Untitled

Index: test/unit/membership_test.rb
===================================================================
--- test/unit/membership_test.rb	(revision 2128)
    test/unit/membership_test.rb	(working copy)
@@ -8,7  8,7 @@
   end

   def test_should_find_site_members
-    assert_models_equal [users(:arthur), users(:quentin)].collect(&:id).sort, sites(:first).members.collect(&:id).sort
     assert_models_equal [users(:arthur), users(:quentin), users(:ben)].collect(&:id).sort, sites(:first).members.collect(&:id).sort
   end

   def test_should_find_site_admins
@@ -17,12  17,12 @@
   end

   def test_should_find_all_site_users
-    assert_models_equal [users(:arthur), users(:quentin)].collect(&:id).sort, User.find_all_by_site(sites(:first)).collect(&:id).sort
-    assert_models_equal [users(:arthur), users(:quentin)].collect(&:id).sort, sites(:first).users.collect(&:id).sort
     assert_models_equal [users(:arthur), users(:quentin), users(:ben)].collect(&:id).sort, User.find_all_by_site(sites(:first)).collect(&:id).sort
     assert_models_equal [users(:arthur), users(:quentin), users(:ben)].collect(&:id).sort, sites(:first).users.collect(&:id).sort
   end

   def test_should_find_all_site_users_with_deleted
-    assert_models_equal [User.find_with_deleted(3), users(:arthur), users(:quentin)].collect(&:id).sort, User.find_all_by_site_with_deleted(sites(:first)).collect(&:id).sort
-    assert_models_equal [User.find_with_deleted(3), users(:arthur), users(:quentin)].collect(&:id).sort, sites(:first).users_with_deleted.collect(&:id).sort
     assert_models_equal [User.find_with_deleted(3), users(:arthur), users(:quentin), users(:ben)].collect(&:id).sort, User.find_all_by_site_with_deleted(sites(:first)).collect(&:id).sort
     assert_models_equal [User.find_with_deleted(3), users(:arthur), users(:quentin), users(:ben)].collect(&:id).sort, sites(:first).users_with_deleted.collect(&:id).sort
   end
 end
Index: test/functional/account_controller_test.rb
===================================================================
--- test/functional/account_controller_test.rb	(revision 2128)
    test/functional/account_controller_test.rb	(working copy)
@@ -5,7  5,7 @@
 class AccountController; def rescue_action(e) raise e end; end

 class AccountControllerTest < Test::Unit::TestCase
-  fixtures :users, :sites, :memberships
   fixtures :users, :sites, :memberships, :contents

   def setup
     @controller = AccountController.new
@@ -13,14  13,37 @@
     @response   = ActionController::TestResponse.new

     # for testing action mailer
-    # @emails = ActionMailer::Base.deliveries
-    # @emails.clear
     @emails = ActionMailer::Base.deliveries
     @emails.clear
   end

   def test_should_login_and_redirect
     post :login, :login => 'quentin', :password => 'quentin'
     assert session[:user]
     # quentin has User.admin true
     assert_redirected_to :controller => 'admin/overview', :action => 'index'

     post :login, :login => 'arthur', :password => 'arthur'
     assert session[:user]
     # arthur is an admin for the site :first
     assert_redirected_to :controller => 'admin/overview', :action => 'index'
     get :logout
     assert !session[:user]

     # (need to activate ben before logging in)
     get :activate, :activation_code => users(:ben).activation_code
     post :login, :login => 'ben', :password => 'arthur'
     assert session[:user]
     # ben is not an admin so should be redirected to the front page
     assert_redirected_to :controller => 'mephisto', :action => 'list'
     get :logout
     assert !session[:user]

     # make sure redirected to referrer
     post :login, :login => 'arthur', :password => 'arthur', :referrer => contents(:welcome).full_permalink
     assert_redirected_to contents(:welcome).full_permalink
     get :logout
     assert !session[:user]
   end

   def test_should_fail_login_and_not_redirect
@@ -81,17  104,90 @@
     assert !@controller.send(:logged_in?)
   end

