next time the user signs back in. - # - # The random string is of length 16 composed of A-Z, a-z, 0-9 - # This is the browser's cookie value. - def User.new_remember_token - SecureRandom.urlsafe_base64 - end - - ## - # Encrypt the remember token. - # This is the encrypted version of the cookie stored on - # the database. - # - # The reasoning for storing a hashed token is so that even if - # the database is compromised, the attacker won't be able to use - # the remember tokens to sign in. - def User.hash(token) - Digest::SHA1.hexdigest(token.to_s) - end - - ## - # SHA-1 (Secure Hash Algorithm) is a US engineered hash - # function that produces a 20 byte hash value which typically - # forms a hexadecimal number 40 digits long. - # The reason I am not using the Bcrypt algorithm is because - # SHA-1 is much faster and I will be calling this on - # every page a user accesses. - # - # https://en.wikipedia.org/wiki/SHA-1 - - - # Everything under private is hidden so you cannot call. - private - - ## - # Create_remember_token in order to ensure a user always has - # a remember token. - def create_remember_token - self.remember_token = User.hash(User.new_remember_token) - end - - ## - # In order to ensure that someone did not accidentally submit - # two accounts rapidly (which would throw off the validates - # for user_name and email), I added an index to the Users - # email and user_name in the database to ensure uniqueness - # This also gives and index to the user_name and email - # so finding a user SHOULD be easier for the database. end -- cgit v1.2.3-2-g168b