Class: Lato::User

Inherits:
ApplicationRecord show all
Includes:
DependencyHelper, LatoUserApplication
Defined in:
app/models/lato/user.rb

Instance Method Summary collapse

Methods included from DependencyHelper

#depends_on

Instance Method Details

#accept_invitation(params) ⇒ Object

[View source]

269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
# File 'app/models/lato/user.rb', line 269

def accept_invitation(params)
  invitation = Lato::Invitation.find_by(id: params[:id], accepted_code: params[:accepted_code])
  if !invitation || invitation.accepted? || invitation.email != email
    errors.add(:base, :invitation_invalid)
    return
  end

  ActiveRecord::Base.transaction do
    raise ActiveRecord::Rollback unless save && invitation.update(
      accepted_at: Time.now,
      lato_user_id: id
    )

    true
  end
end

#add_web3_connection(params) ⇒ Object

[View source]

286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
# File 'app/models/lato/user.rb', line 286

def add_web3_connection(params)
  depends_on('eth')

  signature_pubkey = Eth::Signature.personal_recover(params[:web3_nonce], params[:web3_signed_nonce])
  signature_address = Eth::Util.public_key_to_address signature_pubkey
  unless signature_address.to_s.downcase == params[:web3_address].downcase
    errors.add(:base, :web3_address_invalid)
    return
  end

  update(web3_address: params[:web3_address])
rescue StandardError => e
  errors.add(:base, :web3_connection_error)
  false
end

#authenticator(params) ⇒ Object

[View source]

315
316
317
318
319
320
321
322
323
324
325
326
# File 'app/models/lato/user.rb', line 315

def authenticator(params)
  return false unless authenticator_enabled?

  totp = ROTP::TOTP.new(authenticator_secret)
  result = totp.verify(params[:authenticator_code])
  unless result
    errors.add(:base, :authenticator_code_invalid)
    return
  end

  true
end

#authenticator_enabled?Boolean

Returns:

  • (Boolean)
[View source]

57
58
59
# File 'app/models/lato/user.rb', line 57

def authenticator_enabled?
  !authenticator_secret.blank?
end

#authenticator_qr_code_base64(size = 200) ⇒ Object

[View source]

72
73
74
# File 'app/models/lato/user.rb', line 72

def authenticator_qr_code_base64(size = 200)
  "data:image/png;base64,#{Base64.strict_encode64(RQRCode::QRCode.new(ROTP::TOTP.new(authenticator_secret, :issuer => Lato.config.application_title).provisioning_uri(email).to_s).as_png(size: size, border_modules: 0).to_s)}"
end

#c_email_verification_code(value = nil) ⇒ Object

[View source]

339
340
341
342
343
344
345
# File 'app/models/lato/user.rb', line 339

def c_email_verification_code(value = nil)
  cache_key = "Lato::User/c_email_verification_code/#{id}"
  return Rails.cache.read(cache_key) if value.nil?

  Rails.cache.write(cache_key, value, expires_in: 30.minutes)
  value
end

#c_email_verification_semaphore(value = nil) ⇒ Object

Cache

[View source]

331
332
333
334
335
336
337
# File 'app/models/lato/user.rb', line 331

def c_email_verification_semaphore(value = nil)
  cache_key = "Lato::User/c_email_verification_semaphore/#{id}"
  return Rails.cache.read(cache_key) if value.nil?

  Rails.cache.write(cache_key, value, expires_in: 2.minutes)
  value
end

#c_password_update_code(value = nil) ⇒ Object

[View source]

347
348
349
350
351
352
353
# File 'app/models/lato/user.rb', line 347

def c_password_update_code(value = nil)
  cache_key = "Lato::User/c_password_update_code/#{id}"
  return Rails.cache.read(cache_key) if value.nil?

  Rails.cache.write(cache_key, value, expires_in: 30.minutes)
  value
end

#destroy_with_confirmation(params) ⇒ Object

[View source]

260
261
262
263
264
265
266
267
# File 'app/models/lato/user.rb', line 260

def destroy_with_confirmation(params)
  unless params[:email_confirmation] == email
    errors.add(:email, :not_correct)
    return
  end

  destroy
end

#full_nameObject

Helpers

[View source]

64
65
66
# File 'app/models/lato/user.rb', line 64

def full_name
  "#{last_name} #{first_name}"
end

#generate_authenticator_secretObject

[View source]

307
308
309
# File 'app/models/lato/user.rb', line 307

def generate_authenticator_secret
  update(authenticator_secret: ROTP::Base32.random)
end

#gravatar_image_url(size = 200) ⇒ Object

[View source]

68
69
70
# File 'app/models/lato/user.rb', line 68

def gravatar_image_url(size = 200)
  @gravatar_image_url ||= "https://www.gravatar.com/avatar/#{Digest::MD5.hexdigest(email)}?s=#{size}"
end

#remove_authenticator_secretObject

[View source]

311
312
313
# File 'app/models/lato/user.rb', line 311

def remove_authenticator_secret
  update(authenticator_secret: nil)
end

#remove_web3_connectionObject

[View source]

302
303
304
305
# File 'app/models/lato/user.rb', line 302

def remove_web3_connection
  update(web3_address: nil)
  true
end

#request_recover_password(params) ⇒ Object

[View source]

