edgar411.com

Forgotten Password

Enter your email address in the field below and click 'Reset Password' to have instructions on how to retrieve your forgotten password emailed to you.

# Provides signup and login actions for every Usr. # Most of the code here came from LoginSugar: # http://wiki.rubyonrails.org/rails/pages/LoginSugar class UsrController < ApplicationController layout 'application' skip_before_filter :authenticate_usr, :only => [ :login, :signup, :forgot_password, :logout ] def login return if generate_blank_form @usr = Usr.new(params['usr']) usr = Usr.authenticate(params['usr']['login'], params['usr']['password']) if usr @current_usr = usr session[:usr_id] = usr.id flash['notice'] = 'Login succeeded' redirect_to(:controller => 'sttc', :action => 'instructions') else @login = params['usr']['login'] flash['message'] = 'Login failed' end end def signup return if generate_blank_form @usr = Usr.new( :login => params['usr'][:login], :password => params['usr'][:password], :password_confirmation => params['usr'][:password_confirmation], :email => params['usr'][:email], :first_name => params['usr'][:first_name], :last_name => params['usr'][:last_name] ) begin Usr.transaction do @usr.password_needs_confirmation = true if @usr.save key = @usr.generate_security_token url = url_for(:action => 'welcome') url += "?usr[id]=#{@usr.id}&key=#{key}" UsrNotify.deliver_signup(@usr, params['usr']['password'], url) flash['notice'] = 'Signup successful! Please check your email.' redirect_to(:action => 'after_signup', :controller => 'sttc') end end rescue Exception => ex report_exception ex flash['message'] = 'Error creating account: confirmation email not sent' end end def logout session[:usr_id] = nil @current_usr = nil redirect_to "/" end def change_password return if generate_filled_in params['usr'].delete('form') begin @usr.change_password(params['usr']['password'], params['usr']['password_confirmation']) @usr.save! rescue Exception => ex report_exception ex flash.now['message'] = 'Your password could not be changed at this time. Please retry.' render and return end begin UsrNotify.deliver_change_password(@usr, params['usr']['password']) redirect_to "/" rescue Exception => ex report_exception ex end end def forgot_password if authenticated_usr? flash['message'] = 'You are currently logged in. You may change your password now.' redirect_to :action => 'change_password' return end return if generate_blank_form if params['usr']['email'].empty? flash.now['message'] = 'Please enter a valid email address.' elsif (usr = Usr.find_by_email(params['usr']['email'])).nil? flash.now['message'] = "We could not find a usr with the email address #{CGI.escapeHTML(params['usr']['email'])}" else begin Usr.transaction do key = usr.generate_security_token url = url_for(:action => 'change_password') url += "?usr[id]=#{usr.id}&key=#{key}" UsrNotify.deliver_forgot_password(usr, url) flash['notice'] = "Instructions on resetting your password have been emailed to #{CGI.escapeHTML(params['usr']['email'])}." unless authenticated_usr? # redirect_to :action => 'login' redirect_to(:controller => "sttc/forgot") return end redirect_to "/" end rescue Exception => ex report_exception ex flash.now['message'] = "Your password could not be emailed to #{CGI.escapeHTML(params['usr']['email'])}" end end end def edit return if generate_filled_in if params['usr']['form'] form = params['usr'].delete('form') begin case form when "edit" unclean_params = params['usr'] usr_params = unclean_params.delete_if { |k,v| not Usr::CHANGEABLE_FIELDS.include?(k) } @usr.attributes = usr_params @usr.save flash.now['notice'] = "Usr has been updated." when "change_password" change_password when "delete" delete else raise "unknown edit action" end rescue Exception => ex logger.warn ex logger.warn ex.backtrace end end end def delete @usr = @current_usr || Usr.find_by_id( session[:usr_id] ) begin @usr.update_attribute( :deleted, true ) logout rescue Exception => ex flash.now['message'] = "Error: #{@ex}." redirect_back_or_default :action => 'welcome' end end def welcome end protected def protect?(action) if ['login', 'signup', 'forgot_password'].include?(action) return false else return true end end # Generate a template usr for certain actions on get def generate_blank_form case request.method when :get @usr = Usr.new render return true end return false end # Generate a template usr for certain actions on get def generate_filled_in @usr = @current_usr || Usr.find_by_id( session[:usr_id] ) case request.method when :get render return true end return false end def report_exception( ex ) logger.warn ex logger.warn ex.backtrace.join("\n") end end

require 'digest/sha1' # this model expects a certain database layout and its based on the name/login pattern. class Usr < ActiveRecord::Base CHANGEABLE_FIELDS = ['first_name', 'last_name', 'email'] attr_accessor :password_needs_confirmation after_save '@password_needs_confirmation = false' after_validation :crypt_password validates_presence_of :login, :on => :create validates_length_of :login, :within => 3..40, :on => :create validates_uniqueness_of :login, :on => :create validates_uniqueness_of :email, :on => :create validates_format_of :email, :with => /(^([^@\s]+)@((?:[-_a-z0-9]+\.)+[a-z]{2,})$)|(^$)/i validates_presence_of :password, :if => :validate_password? validates_confirmation_of :password, :if => :validate_password? validates_length_of :password, { :minimum => 5, :if => :validate_password? } validates_length_of :password, { :maximum => 40, :if => :validate_password? } # Associations should come after callbacks has_many :rpts has_many :outputrpts has_many :frgmnts has_many :exprtypes has_many :symbls has_many :bcrmbs def initialize(attributes = nil) super @password_needs_confirmation = false end def self.authenticate(login, pass) u = find( :first, :conditions => ["login = ? AND verified = TRUE AND deleted = FALSE", login]) return nil if u.nil? find( :first, :conditions => ["login = ? AND salted_password = ? AND verified = TRUE", login, salted_password(u.salt, hashed(pass))]) end def self.authenticate_by_token(id, token) # Allow logins for deleted accounts, but only via this method (and # not the regular authenticate call) logger.info "Attempting authorization of #{id} with #{token}" u = find( :first, :conditions => ["id = ? AND security_token = ?", id, token]) if u logger.info "Authenticated by token: #{u.inspect}" else logger.info "Not authenticated" if u.nil? end return nil if (u.nil? or u.token_expired?) u.update_attributes :verified => true, :token_expiry => Clock.now return u end def token_expired? self.security_token and self.token_expiry and (Clock.now >= self.token_expiry) end def generate_security_token if self.security_token.nil? or self.token_expiry.nil? or (Clock.now.to_i + token_lifetime / 2) >= self.token_expiry.to_i token = new_security_token return token else return self.security_token end end def change_password(pass, confirm = nil) self.password = pass self.password_confirmation = confirm.nil? ? pass : confirm @password_needs_confirmation = true end def token_lifetime UsrSystem::CONFIG[:security_token_life_hours] * 60 * 60 end # Help Active Scaffold display Usr objects. # ref: http://activescaffold.com/tutorials/to_label def to_label login end protected attr_accessor :password, :password_confirmation def validate_password? @password_needs_confirmation end def self.hashed(str) return Digest::SHA1.hexdigest("change-me--#{str}--")[0..39] end def crypt_password if @password_needs_confirmation write_attribute("salt", self.class.hashed("salt-#{Clock.now}")) write_attribute("salted_password", self.class.salted_password(salt, self.class.hashed(@password))) end end def new_security_token expiry = Time.at(Clock.now.to_i + token_lifetime) write_attribute('security_token', self.class.hashed(self.salted_password + Clock.now.to_i.to_s + rand.to_s)) write_attribute('token_expiry', expiry) update_without_callbacks return self.security_token end def self.salted_password(salt, hashed_password) hashed(salt + hashed_password) end end

module UsrHelper DEFAULT_HEAD_OPTIONS = { :notice => true, :message => true, :error => false }.freeze unless defined? DEFAULT_HEAD_OPTIONS def title_helper "#{@controller.controller_class_name} #{@controller.action_name}" end def head_helper(label, options = {}) notice = message = error = nil opts = DEFAULT_HEAD_OPTIONS.dup opts.update(options.symbolize_keys) s = "<h3>#{label}</h3>" if flash['notice'] and not opts[:notice].nil? and opts[:notice] notice = "<div><p>#{flash['notice']}</p></div>" s = s + notice end if flash['message'] and not opts[:message].nil? and opts[:message] message = "<div id=\"ErrorExplanation\"><p>#{flash['message']}</p></div>" s = s + message end if not opts[:error].nil? and opts[:error] error = error_messages_for('usr') if not error.nil? error = error + "<br/>" s = s + error end end return s end end

Forgotten Password

Source Code:

/controllers/usr_controller.rb

/models/usr.rb

/helpers/usr_helper.rb