diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 7b26c3b..05b907a 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -88,7 +88,8 @@ class UsersController < ApplicationController def callback @user = User.focfah(auth_hash, request.ip) login_user(@user) - if @user.created_at > (Time.zone.now - 1.week.ago) + if @user.created_at > (Time.zone.now - 1.week) + flash[:notice] << t(:users_signup_steam) render :edit else return_back diff --git a/app/models/user.rb b/app/models/user.rb index 1733346..e66d35c 100755 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -51,8 +51,15 @@ class User < ActiveRecord::Base PASSWORD_MD5 = 1 PASSWORD_MD5_SCRYPT = 2 + # TODO: move this to a file + PASSWORD_MESSAGE = \ + "Hello %s, \n" + \ + "Your new password is: %s \n \n \n" + \ + "(Make sure you copy all characters and no whitespace when using copy-paste)\n" + \ + "(Security information: your password is stored with hash %s)\n" + #attr_protected :id, :created_at, :updated_at, :lastvisit, :lastip, :password, :version - attr_accessor :raw_password, :password_updated, :password_force, :fullname + attr_accessor :raw_password, :password_updated, :password_force, :fullname, :random_password attribute :lastvisit, :datetime, default: Time.now.utc attribute :password_hash, :integer, default: PASSWORD_SCRYPT @@ -144,8 +151,9 @@ class User < ActiveRecord::Base validate :validate_team before_validation :set_name - before_create :init_variables + before_validation :init_variables, on: :create after_create :create_profile + after_create :send_new_password, if: Proc.new{ random_password == true } before_save :correct_steamid_universe accepts_nested_attributes_for :profile @@ -341,12 +349,23 @@ class User < ActiveRecord::Base def init_variables self.public_email = false self.time_zone = "Amsterdam" - self.raw_password = SecureRandom.base64(32) unless raw_password and new_record? - self.profile = profile.build unless profile&.present? + if !raw_password and new_record? + generate_password + end + unless profile&.present? + self.profile = Profile.new + end + end + + def generate_password + self.raw_password = SecureRandom.alphanumeric(24) + self.password_hash = User::PASSWORD_SCRYPT + self.random_password = true end def create_profile if profile + profile.user_id = self.id profile.save end end @@ -371,10 +390,24 @@ class User < ActiveRecord::Base end end + # This serves multiple functions def send_new_password - newpass = Verification.random_string 10 - update_attribute :password, Digest::MD5.hexdigest(newpass) - Notifications.password(self, newpass).deliver + generate_password unless self.raw_password&.length > 0 + self.save! + + # TODO: consider moving these two to callbacks + self.send_password_message + Notifications.password(self, raw_password).deliver + end + + def send_password_message(text = User::PASSWORD_MESSAGE) + msg = Message.new + msg.title = "New password for ENSL website" + msg.text = text % [username, raw_password, password_hash_s] + msg.sender_type = 'System' + msg.recipient_type = 'User' + msg.recipient = self + msg.save end def can_play? @@ -391,9 +424,15 @@ class User < ActiveRecord::Base loop do new_username = "%s%d" % [username, i] i+=1 - break if User.find_by_username(new_username).count == 0 or i > 50 + if User.where(username: new_username).count == 0 or i > 50 + self.username = new_username + break + end end - self.username = new_username + + end + if errors[:email] + self.email = "%s@ensl.org" % cleanup_string(username) end end @@ -479,7 +518,6 @@ class User < ActiveRecord::Base def self.focfah(auth_hash, lastip) return nil unless auth_hash&.include?(:provider) - byebug case auth_hash[:provider] when 'steam' return nil unless auth_hash&.include?(:uid) diff --git a/config/locales/en.yml b/config/locales/en.yml index 667ab05..eceeb56 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -90,6 +90,7 @@ en: weeks_create: "Week was successfully created." weeks_update: "Week was successfully updated." votes_success: "Voted successfully." + users_signup_steam: "You have created an account via steam, please update your user details." error: "error" prohibited: "prohibited" news: