jam-cloud/ruby/lib/jam_ruby/models/user.rb

include Devise::Models

module JamRuby
  class User < ActiveRecord::Base

    #devise: for later: :trackable

    devise :database_authenticatable,
           :recoverable, :rememberable

    include Geokit::ActsAsMappable::Glue unless defined?(acts_as_mappable)
    acts_as_mappable

    after_save :check_lat_lng

    attr_accessible :first_name, :last_name, :email, :city, :password, :password_confirmation, :state, :country, :birth_date, :subscribe_email, :terms_of_service, :original_fpfile, :cropped_fpfile, :cropped_large_fpfile, :cropped_s3_path, :cropped_large_s3_path, :photo_url, :large_photo_url, :crop_selection, :lat, :lng

    # updating_password corresponds to a lost_password
    attr_accessor :updating_password, :updating_email, :updated_email, :update_email_confirmation_url, :administratively_created, :current_password, :setting_password, :confirm_current_password, :updating_avatar, :updating_progression_field

    belongs_to :icecast_server_group, class_name: "JamRuby::IcecastServerGroup", inverse_of: :users, foreign_key: 'icecast_server_group_id'

    # authorizations (for facebook, etc -- omniauth)
    has_many :user_authorizations, :class_name => "JamRuby::UserAuthorization"

    # connections (websocket-gateway)
    has_many :connections, :class_name => "JamRuby::Connection"

    # friend requests
    has_many :friend_requests, :class_name => "JamRuby::FriendRequest"

    # instruments
    has_many :musician_instruments, :class_name => "JamRuby::MusicianInstrument"
    has_many :instruments, :through => :musician_instruments, :class_name => "JamRuby::Instrument"

    # bands
    has_many :band_musicians, :class_name => "JamRuby::BandMusician"
    has_many :bands, :through => :band_musicians, :class_name => "JamRuby::Band"

    # recordings
    has_many :owned_recordings, :class_name => "JamRuby::Recording", :foreign_key => "owner_id"
    has_many :recordings, :through => :claimed_recordings, :class_name => "JamRuby::Recording"
    has_many :claimed_recordings, :class_name => "JamRuby::ClaimedRecording", :inverse_of => :user
    has_many :playing_claimed_recordings, :class_name => "JamRuby::MusicSession", :inverse_of => :claimed_recording_initiator

    # self.id = user_id in likes table
    has_many :likings, :class_name => "JamRuby::Like", :inverse_of => :user, :dependent => :destroy

    # self.id = likable_id in likes table
    has_many :likers, :as => :likable, :class_name => "JamRuby::Like", :dependent => :destroy

    # self.id = user_id in follows table
    has_many :followings, :class_name => "JamRuby::Follow", :inverse_of => :user, :dependent => :destroy

    # self.id = followable_id in follows table
    has_many :followers, :as => :followable, :class_name => "JamRuby::Follow", :dependent => :destroy

    # notifications
    has_many :notifications, :class_name => "JamRuby::Notification", :foreign_key => "target_user_id"
    has_many :inverse_notifications, :through => :notifications, :class_name => "JamRuby::User"

    # friends
    has_many :friendships, :class_name => "JamRuby::Friendship", :foreign_key => "user_id"
    has_many :friends, :through => :friendships, :class_name => "JamRuby::User"
    has_many :inverse_friendships, :class_name => "JamRuby::Friendship", :foreign_key => "friend_id"
    has_many :inverse_friends, :through => :inverse_friendships, :source => :user, :class_name => "JamRuby::User"

    # connections / music sessions
    has_many :created_music_sessions, :foreign_key => "user_id", :inverse_of => :user, :class_name => "JamRuby::MusicSession" # sessions *created* by the user
    has_many :music_sessions, :through => :connections, :class_name => "JamRuby::MusicSession"

    # invitations
    has_many :received_invitations, :foreign_key => "receiver_id", :inverse_of => :receiver, :class_name => "JamRuby::Invitation"
    has_many :sent_invitations, :foreign_key => "sender_id", :inverse_of => :sender, :class_name => "JamRuby::Invitation"

    # fan invitations
    has_many :received_fan_invitations, :foreign_key => "receiver_id", :inverse_of => :receiver, :class_name => "JamRuby::FanInvitation"
    has_many :sent_fan_invitations, :foreign_key => "sender_id", :inverse_of => :sender, :class_name => "JamRuby::FanInvitation"

    # band invitations
    has_many :received_band_invitations, :inverse_of => :receiver, :foreign_key => "user_id", :class_name => "JamRuby::BandInvitation"
    has_many :sent_band_invitations, :inverse_of => :sender, :foreign_key => "creator_id", :class_name => "JamRuby::BandInvitation"