-  protected
-    def auth_token(token)
-      CGI::Cookie.new('name' => 'auth_token', 'value' => token)
   def test_should_activate_user
     if User.require_activation
       assert_nil User.authenticate_for(sites(:first), 'ben', 'arthur')
       get :activate, :activation_code => users(:ben).activation_code
       assert_equal users(:ben), User.authenticate_for(sites(:first), 'ben', 'arthur')
     end
-
-    def cookie_for(user)
-      auth_token users(user).remember_token
   end

   def test_should_not_activate_nil
     get :activate, :activation_code => nil
     assert_activate_error
   end

   def test_should_not_activate_bad
     get :activate, :activation_code => 'foobar'
     assert flash.has_key?(:error), "Flash should contain error message."
     assert_activate_error
   end

   def assert_activate_error
     assert_response :success
     assert_template "account/activate"
   end

   def test_should_activate_user_and_send_activation_email
     if User::require_activation
       get :activate, :activation_code => users(:ben).activation_code
       assert_equal 1, @emails.length
       assert(@emails.first.subject =~ /Your account has been activated/)
       assert(@emails.first.body    =~ /#{assigns(:user).login}, your account has been activated/)
     end
   end

-    def create_user(options = {})
-      post :signup, :user => { :login => 'quire', :email => 'quire@example.com',
-                               :password => 'quire', :password_confirmation => 'quire' }.merge(options)
   def test_should_send_activation_email_after_signup
     if User::require_activation
       create_user
       assert_equal 1, @emails.length
       assert(@emails.first.subject =~ /Please activate your new account/)
       assert(@emails.first.body    =~ /Username: quire/)
       assert(@emails.first.body    =~ /Password: quire/)
       assert(@emails.first.body    =~ /account\/activate\/#{assigns(:user).activation_code}/)
     end
   end

   def test_should_allow_password_change
     post :login, :login => 'quentin', :password => 'quentin'
     assert session[:user]
     post :change_password, :old_password => 'quentin', :password => 'newpassword', :password_confirmation => 'newpassword'
     assert_equal 'newpassword', assigns(:current_user).password # doesn't work because passwords are crypted
     assert_equal "Password changed", flash[:notice]
     post :logout
     assert_nil session[:user]
     post :login, :login => 'quentin', :password => 'newpassword'
     assert session[:user]
   end

   def test_non_matching_passwords_should_not_change
     post :login, :login => 'quentin', :password => 'quentin'
     assert session[:user]
     post :change_password, { :old_password => 'test', :password => 'newpassword', :password_confirmation => 'test' }
     assert_not_equal 'newpassword', assigns(:current_user).password
     assert_equal "Wrong password", flash[:notice]
   end

   def test_incorrect_old_password_does_not_change
     post :login, :login => 'quentin', :password => 'quentin'
     assert session[:user]
     post :change_password, { :old_password => 'wrongpassword', :password => 'newpassword', :password_confirmation => 'newpassword' }
     assert_not_equal 'newpassword', assigns(:current_user).password
     assert_equal "Wrong password", flash[:notice]
   end

   protected

   def auth_token(token)
     CGI::Cookie.new('name' => 'auth_token', 'value' => token)
   end

   def cookie_for(user)
     auth_token users(user).remember_token
   end

   def create_user(options = {})
     post :signup, :user => { :login => 'quire', :email => 'quire@example.com',
       :password => 'quire', :password_confirmation => 'quire' }.merge(options)
   end
 end
Index: test/functional/admin/users_controller_test.rb
===================================================================
--- test/functional/admin/users_controller_test.rb	(revision 2128)
    test/functional/admin/users_controller_test.rb	(working copy)
@@ -40,7  40,7 @@
     login_as :quentin
     assert_difference User, :count do
       post :create, :user => { :login => 'bob', :email => 'foo', :password => 'testy', :password_confirmation => 'testy', :admin => true }
-      assert_equal assigns(:user), User.authenticate_for(sites(:first), 'bob', 'testy')
       assert_equal assigns(:user), User.authenticate_for(sites(:first), 'bob', 'testy', :require_activation => false)
       assert_redirected_to :action => 'index'
       assert flash[:notice]
     end
@@ -114,7  114,7 @@
   def test_should_show_deleted_users
     login_as :quentin
     get :index
-    assert_equal 3, assigns(:users).size
     assert_equal 4, assigns(:users).size
     user_tag    = { :tag => 'li', :attributes => { :id => 'user-1', :class => 'clear' } }
     normal_tag  = { :tag => 'li', :attributes => { :id => 'user-2', :class => 'clear' } }
     deleted_tag = { :tag => 'li', :attributes => { :id => 'user-3', :class => 'clear deleted' } }
Index: test/fixtures/users.yml
===================================================================
--- test/fixtures/users.yml	(revision 2128)
    test/fixtures/users.yml	(working copy)
@@ -10,7  10,7 @@
   filter: textile_filter
   remember_token: quentintoken
   remember_token_expires_at: <%= 5.days.from_now.to_s :db %>
-  # activated_at: <%= 5.days.ago.to_s :db %> # only if you're activating new signups
   activated_at: <%= 5.days.ago.to_s :db %> # only if you're activating new signups
   admin: true
 arthur:
   id: 2
@@ -21,6  21,7 @@
   activation_code: arthurscode # only if you're activating new signups
   created_at: <%= 1.days.ago.to_s :db %>
   updated_at: <%= 1.days.ago.to_s :db %>
   activated_at: <%= 5.days.ago.to_s :db %> # only if you're activating new signups
   filter: markdown_filter
 aaron:
   id: 3
@@ -32,4  33,14 @@
   created_at: <%= 1.days.ago.to_s :db %>
   updated_at: <%= 1.days.ago.to_s :db %>
   deleted_at: <%= 5.hours.ago.to_s :db %>
-  filter: markdown_filter
\ No newline at end of file
   filter: markdown_filter
 ben:
   id: 4
   login: ben
   email: ben@example.com
   salt: 55bc51360864c82dcd7ff4bcfec56a8d8e79e751
   crypted_password: 37ba966058c6f39162e5b537adb516af91cd1fe6 # arthur
   activation_code: benscode # only if you're activating new signups
   created_at: <%= 1.days.ago.to_s :db %>
   updated_at: <%= 1.days.ago.to_s :db %>
   filter: markdown_filter
Index: test/fixtures/memberships.yml
===================================================================
--- test/fixtures/memberships.yml	(revision 2128)
    test/fixtures/memberships.yml	(working copy)
@@ -22,4  22,8 @@
   id: 5
   user_id: 1
   site_id: 2
-  admin: true
\ No newline at end of file
   admin: true
 ben_first:
   id: 6
   user_id: 4
   site_id: 1
Index: app/models/user.rb
===================================================================
--- app/models/user.rb	(revision 2128)
    app/models/user.rb	(working copy)
@@ -3,7  3,7 @@
   has_many :articles
   acts_as_paranoid

-  has_many :memberships
   has_many :memberships, :dependent=>:destroy
   has_many :sites, :through => :memberships, :order => 'title, host'

   def self.find_admins(*args)
Index: app/models/user_auth.rb
===================================================================
--- app/models/user_auth.rb	(revision 2128)
    app/models/user_auth.rb	(working copy)
@@ -18,13  18,23 @@
   validates_uniqueness_of   :login, :email, :case_sensitve => false
   before_save :encrypt_password

-  # Uncomment this to use activation
-  # before_create :make_activation_code
   @@require_activation = false  # Set to true to require activation
   if @@require_activation
     before_create :make_activation_code
   end
   mattr_reader :require_activation

   # Authenticates a user by their login name and unencrypted password.  Returns the user or nil.
-  def self.authenticate_for(site, login, password)
   def self.authenticate_for(site, login, password, options={})
     options[:require_activation] = @@require_activation if options[:require_activation].nil?
     if options[:require_activation]
       activation_cond = ' and activated_at is not NULL'
     else
       activation_cond = ''
     end
     u = find(:first, @@membership_options.merge(
-      :conditions => ['users.login = ? and (memberships.site_id = ? or users.admin = ?)', login, site.id, true]))
       :conditions => ['users.login = ? and (memberships.site_id = ? or users.admin = ?)'   activation_cond,
                       login, site.id, true]))
     u && u.authenticated?(password) ? u : nil
   end

@@ -45,15  55,25 @@
     find_with_deleted(:all, @@membership_options.merge(options.reverse_merge(:conditions => ['memberships.site_id = ? or users.admin = ?', site.id, true]))).uniq
   end

   def self.find_by_site_and_activation_code(site, activation_code)
     with_deleted_scope do
       find_with_deleted(:first, @@membership_options.merge(
       :conditions => ['users.activation_code = ? and memberships.site_id = ?', activation_code, site.id]))
     end
   end

   def self.find_by_site_and_password_reset_code(site, password_reset_code)
     with_deleted_scope do
       find_with_deleted(:first, @@membership_options.merge(
       :conditions => ['users.password_reset_code = ? and memberships.site_id = ?', password_reset_code, site.id]))
     end
   end

   # Encrypts some data with the salt.
   def self.encrypt(password, salt)
     Digest::SHA1.hexdigest("--#{salt}--#{password}--")
   end