200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
# File 'app/models/lato/user.rb', line 200

def request_recover_password(params)
  user = Lato::User.find_by(email: params[:email])
  unless user
    errors.add(:email, :not_registered)
    return
  end

  code = SecureRandom.hex.upcase
  delivery = Lato::UserMailer.password_update_mail(user.id, code).deliver_now
  unless delivery
    errors.add(:base, :email_sending_error)
    return
  end

  self.id = user.id
  reload

  c_password_update_code(code)

  true
end

#request_verify_emailObject

[View source]

161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
# File 'app/models/lato/user.rb', line 161

def request_verify_email
  if c_email_verification_semaphore
    errors.add(:base, :email_verification_limit)
    return
  end

  code = SecureRandom.hex.upcase
  delivery = Lato::UserMailer.email_verification_mail(id, code).deliver_now
  unless delivery
    errors.add(:base, :email_sending_error)
    return
  end

  c_email_verification_code(code)
  c_email_verification_semaphore(true)

  true
end

#signin(params) ⇒ Object

[View source]

94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
# File 'app/models/lato/user.rb', line 94

def (params)
  self.email = params[:email]

  user = Lato::User.find_by(email: params[:email])
  unless user
    errors.add(:email, :not_correct)
    return
  end

  unless user.authenticate(params[:password])
    errors.add(:password, :not_correct)
    return
  end

  self.id = user.id
  reload

  begin
    lato_log_user_signins.create(
      ip_address: params[:ip_address],
      user_agent: params[:user_agent]
    )
  rescue StandardError => e
    Rails.logger.error(e)
  end

  Lato::UserMailer.(id, params[:ip_address]).deliver_later

  true
end

#signup(params = {}) ⇒ Object

Operations

[View source]

79
80
81
82
83
84
85
86
87
88
89
90
91
92
# File 'app/models/lato/user.rb', line 79

def (params = {})
  return unless save

  begin
    lato_log_user_signups.create(
      ip_address: params[:ip_address],
      user_agent: params[:user_agent]
    )
  rescue StandardError => e
    Rails.logger.error(e)
  end

  true
end

#update_accepted_privacy_policy_version(params) ⇒ Object

[View source]

242
243
244
245
246
247
248
249
# File 'app/models/lato/user.rb', line 242

def update_accepted_privacy_policy_version(params)
  unless params[:confirm]
    errors.add(:base, :privacy_policy_invalid)
    return
  end

  update(accepted_privacy_policy_version: Lato.config.legal_privacy_policy_version)
end

#update_accepted_terms_and_conditions_version(params) ⇒ Object

[View source]

251
252
253
254
255
256
257
258
# File 'app/models/lato/user.rb', line 251

def update_accepted_terms_and_conditions_version(params)
  unless params[:confirm]
    errors.add(:base, :terms_and_conditions_invalid)
    return
  end

  update(accepted_terms_and_conditions_version: Lato.config.legal_terms_and_conditions_version)
end

#update_password(params) ⇒ Object

[View source]

222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
# File 'app/models/lato/user.rb', line 222

def update_password(params)
  password_update_code = c_password_update_code

  if password_update_code.blank?
    errors.add(:base, :password_update_code_expired)
    return
  end

  unless password_update_code == params[:code]
    errors.add(:base, :password_update_code_invalid)
    return
  end

  c_password_update_code('')

  update(params.permit(:password, :password_confirmation).merge(
    authenticator_secret: nil # Reset authenticator secret when password is updated
  ))
end

#valid_accepted_privacy_policy_version?Boolean

Questions

Returns:

  • (Boolean)
[View source]

49
50
51
# File 'app/models/lato/user.rb', line 49

def valid_accepted_privacy_policy_version?
  @valid_accepted_privacy_policy_version ||= accepted_privacy_policy_version >= Lato.config.legal_privacy_policy_version
end

#valid_accepted_terms_and_conditions_version?Boolean

Returns:

  • (Boolean)
[View source]

53
54
55
# File 'app/models/lato/user.rb', line 53

def valid_accepted_terms_and_conditions_version?
  @valid_accepted_terms_and_conditions_version ||= accepted_terms_and_conditions_version >= Lato.config.legal_terms_and_conditions_version
end

#verify_email(params) ⇒ Object

[View source]

180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
# File 'app/models/lato/user.rb', line 180

def verify_email(params)
  email_verification_code = c_email_verification_code

  if email_verification_code.blank?
    errors.add(:base, :email_verification_code_expired)
    return
  end

  unless email_verification_code == params[:code]
    errors.add(:base, :email_verification_code_invalid)
    return
  end

  c_email_verification_code('')
  c_email_verification_semaphore(false)

  update_column(:email_verified_at, Time.now)
  true
end

#web3_signin(params) ⇒ Object

[View source]

125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
# File 'app/models/lato/user.rb', line 125

def (params)
  depends_on('eth')

  self.web3_address = params[:web3_address]

  user = Lato::User.find_by(web3_address: params[:web3_address].downcase)
  unless user
    errors.add(:web3_address, :not_correct)
    return
  end

  signature_pubkey = Eth::Signature.personal_recover(params[:web3_nonce], params[:web3_signed_nonce])
  signature_address = Eth::Util.public_key_to_address signature_pubkey
  unless signature_address.to_s.downcase == params[:web3_address].downcase
    errors.add(:web3_signed_nonce, :not_correct)
    return
  end

  self.id = user.id
  reload

  begin
    lato_log_user_signins.create(
      ip_address: params[:ip_address],
      user_agent: params[:user_agent]
    )
  rescue StandardError => e
    Rails.logger.error(e)
  end

  true
rescue StandardError => e
  errors.add(:base, :web3_connection_error)
  false
end