    # session history
    has_many :music_session_histories, :foreign_key => "user_id", :class_name => "JamRuby::MusicSessionHistory", :inverse_of => :user
    has_many :music_session_user_histories, :foreign_key => "user_id", :class_name => "JamRuby::MusicSessionUserHistory", :inverse_of => :user

    # saved tracks
    has_many :recorded_tracks, :foreign_key => "user_id", :class_name => "JamRuby::RecordedTrack", :inverse_of => :user

    # invited users
    has_many :invited_users, :foreign_key => "sender_id", :class_name => "JamRuby::InvitedUser"

    # crash dumps
    has_many :crash_dumps, :foreign_key => "user_id", :class_name => "JamRuby::CrashDump"

    # This causes the authenticate method to be generated (among other stuff)
    #has_secure_password

    before_save :create_remember_token, :if => :should_validate_password?
    before_save :stringify_avatar_info , :if => :updating_avatar

    validates :first_name, presence: true, length: {maximum: 50}, no_profanity: true
    validates :last_name, presence: true, length: {maximum: 50}, no_profanity: true
    VALID_EMAIL_REGEX = /\A[\w+\-.]+@[a-z\d\-.]+\.[a-z]+\z/i
      validates :email, presence: true, format: {with: VALID_EMAIL_REGEX}
    validates :update_email, presence: true, format: {with: VALID_EMAIL_REGEX}, :if => :updating_email

    validates_length_of :password, minimum: 6, maximum: 100, :if => :should_validate_password?
    validates_presence_of :password_confirmation, :if => :should_validate_password?
    validates_confirmation_of :password, :if => :should_validate_password?

    validates :terms_of_service, :acceptance => {:accept => true, :on => :create, :allow_nil => false }
    validates :subscribe_email, :inclusion => {:in => [nil, true, false]}
    validates :musician, :inclusion => {:in => [true, false]}
    validates :show_whats_next, :inclusion => {:in => [nil, true, false]}

    # custom validators
    validate :validate_musician_instruments
    validate :validate_current_password
    validate :validate_update_email
    validate :validate_avatar_info
    validate :email_case_insensitive_uniqueness
    validate :update_email_case_insensitive_uniqueness, :if => :updating_email

    scope :musicians, where(:musician => true)
    scope :fans, where(:musician => false)
    scope :geocoded_users, where(['lat IS NOT NULL AND lng IS NOT NULL'])
    scope :musicians_geocoded, musicians.geocoded_users

    def user_progression_fields
      @user_progression_fields ||= Set.new ["first_downloaded_client_at", "first_ran_client_at", "first_music_session_at", "first_real_music_session_at", "first_good_music_session_at", "first_certified_gear_at", "first_invited_at", "first_friended_at", "first_recording_at", "first_social_promoted_at" ]
    end

    def update_progression_field(field_name, time = DateTime.now)
      @updating_progression_field = true
      if self[field_name].nil?
        self[field_name] = time
        self.save
      end
    end

    def failed_qualification(reason)
      self.last_failed_certified_gear_at = DateTime.now
      self.last_failed_certified_gear_reason = reason
      self.save
    end

    def validate_musician_instruments
      errors.add(:musician_instruments, ValidationMessages::INSTRUMENT_MINIMUM_NOT_MET) if !administratively_created && musician && musician_instruments.length == 0
      errors.add(:musician_instruments, ValidationMessages::INSTRUMENT_LIMIT_EXCEEDED) if !administratively_created && musician && musician_instruments.length > 5
    end

    def validate_current_password
      # checks if the user put in their current password (used when changing your email, for instance)
      errors.add(:current_password, ValidationMessages::NOT_YOUR_PASSWORD) if should_confirm_existing_password? && !valid_password?(self.current_password)
    end

    def validate_update_email
      if updating_email && self.update_email == self.email
        errors.add(:update_email, ValidationMessages::EMAIL_MATCHES_CURRENT)
      elsif updating_email && User.where("email ILIKE ?", self.update_email).first != nil
        errors.add(:update_email, ValidationMessages::EMAIL_ALREADY_TAKEN)
      end
    end