-  def make_activation_code
-    self.activation_code = Digest::SHA1.hexdigest( Time.now.to_s.split('//').sort_by {rand}.join )
-  end
-
   # Encrypts the password with the user salt
   def encrypt(password)
     self.class.encrypt(password, salt)
@@ -80,14  100,54 @@
     save(false)
   end

   # Activates the user in the database.
   def activate
     @activated = true
     update_attributes(:activated_at => Time.now.utc)
   end

   # Returns true if the user has just been activated.
   def recently_activated?
     @activated
   end

   def forgot_password
     @forgotten_password = true
     self.make_password_reset_code
   end

   def reset_password
     # First update the password_reset_code before setting the
     # reset_password flag to avoid duplicate email notifications.
     update_attributes(:password_reset_code => nil)
     @reset_password = true
   end

   def recently_reset_password?
     @reset_password
   end

   def recently_forgot_password?
     @forgotten_password
   end

   protected
-    def encrypt_password
-      return if password.blank?
-      self.salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}--#{login}--") if new_record?
-      self.crypted_password = encrypt(password)
-    end

   def encrypt_password
     return if password.blank?
     self.salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}--#{login}--") if new_record?
     self.crypted_password = encrypt(password)
   end

-    def password_required?
-      crypted_password.nil? || !password.blank?
-    end
   def password_required?
     crypted_password.nil? || !password.blank?
   end

   def make_activation_code
     self.activation_code = Digest::SHA1.hexdigest( Time.now.to_s.split(//).sort_by {rand}.join )
   end

   def make_password_reset_code
     self.password_reset_code = Digest::SHA1.hexdigest( Time.now.to_s.split(//).sort_by {rand}.join )
   end
 end
Index: app/models/site.rb
===================================================================
--- app/models/site.rb	(revision 2128)
    app/models/site.rb	(working copy)
@@ -16,7  16,7 @@
   has_many  :assets, :as => :attachable, :order => 'created_at desc'
   has_many  :assets, :order => 'created_at desc', :conditions => 'parent_id is null'

-  has_many :memberships
   has_many :memberships, :dependent=>:destroy
   has_many :members, :through => :memberships, :source => :user
   has_many :admins,  :through => :memberships, :source => :user, :conditions => ['memberships.admin = ? or users.admin = ?', true, true]

Index: app/controllers/account_controller.rb
===================================================================
--- app/controllers/account_controller.rb	(revision 2128)
    app/controllers/account_controller.rb	(working copy)
@@ -2,23  2,32 @@
   include AuthenticatedSystem
   before_filter :login_from_cookie
   layout 'simple'
   observer :user_observer

   def index
     render :action => 'login'
   end

   def login
     @referrer = params[:referrer] || request.env["HTTP_REFERER"] || ""
     return unless request.post?
     @login = params[:login]
     self.current_user = User.authenticate_for(site, params[:login], params[:password])
     if logged_in?
       if params[:remember_me] == "1"
         self.current_user.remember_me
         cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }
       end
-      redirect_back_or_default(:controller => '/admin/overview', :action => 'index')
-      flash[:notice] = "Logged in successfully"
       store_location :overwrite => false, :uri => @referrer.blank? ? nil : @referrer
       flash[:notice] = "You are logged in"
       redirect_back_or_default(default_url(self.current_user))
     else
-      flash[:error] = "Could not log you in. Are you sure your Login name and Password are correct?"
       if User.require_activation and user = User.authenticate_for(site, params[:login], params[:password], :require_activation=>false)
         flash[:error] = "You must activate your account before you can log in.  An activation code was e-mailed to you when you signed up."
         flash[:user_to_activate] = user
       else
         flash[:error] = "Could not log you in. Are you sure your Login name and Password are correct?"
       end
     end
   end

@@ -29,4  38,109 @@
     flash[:notice] = "You have been logged out."
     redirect_back_or_default(:controller => 'mephisto', :action => 'list', :sections => [])
   end

   def signup
     @user = User.new(params[:user])
     return unless request.post?
     @user.save!
     Membership.create(:user_id=>@user.id, :site_id=>site.id)
     self.current_user = @user
     if User.require_activation
       flash[:notice] = "Thanks for signing up!  An activation code has been sent to #{@user.email}"
     else
       flash[:notice] = "Thanks for signing up!"
     end
     redirect_back_or_default(:controller => '/account', :action => 'index')
   rescue ActiveRecord::RecordInvalid
     render :action => 'signup'
   end

