Changeset 449

Show
Ignore:
Timestamp:
08/24/06 05:25:17 (2 years ago)
Author:
snowblink
Message:

Adding password history table.
Currently this will just copy the latest password to the table.
Can check if a user's password has expired.
Password expiry can be set by: LoginEngine?.config(:password_expiry)
0 means it will not expire

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • login_engine/trunk/lib/login_engine.rb

    r446 r449  
    5252  if ActiveRecord::Base.pluralize_table_names 
    5353    config :user_table, "users" 
     54    config :password_table, "passwords" 
    5455  else 
    5556    config :user_table, "user" 
     57    config :password_table, "password" 
    5658  end 
     59 
     60  # password expiry time in days 
     61  # 0 means it will not expire 
     62  config :password_expiry, 0 
    5763   
    5864  # controls whether or not email is used 

  • login_engine/trunk/lib/login_engine/authenticated_user.rb

    r446 r449  
    3131        attr_accessor :password, :password_confirmation 
    3232       
    33         after_save :falsify_new_password 
     33        after_save :copy_password_to_password_table, :falsify_new_password 
    3434        after_validation :crypt_password 
     35 
     36        has_many :passwords, :order => 'created_at DESC' 
    3537 
    3638      end 
     
    126128      "#{self.firstname} #{self.lastname}" 
    127129    end 
     130 
     131    # some systems want to expire a user's password after a certain period 
     132    # If password expiry set to 0, then passwords don't expire 
     133    def password_expired? 
     134      if LoginEngine.config(:password_expiry) == 0 
     135        return false 
     136      else 
     137        return LoginEngine.config(:password_expiry).days.ago > self.passwords.first.created_at 
     138      end 
     139    end 
    128140     
    129141    protected 
     
    146158    end 
    147159 
     160    def copy_password_to_password_table 
     161      if @new_password 
     162        Password.create(:user_id => id, 
     163                        :salt => salt, 
     164                        :salted_password => salted_password) 
     165      end 
     166      true 
     167    end 
     168       
     169 
    148170    def new_security_token(hours = nil) 
    149171      write_attribute('security_token', AuthenticatedUser.hashed(self.salted_password + Time.now.to_i.to_s + rand.to_s)) 

  • login_engine/trunk/test/unit/user_test.rb

    r446 r449  
    135135  end 
    136136 
     137  def test_password_expiry 
     138    u = User.new 
     139    u.login = 'password_test' 
     140    u.email = 'bobs@email.com' 
     141    u.change_password("password1", "password1") 
     142    assert u.save 
     143    assert 1, u.passwords.length 
     144    assert !u.password_expired?, "Password expired when it has just been created" 
     145 
     146    LoginEngine::CONFIG[:password_expiry]=1 
     147    u.passwords.first.created_at = 1.day.ago 
     148    u.passwords.first.save 
     149    assert u.password_expired?, "Password should have expired" 
     150     
     151     
     152  end 
    137153end