    def validate_avatar_info
      if updating_avatar
        # we want to mak sure that original_fpfile and cropped_fpfile seems like real fpfile info objects (i.e, json objects from filepicker.io)
        errors.add(:original_fpfile, ValidationMessages::INVALID_FPFILE) if self.original_fpfile.nil? || self.original_fpfile["key"].nil? || self.original_fpfile["url"].nil?
        errors.add(:cropped_fpfile, ValidationMessages::INVALID_FPFILE) if self.cropped_fpfile.nil? || self.cropped_fpfile["key"].nil? || self.cropped_fpfile["url"].nil?
        errors.add(:cropped_large_fpfile, ValidationMessages::INVALID_FPFILE) if self.cropped_large_fpfile.nil? || self.cropped_large_fpfile["key"].nil? || self.cropped_large_fpfile["url"].nil?
      end
    end

    def email_case_insensitive_uniqueness
      # using the case insensitive unique check of active record will downcase the field, which is not what we want--we want to preserve original casing
      search = User.where("email ILIKE ?", self.email).first
      if search != nil && search != self
        errors.add(:email, ValidationMessages::EMAIL_ALREADY_TAKEN)
      end
    end

    def update_email_case_insensitive_uniqueness
      # using the case insensitive unique check of active record will downcase the field, which is not what we want--we want to preserve original casing
      search = User.where("update_email ILIKE ?", self.update_email).first
      if search != nil && search != self
        errors.add(:update_email, ValidationMessages::EMAIL_ALREADY_TAKEN)
      end
    end

    def online
      @online ||= !self.connections.nil? && self.connections.size > 0
    end

    def name
      "#{first_name} #{last_name}"
    end

    def location
      loc = self.city.blank? ? '' : self.city
      loc = loc.blank? ? self.state : "#{loc}, #{self.state}" unless self.state.blank?
      #loc = loc.blank? ? self.country : "#{loc}, #{self.country}" unless self.country.blank?
      loc
    end

    def location= location_hash
      unless location_hash.blank?
        self.city = location_hash[:city]
        self.state = location_hash[:state]
        self.country = location_hash[:country]
      end if self.city.blank?
    end

    def musician?
      return musician
    end

    def should_validate_password?
      (updating_password || new_record?)
    end

    def should_confirm_existing_password?
      confirm_current_password
    end

    def end_user_created?
      return !administratively_created
    end

    def friends?(user)
      self.friends.exists?(user)
    end

    def friend_count
      self.friends.size
    end

    # check if "this user" likes entity
    def likes?(entity)
      self.likings.where(:likable_id => entity.id).size > 0
    end

    def liking_count
      self.likings.size
    end

    def liker_count
      self.likers.size
    end

    # check if "this user" follows entity
    def following?(entity)
      self.followings.where(:followable_id => entity.id).size > 0
    end

    def following_count
      self.followings.size
    end

    def follower_count
      self.followers.size
    end

    def recording_count
      self.recordings.size
    end

    def session_count
      self.music_sessions.size
    end

    def recent_history
      recordings = ClaimedRecording.joins(:recording)
        .where(:recordings => {:owner_id => "#{self.id}"})
        .order('created_at DESC')
        .limit(10)
      
      msh = MusicSessionHistory.where(:user_id => self.id)
        .order('created_at DESC')
        .limit(10)

      recordings.concat(msh)
      recordings.sort! {|a,b| b.created_at <=> a.created_at}.first(5)
    end
    
    def confirm_email!
      self.email_confirmed = true
    end

    def my_session_settings
      unless self.session_settings.nil?
        return JSON.parse(self.session_settings)
      else
        return ""
      end
    end

    def session_history(user_id, band_id = nil, genre = nil)
      return MusicSessionHistory.index(self, user_id, band_id, genre)
    end

    def session_user_history(user_id, session_id)
      return MusicSessionUserHistory.where("music_session_id='#{session_id}'")
    end

    # always returns a non-null value for photo-url,
    # using the generic avatar if no user photo available
    def resolved_photo_url
      if self.photo_url == nil || self.photo_url == ''
        "#{APP_CONFIG.external_root_url}/assets/shared/avatar_generic.png"
      else
        return self.photo_url
      end
    end

    def to_s
      return email unless email.nil?

      if !first_name.nil? && !last_name.nil?
        return first_name + ' ' + last_name
      end

      return id
    end

    def set_password(old_password, new_password, new_password_confirmation)

      # so that UserObserver knows to send a confirmation email on success
      self.setting_password = true
      # so that should_validate_password? fires
      self.updating_password = true

      attributes = { :password => new_password, :password_confirmation => new_password_confirmation }

      # taken liberally from Devise::DatabaseAuthenticatable.update_with_password

      if valid_password?(old_password)
         update_attributes(attributes)
      else
        self.assign_attributes(attributes)
        self.valid?
        self.errors.add(:current_password, old_password.blank? ? :blank : :invalid)
      end