   def activate
     if params[:activation_code]
       @user = User.find_by_site_and_activation_code(site, params[:activation_code])
       if @user
         if @user.activated_at
           flash[:notice] = "Your account has already been activated."
         else
           @user.activate
           flash[:notice] = "Your account has been activated."
         end
         self.current_user = @user
         redirect_back_or_default(default_url(self.current_user))
       else
         flash[:error] = "Unable to activate the account.  Did you enter the correct information?"
       end
     end
   end

   def forgot_password
     return unless request.post?
     if @user = User.find_by_email(params[:email])
       @user.forgot_password
       @user.save
       flash[:notice] = "A password reset link has been sent to your email address"
       redirect_back_or_default(:controller => '/account', :action => 'index')
     else
       flash[:notice] = "Could not find a user with that email address"
     end
   end

   def reset_password
     @user = User.find_by_site_and_password_reset_code(params[:id])
     raise if @user.nil?
     return if @user unless params[:password]
     if (params[:password] == params[:password_confirmation])
       self.current_user = @user #for the next two lines to work
       current_user.password_confirmation = params[:password_confirmation]
       current_user.password = params[:password]
       @user.reset_password
       flash[:notice] = current_user.save ? "Password reset" : "Password not reset"
     else
       flash[:notice] = "Password mismatch"
     end
     redirect_back_or_default(default_url(self.current_user))
   rescue
     logger.error "Invalid Reset Code entered"
     flash[:notice] = "Sorry, that is an invalid password reset code.  Please check the link and try again. (Perhaps your email client inserted a carriage return?)"
     redirect_back_or_default(:controller => '/account', :action => 'index')
   end

   def change_password
     return unless request.post?
     if User.authenticate_for(site, current_user.login, params[:old_password])
       if (params[:password] == params[:password_confirmation])
         current_user.password_confirmation = params[:password_confirmation]
         current_user.password = params[:password]
         flash[:notice] = current_user.save ?
               "Password changed" :
               "Password not changed"
       else
         flash[:notice] = "Password mismatch"
         @old_password = params[:old_password]
       end
     else
       flash[:notice] = "Wrong password"
     end
   end

   def send_activation_code
     if request.post? and user = flash[:user_to_activate]
       UserNotifier.deliver_signup_notification(user)
       flash[:user_to_activate] = nil
       flash[:error] = nil
       flash[:notice] = "An activation code has been sent to #{user.email}"
     end
     redirect_to :controller => '/account', :action => 'login'
   end

   protected

   def default_url(user)
     if admin?
       url_for :controller => '/admin/overview', :action => 'index'
     else
       section_url :sections=>[]
     end
   end

 end
Index: app/controllers/application.rb
===================================================================
--- app/controllers/application.rb	(revision 2128)
    app/controllers/application.rb	(working copy)
@@ -7,6  7,10 @@
   helper_method  :site
   attr_reader    :site

   def admin?
     logged_in? && current_user.admin? || current_user.site_admin?
   end

   protected
     # so not the best place for this...
     def asset_image_args_for(asset, thumbnail = :tiny, options = {})
Index: app/controllers/admin/base_controller.rb
===================================================================
--- app/controllers/admin/base_controller.rb	(revision 2128)
    app/controllers/admin/base_controller.rb	(working copy)
@@ -3,9  3,9 @@
   before_filter :login_from_cookie
   before_filter :login_required, :except => :feed

-  def admin?
-    logged_in? && current_user.admin? || current_user.site_admin?
-  end
-
   helper_method :admin?

   protected

   alias authorized? admin?
 end
Index: app/views/account/login.rhtml
===================================================================
--- app/views/account/login.rhtml	(revision 2128)
    app/views/account/login.rhtml	(working copy)
@@ -1,8  1,9 @@
-<%= start_form_tag({}, { :id => 'login_form' }) %>
 <div class="little-box">
 <%= start_form_tag({:controller=>:account, :action=>:login}, { :id => 'login_form' }) %>
 <%= hidden_field_tag "referrer", @referrer %>
   <dl>
     <dt><%= label_tag 'login', 'Login' %></dt>
-    <dd><%= text_field_tag 'login', {}, :class => 'big' %></dd>
     <dd><%= text_field_tag 'login', @login, :class => 'big' %></dd>
     <dt><%= label_tag 'password', 'Password' %></dt>
     <dd><%= password_field_tag 'password', {}, :class => 'big' %></dd>
     <dt></dt>
@@ -12,5  13,16 @@
     </dd>
   </dl>
   <p class="btns"><%= submit_tag 'Sign in' %></p>
 <%= end_form_tag %>
 </div>

