Commit f11654d1

mo khan <mo@mokhan.ca>
2014-08-15 04:10:49
move login method to user model.
master
1 parent 68ffcbc
Changed files (6)
app
controllers
sessions_controller.rb
models
user.rb
user_session.rb
spec
controllers
sessions_controller_spec.rb
models
user_session_spec.rb
user_spec.rb
app/controllers/sessions_controller.rb
@@ -4,7 +4,7 @@ class SessionsController < ApplicationController
   end
 
   def create
-    if @session = UserSession.login(session_params[:username], session_params[:password])
+    if @session = User.login(session_params[:username], session_params[:password])
       cookies.signed[:cookie_monster] = @session.access(request)
       redirect_to my_dashboard_path
     else
app/models/user.rb
@@ -70,5 +70,27 @@ class User < ActiveRecord::Base
     def ordered
       User.order(:creations_count => :desc)
     end
+
+    def login(username, password)
+      user = User.find_by(email: username)
+      return false if user.nil?
+      bcrypt = ::BCrypt::Password.new(user.encrypted_password)
+      password = ::BCrypt::Engine.hash_secret("#{password}#{User.pepper}", bcrypt.salt)
+      if secure_compare(password, user.encrypted_password)
+        UserSession.create!(user: user)
+      else
+        false
+      end
+    end
+
+    # constant-time comparison algorithm to prevent timing attacks
+    def secure_compare(a, b)
+      return false if a.blank? || b.blank? || a.bytesize != b.bytesize
+      l = a.unpack "C#{a.bytesize}"
+
+      res = 0
+      b.each_byte { |byte| res |= byte ^ l.shift }
+      res == 0
+    end
   end
 end
app/models/user_session.rb
@@ -34,27 +34,5 @@ class UserSession < ActiveRecord::Base
     def authenticate(key)
       self.active.find_by(key: key)
     end
-
-    def login(username, password)
-      user = User.find_by(email: username)
-      return false if user.nil?
-      bcrypt = ::BCrypt::Password.new(user.encrypted_password)
-      password = ::BCrypt::Engine.hash_secret("#{password}#{User.pepper}", bcrypt.salt)
-      if secure_compare(password, user.encrypted_password)
-        create!(user: user)
-      else
-        false
-      end
-    end
-
-    # constant-time comparison algorithm to prevent timing attacks
-    def secure_compare(a, b)
-      return false if a.blank? || b.blank? || a.bytesize != b.bytesize
-      l = a.unpack "C#{a.bytesize}"
-
-      res = 0
-      b.each_byte { |byte| res |= byte ^ l.shift }
-      res == 0
-    end
   end
 end
spec/controllers/sessions_controller_spec.rb
@@ -16,7 +16,7 @@ describe SessionsController do
       let(:password) { "password" }
 
       before :each do
-        UserSession.stub(:login).with(username, password).and_return(user_session)
+        User.stub(:login).with(username, password).and_return(user_session)
         post :create, session: { username: username, password: password }
       end
 
@@ -32,7 +32,7 @@ describe SessionsController do
 
     context "when the username is not known" do
       before :each do
-        UserSession.stub(:login).and_return(nil)
+        User.stub(:login).and_return(nil)
       end
 
       it "returns an error" do
spec/models/user_session_spec.rb
@@ -1,35 +1,4 @@
 require "rails_helper"
 
 describe UserSession do
-  describe ".login" do
-    context "when the email is not known" do
-      it "returns false" do
-        expect(UserSession.login('blah@example.com', 'password')).to be_falsey
-      end
-    end
-
-    context "when the email is known" do
-      let(:user) { create(:user) }
-
-      before :each do
-        user.password = 'password'
-        user.save!
-      end
-
-      context "when the password is incorrect" do
-        it "returns false" do
-          expect(UserSession.login(user.email, 'blah')).to be_falsey
-        end
-      end
-
-      context "when the password is correct" do
-        it "returns a new session" do
-          result = UserSession.login(user.email, 'password')
-          expect(result).to be_truthy
-          expect(result).to_not be_new_record
-          expect(result.user).to eql(user)
-        end
-      end
-    end
-  end
 end
spec/models/user_spec.rb
@@ -132,4 +132,36 @@ describe User do
       mailer.should have_received(:welcome_email).with(user)
     end
   end
+
+  describe ".login" do
+    context "when the email is not known" do
+      it "returns false" do
+        expect(User.login('blah@example.com', 'password')).to be_falsey
+      end
+    end
+
+    context "when the email is known" do
+      let(:user) { create(:user) }
+
+      before :each do
+        user.password = 'password'
+        user.save!
+      end
+
+      context "when the password is incorrect" do
+        it "returns false" do
+          expect(User.login(user.email, 'blah')).to be_falsey
+        end
+      end
+
+      context "when the password is correct" do
+        it "returns a new session" do
+          result = User.login(user.email, 'password')
+          expect(result).to be_truthy
+          expect(result).to_not be_new_record
+          expect(result.user).to eql(user)
+        end
+      end
+    end
+  end
 end