      #clean_up_passwords

    end

    def self.set_password_from_token(email, token, new_password, new_password_confirmation)
      user = User.where("email ILIKE ?", email).first
      if user.nil? || user.reset_password_token != token || Time.now - user.reset_password_token_created > 3.days || new_password.length < 6 || new_password != new_password_confirmation
        raise JamRuby::JamArgumentError
      end
      user.reset_password_token = nil
      user.reset_password_token_created = nil
      user.change_password(new_password, new_password_confirmation)
      user.save
    end
      
    def change_password(new_password, new_password_confirmation)
      # FIXME: Should verify that the new password meets certain quality criteria. Really, maybe that should be a 
      # verification step.
      self.updating_password = true 
      self.password = new_password
      self.password_confirmation = new_password_confirmation
      
      UserMailer.password_changed(self).deliver  
    end

    def self.reset_password(email, base_uri)
      user = User.where("email ILIKE ?", email).first
      raise JamRuby::JamArgumentError if user.nil?

      user.reset_password_token = SecureRandom.urlsafe_base64
      user.reset_password_token_created = Time.now
      user.save

      reset_url = "#{base_uri}/reset_password_token?token=#{user.reset_password_token}&email=#{CGI.escape(email)}"
      UserMailer.password_reset(user, reset_url).deliver
      
      user
    end

    def self.band_index(user_id)
      bands = Band.joins(:band_musicians)
                  .where(:bands_musicians => {:user_id => "#{user_id}"})

      return bands
    end

    def self.recording_index(current_user, user_id)
      hide_private = false

      # hide private recordings from anyone but the current user
      if current_user.id != user_id
        hide_private = true
      end

      if hide_private
        recordings = Recording.joins(:musician_recordings)
                              .where(:musicians_recordings => {:user_id => "#{user_id}"}, :public => true)

      else
        recordings = Recording.joins(:musician_recordings)
                              .where(:musicians_recordings => {:user_id => "#{user_id}"})                                  
      end

      return recordings
    end

    # given an array of instruments, update a user's instruments
    def update_instruments(instruments)
      # delete all instruments for this user first
      unless self.new_record?
        MusicianInstrument.delete_all(["user_id = ?", self.id])
      end

      # loop through each instrument in the array and save to the db
      instruments.each do |musician_instrument_param|
        instrument = Instrument.find(musician_instrument_param[:instrument_id])
        musician_instrument = MusicianInstrument.new
        musician_instrument.user = self
        musician_instrument.instrument = instrument
        musician_instrument.proficiency_level = musician_instrument_param[:proficiency_level]
        musician_instrument.priority = musician_instrument_param[:priority]
        musician_instrument.save
        self.musician_instruments << musician_instrument
      end
    end

    # this easy_save routine guards against nil sets, but many of these fields can be set to null.
    # I've started to use it less as I go forward
    def easy_save(first_name, last_name, email, password, password_confirmation, musician, gender,
        birth_date, internet_service_provider, city, state, country, instruments, photo_url, biography = nil)

      # first name
      unless first_name.nil?
        self.first_name = first_name
      end

      # last name
      unless last_name.nil?
        self.last_name = last_name
      end

      # email
      # !! Email is changed in a dedicated method, 'update_email'
      #unless email.nil?
      #  self.email = email
      #end

      # password
      unless password.nil?
        self.password = password
      end

      # password confirmation
      unless password_confirmation.nil?
        self.password_confirmation = password_confirmation
      end

      # musician flag
      unless musician.nil?
        self.musician = musician
      end

      # gender
      unless gender.nil?
        self.gender = gender
      end

      # birthdate
      unless birth_date.nil?
        self.birth_date = birth_date
      end

      # ISP
      unless internet_service_provider.nil?
        self.internet_service_provider = internet_service_provider
      end

      # city
      unless city.nil?
        self.city = city
      end

      # state
      unless state.nil?
        self.state = state
      end

      # country
      unless country.nil?
        self.country = country
      end

      # instruments
      unless instruments.nil?
        update_instruments(instruments)
      end

      # photo url
      unless photo_url.nil?
        self.photo_url = photo_url
      end

      unless biography.nil?
        self.biography = biography
      end

      self.updated_at = Time.now.getutc
      self.save
    end

    # helper method for creating / updating a User
    def self.save(id, updater_id, first_name, last_name, email, password, password_confirmation, musician, gender,
                  birth_date, internet_service_provider, city, state, country, instruments, photo_url, biography)
      if id.nil?
        user = User.new()
      else
        user = User.find(id)
      end

      if user.id != updater_id
        raise PermissionError, ValidationMessages::PERMISSION_VALIDATION_ERROR
      end 

      user.easy_save(first_name, last_name, email, password, password_confirmation, musician, gender,
                     birth_date, internet_service_provider, city, state, country, instruments, photo_url, biography)
      return user
    end

    def begin_update_email(email, current_password, confirmation_url)
      # sets the user model in a state such that it's expecting to have it's email updated
      # two columns matter for this; 'update_email_token' and 'update_email'
      # confirmation_link is odd in the sense that it can likely only come from www.jamkazam.com (jam-web)

      # an observer should be set up to send an email based on this activity
      self.updating_email = self.confirm_current_password = true
      self.current_password = current_password
      self.update_email = email
      self.update_email_token = SecureRandom.urlsafe_base64
      self.update_email_confirmation_url = "#{confirmation_url}#{self.update_email_token}"

      self.save
    end

    def create_user_following(targetUserId)
      targetUser = User.find(targetUserId)

      follow = Follow.new
      follow.followable = targetUser
      follow.user = self
      follow.save

      # TODO: make this async
      Notification.send_new_user_follower(self, targetUser)
    end

    def create_band_following(targetBandId)

      targetBand= Band.find(targetBandId)

      follow = Follow.new
      follow.followable = targetBand
      follow.user = self
      follow.save

      # TODO: make this async
      Notification.send_new_band_follower(self, targetBand)
    end

    def self.delete_following(followerId, targetEntityId)
      Follow.delete_all "(user_id = '#{followerId}' AND followable_id = '#{targetEntityId}')"
    end

    def create_user_like(targetUserId)
      targetUser = User.find(targetUserId)

      like = Like.new
      like.likable = targetUser
      like.user = self
      like.save
    end

    def create_band_like(targetBandId)
      targetBand = Band.find(targetBandId)

      like = Like.new
      like.likable = targetBand
      like.user = self
      like.save
    end

    def create_session_like(targetSessionId)
      targetSession = MusicSessionHistory.find(targetSessionId)

      like = Like.new
      like.likable = targetSession
      like.user = self
      like.save
    end

    def create_recording_like(targetRecordingId)
      targetRecording = Recording.find(targetRecordingId)
      
      like = Like.new
      like.likable = targetRecording
      like.user = self
      like.save
    end

    def self.delete_like(likerId, targetEntityId)
      Like.delete_all "(user_id = '#{liker_id}' AND likable_id = '#{targetEntityId}')"
    end

    def self.finalize_update_email(update_email_token)
      # updates the user model to have a new email address
      user = User.find_by_update_email_token!(update_email_token)

      user.updated_email = true
      user.email = user.update_email
      user.update_email_token = nil
      user.save

      return user
    end

    def self.create_favorite(user_id, recording_id)
      favorite = UserFavorite.new
      favorite.user_id = user_id
      favorite.recording_id = recording_id
      favorite.save
    end

    def favorite_count
      0  # FIXME:  update this with recording likes count when implemented
    end

    def self.delete_favorite(user_id, recording_id)
      JamRuby::UserFavorite.delete_all "(user_id = '#{user_id}' AND recording_id = '#{recording_id}')"
    end

    def self.save_session_settings(user, music_session)
      unless user.nil?

        # only save genre id and description
        genres = []
        unless music_session.genres.nil?
          music_session.genres.each do |genre|
            g = Hash.new
            g["id"] = genre.id
            g["description"] = genre.description
            genres << g
          end
        end

        # only save invitation receiver id and name
        invitees = []
        unless music_session.invitations.nil?
          music_session.invitations.each do |invitation|
            i = Hash.new
            i["id"] = invitation.receiver.id
            i["name"] = invitation.receiver.name
            invitees << i
          end
        end

        session_settings = { :band_id => music_session.band_id, 
                             :musician_access => music_session.musician_access,
                             :approval_required => music_session.approval_required,
                             :fan_chat => music_session.fan_chat,
                             :fan_access => music_session.fan_access,
                             :description => music_session.description,
                             :genres => genres,
                             :invitees => invitees
                           }.to_json

        user.session_settings = session_settings
        user.save
      end
    end

    # throws ActiveRecord::RecordNotFound if instrument is invalid
    # throws an email delivery error if unable to connect out to SMTP
    def self.signup(options)

      first_name = options[:first_name]
      last_name = options[:last_name]
      email = options[:email]
      password = options[:password]
      password_confirmation = options[:password_confirmation]
      terms_of_service = options[:terms_of_service]
      location = options[:location]
      instruments = options[:instruments]
      birth_date = options[:birth_date]
      musician = options[:musician]
      photo_url = options[:photo_url]
      invited_user = options[:invited_user]
      fb_signup = options[:fb_signup]
      signup_confirm_url = options[:signup_confirm_url]

      user = User.new

      UserManager.active_record_transaction do |user_manager|
        user.first_name = first_name
        user.last_name = last_name
        user.email = email
        user.subscribe_email = true
        user.terms_of_service = terms_of_service
        user.musician = musician

