To check out this repository please hg clone the following URL, or open the URL using EasyMercurial or your preferred Mercurial client.
root / .svn / pristine / 23 / 23f046e7217770bca11bfe9989b755a158f48868.svn-base @ 1298:4f746d8966dd
History | View | Annotate | Download (2.5 KB)
| 1 | 1295:622f24f53b42 | Chris | # Redmine - project management software |
|---|---|---|---|
| 2 | # Copyright (C) 2006-2013 Jean-Philippe Lang |
||
| 3 | # |
||
| 4 | # This program is free software; you can redistribute it and/or |
||
| 5 | # modify it under the terms of the GNU General Public License |
||
| 6 | # as published by the Free Software Foundation; either version 2 |
||
| 7 | # of the License, or (at your option) any later version. |
||
| 8 | # |
||
| 9 | # This program is distributed in the hope that it will be useful, |
||
| 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
| 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
| 12 | # GNU General Public License for more details. |
||
| 13 | # |
||
| 14 | # You should have received a copy of the GNU General Public License |
||
| 15 | # along with this program; if not, write to the Free Software |
||
| 16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
||
| 17 | |||
| 18 | class Token < ActiveRecord::Base |
||
| 19 | belongs_to :user |
||
| 20 | validates_uniqueness_of :value |
||
| 21 | |||
| 22 | before_create :delete_previous_tokens, :generate_new_token |
||
| 23 | |||
| 24 | @@validity_time = 1.day |
||
| 25 | |||
| 26 | def generate_new_token |
||
| 27 | self.value = Token.generate_token_value |
||
| 28 | end |
||
| 29 | |||
| 30 | # Return true if token has expired |
||
| 31 | def expired? |
||
| 32 | return Time.now > self.created_on + @@validity_time |
||
| 33 | end |
||
| 34 | |||
| 35 | # Delete all expired tokens |
||
| 36 | def self.destroy_expired |
||
| 37 | Token.delete_all ["action NOT IN (?) AND created_on < ?", ['feeds', 'api'], Time.now - @@validity_time] |
||
| 38 | end |
||
| 39 | |||
| 40 | # Returns the active user who owns the key for the given action |
||
| 41 | def self.find_active_user(action, key, validity_days=nil) |
||
| 42 | user = find_user(action, key, validity_days) |
||
| 43 | if user && user.active? |
||
| 44 | user |
||
| 45 | end |
||
| 46 | end |
||
| 47 | |||
| 48 | # Returns the user who owns the key for the given action |
||
| 49 | def self.find_user(action, key, validity_days=nil) |
||
| 50 | token = find_token(action, key, validity_days) |
||
| 51 | if token |
||
| 52 | token.user |
||
| 53 | end |
||
| 54 | end |
||
| 55 | |||
| 56 | # Returns the token for action and key with an optional |
||
| 57 | # validity duration (in number of days) |
||
| 58 | def self.find_token(action, key, validity_days=nil) |
||
| 59 | action = action.to_s |
||
| 60 | key = key.to_s |
||
| 61 | return nil unless action.present? && key =~ /\A[a-z0-9]+\z/i |
||
| 62 | |||
| 63 | token = Token.where(:action => action, :value => key).first |
||
| 64 | if token && (token.action == action) && (token.value == key) && token.user |
||
| 65 | if validity_days.nil? || (token.created_on > validity_days.days.ago) |
||
| 66 | token |
||
| 67 | end |
||
| 68 | end |
||
| 69 | end |
||
| 70 | |||
| 71 | def self.generate_token_value |
||
| 72 | Redmine::Utils.random_hex(20) |
||
| 73 | end |
||
| 74 | |||
| 75 | private |
||
| 76 | |||
| 77 | # Removes obsolete tokens (same user and action) |
||
| 78 | def delete_previous_tokens |
||
| 79 | if user |
||
| 80 | Token.delete_all(['user_id = ? AND action = ?', user.id, action]) |
||
| 81 | end |
||
| 82 | end |
||
| 83 | end |