        # FIXME: Setting random password for social network logins. This
        # is because we have validations all over the place on this.
        # The right thing would be to have this null

        # Seth: I think we need a flag in the signature of signup to say 'social_signup=true'. If that flag is set,
        # then you can do use.updating_password = false and instead set a null password
        if password.nil?
          user.password  = user.password_confirmation = SecureRandom.urlsafe_base64
        else
          user.password = password
          user.password_confirmation = password_confirmation
        end

        user.admin = false
        user.city = location[:city]
        user.state = location[:state]
        user.country = location[:country]
        user.birth_date = birth_date

        if user.musician # only update instruments if the user is a musician
          unless instruments.nil?
            instruments.each do |musician_instrument_param|
              instrument = Instrument.find(musician_instrument_param[:instrument_id])
              musician_instrument = MusicianInstrument.new
              musician_instrument.user = user
              musician_instrument.instrument = instrument
              musician_instrument.proficiency_level = musician_instrument_param[:proficiency_level]
              musician_instrument.priority = musician_instrument_param[:priority]
              user.musician_instruments << musician_instrument
            end
          end
        end

        user.photo_url = photo_url

        unless fb_signup.nil?
          user.update_fb_authorization(fb_signup)

          if fb_signup.email.casecmp(user.email).zero?
            user.email_confirmed = true
            user.signup_token = nil
          else
            user.email_confirmed = false
            user.signup_token = SecureRandom.urlsafe_base64
          end
        end

        if invited_user.nil?
          user.can_invite = Limits::USERS_CAN_INVITE

          unless user.email_confirmed # important that the only time this goes true is if some other mechanism, like fb_signup, set this high
            user.email_confirmed = false
            user.signup_token = SecureRandom.urlsafe_base64
          end
        else
          # if you are invited by an admin, we'll say you can invite too.
          # but if not, then you can not invite
          user.can_invite = invited_user.invited_by_administrator?

          # if you came in from an invite and used the same email to signup,
          # then we know you are a real human and that your email is valid.
          # lucky! we'll log you in immediately
          if invited_user.email.casecmp(user.email).zero?
            user.email_confirmed = true
            user.signup_token = nil
          else
            user.email_confirmed = false
            user.signup_token = SecureRandom.urlsafe_base64
          end


          # now that the user is saved, let's
          if invited_user.autofriend && !invited_user.sender.nil?
            # hookup this user with the sender
            Friendship.save_using_models(user, invited_user.sender)
          end

          invited_user.accept!
          invited_user.save

          if invited_user.errors.any?
            raise ActiveRecord::Rollback
          end
        end

        user.save

        if user.errors.any?
          raise ActiveRecord::Rollback
        else
          # don't send an signup email if email is already confirmed
          if user.email_confirmed
            UserMailer.welcome_message(user).deliver
          else
            # any errors here should also rollback the transaction; that's OK. If emails aren't going to be delivered,
            # it's already a really bad situation; make user signup again
            UserMailer.confirm_email(user, signup_confirm_url.nil? ? nil : (signup_confirm_url + "/" + user.signup_token) ).deliver
          end
        end
      end

      return user
    end

    # this is intended to be development-mode or test-mode only; VRFS-149
    # it creates or updates one user per developer, so that we aren't in the business
    # of constantly recreating users as we create new dev environments

    # We guard against this code running in production mode,
    # because otherwise it's a bit of uncomfortable code
    # to have sitting around
    def self.create_dev_user(first_name, last_name, email, password,
            city, state, country, instruments, photo_url)

      if Environment.mode == "production"
        # short-circuit out
        return
      end

      user = User.find_or_create_by_email(email)
      
      User.transaction do
        user.first_name = first_name
        user.last_name = last_name
        user.email = email
        user.password = password
        user.password_confirmation = password
        user.admin = true
        user.email_confirmed = true
        user.musician = true
        user.city = city
        user.state = state
        user.country = country
        user.terms_of_service = true

        if instruments.nil?
          instruments = [{:instrument_id => "acoustic guitar", :proficiency_level => 3, :priority => 1}]
        end

        unless user.new_record?
          MusicianInstrument.delete_all(["user_id = ?", user.id])
        end

        instruments.each do |musician_instrument_param|
          instrument = Instrument.find(musician_instrument_param[:instrument_id])
          musician_instrument = MusicianInstrument.new
          musician_instrument.user = user
          musician_instrument.instrument = instrument
          musician_instrument.proficiency_level = musician_instrument_param[:proficiency_level]
          musician_instrument.priority = musician_instrument_param[:priority]
          user.musician_instruments << musician_instrument
        end

        if photo_url.nil?
          user.photo_url = photo_url
        end

        user.signup_token = nil
        user.save

        if user.errors.any?
          raise ActiveRecord::Rollback
        end
      end

      return user
    end

    def signup_confirm
      self.signup_token = nil
      self.confirm_email!
      self.save
    end

    def escape_filename(path)
      dir = File.dirname(path)
      file = File.basename(path)
      "#{dir}/#{ERB::Util.url_encode(file)}"
    end

    def update_avatar(original_fpfile, cropped_fpfile, cropped_large_fpfile, crop_selection, aws_bucket)
      self.updating_avatar = true

      cropped_s3_path = cropped_fpfile["key"]
      cropped_large_s3_path = cropped_large_fpfile["key"]

      self.update_attributes(
            :original_fpfile => original_fpfile,
            :cropped_fpfile => cropped_fpfile,
            :cropped_large_fpfile => cropped_large_fpfile,
            :cropped_s3_path => cropped_s3_path,
            :cropped_large_s3_path => cropped_large_s3_path,
            :crop_selection => crop_selection,
            :photo_url => S3Util.url(aws_bucket, escape_filename(cropped_s3_path), :secure => false),
            :large_photo_url => S3Util.url(aws_bucket, escape_filename(cropped_large_s3_path), :secure => false)
        )
    end

    def delete_avatar(aws_bucket)

      User.transaction do

        unless self.cropped_s3_path.nil?
          S3Util.delete(aws_bucket, File.dirname(self.cropped_s3_path) + '/cropped.jpg')
          S3Util.delete(aws_bucket, self.cropped_s3_path)
          S3Util.delete(aws_bucket, self.cropped_large_s3_path)
        end

        return self.update_attributes(
            :original_fpfile => nil,
            :cropped_fpfile => nil,
            :cropped_large_fpfile => nil,
            :cropped_s3_path => nil,
            :cropped_large_s3_path => nil,
            :photo_url => nil,
            :crop_selection => nil,
            :large_photo_url => nil
        )
      end

    end

    # throws RecordNotFound if signup token is invalid; i.e., if it's nil, empty string, or not belonging to a user
    def self.signup_confirm(signup_token)
      if signup_token.nil? || signup_token.empty?
        # there are plenty of confirmed users with nil signup_tokens, so we can't look on it
        raise ActiveRecord::RecordNotFound
      else
        UserManager.active_record_transaction do |user_manager|
          # throws ActiveRecord::RecordNotFound if invalid
          user = User.find_by_signup_token!(signup_token)
          user.signup_confirm
          return user
        end
      end
    end

    # if valid credentials are supplied for an 'active' user, returns the user
    # if not authenticated, returns nil
    def self.authenticate(email, password)
      # remove email_confirmed restriction due to VRFS-378

      # we only allow users that have confirmed email to authenticate
      # user = User.where('email_confirmed=true').find_by_email(email)

      # do a case insensitive search for email, because we store it case sensitive
      user = User.where("email ILIKE ?", email).first

      if user && user.valid_password?(password)
        return user
      else
        return nil
      end
    end

    def invalidate_user_authorization(provider)
      auth = user_authorization(provider)
      auth.destroy if auth
    end

    def user_authorization(provider)
      user_authorizations.where(provider: provider).first
    end

    def auth_twitter
      !user_authorization('twitter').nil?
    end

    def build_twitter_authorization(auth_hash)

      twitter_uid = auth_hash[:uid]
      credentials = auth_hash[:credentials]
      secret = credentials[:secret] if credentials
      token = credentials[:token] if credentials

      if twitter_uid && secret && token
        user_authorization = nil

        unless self.new_record?
          # see if this user has an existing user_authorization for this provider
          user_authorization = UserAuthorization.find_by_user_id_and_provider(self.id, 'twitter')
        end
      end

      if user_authorization.nil?
        user_authorization = UserAuthorization.new(provider: 'twitter',
                                       uid: twitter_uid,
                                       token: token,
                                       secret: secret,
                                       user: self)
      else
        user_authorization.uid = twitter_uid
        user_authorization.token = token
        user_authorization.secret = secret
      end

      user_authorization
    end

    # updates an existing user_authorization for facebook, or creates a new one if none exist
    def update_fb_authorization(fb_signup)
      if fb_signup.uid && fb_signup.token && fb_signup.token_expires_at

        user_authorization = nil

        unless self.new_record?
          # see if this user has an existing user_authorization for this provider
          user_authorization = UserAuthorization.find_by_user_id_and_provider(self.id, 'facebook')
        end

        if user_authorization.nil?
          self.user_authorizations.build provider: 'facebook',
                                         uid: fb_signup.uid,
                                         token: fb_signup.token,
                                         token_expiration: fb_signup.token_expires_at,
                                         user: self
        else
          user_authorization.uid = fb_signup.uid
          user_authorization.token = fb_signup.token
          user_authorization.token_expiration = fb_signup.token_expires_at
          user_authorization.save
        end
      end
    end

    def provides_location?
      !self.city.blank? && (!self.state.blank? || !self.country.blank?)
    end

    def check_lat_lng
      if (city_changed? || state_changed? || country_changed?) && !lat_changed? && !lng_changed?
        update_lat_lng 
      end
    end

    def update_lat_lng(ip_addy=nil)
      if provides_location?  # ip_addy argument ignored in this case
        return false unless ip_addy.nil?  # do nothing if attempting to set latlng from an ip address
        query = { :city => self.city }
        query[:region] = self.state unless self.state.blank?
        query[:country] = self.country unless self.country.blank?
        if geo = MaxMindGeo.where(query).limit(1).first
          if geo.lat && geo.lng && (self.lat != geo.lat || self.lng != geo.lng)
            self.update_attributes({ :lat => geo.lat, :lng => geo.lng })
            return true
          end
        end
      elsif ip_addy
        if geo = MaxMindGeo.ip_lookup(ip_addy)
          if self.lat != geo.lat || self.lng != geo.lng
            self.update_attributes({ :lat => geo.lat, :lng => geo.lng }) 
            return true
          end
        end
      else
        if self.lat || self.lng
          self.update_attributes({ :lat => nil, :lng => nil }) 
          return true
        end
      end
      false
    end

    def current_city(ip_addy=nil)
      unless self.city
        if self.lat && self.lng
          return MaxMindGeo.where(['lat = ? AND lng = ?',self.lat,self.lng]).limit(1).first.try(:city)
        elsif ip_addy
          return MaxMindGeo.ip_lookup(ip_addy).try(:city)
        end
      else
        return self.city
      end
    end

    def top_followings
      @topf ||= User.joins("INNER JOIN follows ON follows.followable_id = users.id")
        .where(['follows.user_id = ?',self.id])
        .order('follows.created_at DESC')
        .limit(3)
    end

    def self.deliver_new_musician_notifications(since_date=nil)
      since_date ||= Time.now-1.week
      self.geocoded_users.find_each do |usr|
        Search.new_musicians(usr, since_date) do |new_nearby|
          UserMailer.new_musicians(usr, new_nearby).deliver
        end
      end
    end

    def facebook_invite!
      unless iu = InvitedUser.facebook_invite(self)
        iu = InvitedUser.new
        iu.sender = self
        iu.autofriend = true
        iu.invite_medium = InvitedUser::FB_MEDIUM
        iu.save
      end
      iu
    end

    # both email and name helps someone understand/recall/verify who they are looking at
    def autocomplete_display_name
      "#{email} (#{name})"
    end

    # used by formtastic for display
    def to_label
      autocomplete_display_name
    end

    # devise compatibility

    #def encrypted_password
    #  logger.debug("password digest returned #{self.password_digest}")
    #  self.password_digest
    #end

    #def encrypted_password=(encrypted_password)
    #  self.password_digest = encrypted_password
    #end

    # end devise compatibility
    private
      def create_remember_token
        self.remember_token = SecureRandom.urlsafe_base64
      end

      def stringify_avatar_info
        # fpfile comes in as a hash, which is a easy-to-use and validate form.  However, we store it as a VARCHAR,
        # so we need t oconvert it to JSON before storing it (otherwise it gets serialized as a ruby object)
        # later, when serving this data out to the REST API, we currently just leave it as a string and make a JSON capable
        # client parse  it, because it's very rare when it's needed at all
        self.original_fpfile = original_fpfile.to_json if !original_fpfile.nil?
        self.cropped_fpfile = cropped_fpfile.to_json if !cropped_fpfile.nil?
        self.crop_selection = crop_selection.to_json if !crop_selection.nil?
      end
  end
end