 <br />
 <% if user=flash[:user_to_activate] -%>
 <div class="little-box">
 <%= start_form_tag({:controller=>:account, :action=>:send_activation_code}, { :id => 'send_activation_code_form' }) %>
   <p>Click the button below to send another activation code to <%=user.email%>.</p>
   <%= hidden_field_tag 'id', user.id %>
   <p class="btns"><%= submit_tag 'Resend code' %></p>
 <%= end_form_tag %>
 </div>
 <% end -%>
Index: config/routes.rb
===================================================================
--- config/routes.rb	(revision 2128)
    config/routes.rb	(working copy)
@@ -12,6  12,8 @@
   map.admin    'admin', :controller => 'admin/overview', :action => 'index'
   map.resources :assets, :path_prefix => '/admin', :controller => 'admin/assets', :member => { :add_bucket => :post },
     :collection => { :latest => :post, :search => :post, :upload => :post, :clear_bucket => :post }

   map.activate 'account/activate/:activation_code', :controller => 'account', :action => 'activate'

   map.connect 'xmlrpc', :controller => 'backend', :action => 'xmlrpc'

Index: config/environment.rb
===================================================================
--- config/environment.rb	(revision 2128)
    config/environment.rb	(working copy)
@@ -4,6  4,10 @@
 # you don't control web/app server and can't set it the proper way
 # ENV['RAILS_ENV'] ||= 'production'

 require 'rubygems'
 require 'ruby-debug'
 Debugger.start

 # Bootstrap the Rails environment, frameworks, and default configuration
 require File.join(File.dirname(__FILE__), 'boot')

@@ -43,4  47,7 @@
 # Mephisto::SweeperMethods.cache_sweeper_tracing = true

 # Enable if you want to host multiple sites on this app
-# Site.multi_sites_enabled = true
\ No newline at end of file
 # Site.multi_sites_enabled = true

 UserNotifier.default_url_options[:host] = 'localhost:3000'
 UserNotifier.mail_from = 'webmaster@localhost'
Index: db/schema.rb
===================================================================
--- db/schema.rb	(revision 2128)
    db/schema.rb	(working copy)
@@ -2,7  2,7 @@
 # migrations feature of ActiveRecord to incrementally modify your database, and
 # then regenerate this schema definition.

-ActiveRecord::Schema.define(:version => 56) do
 ActiveRecord::Schema.define(:version => 100) do

   create_table "assets", :force => true do |t|
     t.column "content_type",     :string
@@ -162,6  162,7 @@
     t.column "remember_token_expires_at", :datetime
     t.column "filter",                    :string
     t.column "admin",                     :boolean,                 :default => false
     t.column "password_reset_code",       :string,   :limit => 40
   end

 end
Index: lib/mephisto/liquid/comment_form.rb
===================================================================
--- lib/mephisto/liquid/comment_form.rb	(revision 2128)
    lib/mephisto/liquid/comment_form.rb	(working copy)
@@ -9,12  9,12 @@
         context.stack do
           if context['message'].blank?
             errors = context['errors'].blank? ? '' : %Q{<ul id="comment-errors"><li>#{context['errors'].join('</li><li>')}</li></ul>}
-

             submitted = context['submitted'] || {}
             submitted.each{ |k, v| submitted[k] = CGI::escapeHTML(v) }

             context['form'] = {
-              'body'   => %(<textarea id="comment_body" name="comment[body]">#{submitted['body']}</textarea>),
               'body'   => %(<textarea id="comment_body" class="commentbox" name="comment[body]">#{submitted['body']}</textarea>),
               'name'   => %(<input type="text" id="comment_author" name="comment[author]" value="#{submitted['author']}" />),
               'email'  => %(<input type="text" id="comment_author_email" name="comment[author_email]" value="#{submitted['author_email']}" />),
               'url'    => %(<input type="text" id="comment_author_url" name="comment[author_url]" value="#{submitted['author_url']}" />),
@@ -30,4  30,4 @@
       end
     end
   end
-end
\ No newline at end of file
 end
Index: lib/authenticated_system.rb
===================================================================
--- lib/authenticated_system.rb	(revision 2128)
    lib/authenticated_system.rb	(working copy)
@@ -36,10  36,16 @@

     # store current uri in  the session.
     # we can return to this location by calling return_location
-    def store_location
-      session[:return_to] = request.request_uri
     # Options:
     # * :overwrite - (default = true) Overwrite existing stored location
     # * :uri - Return to the specified URI (defaults to request.request_uri)
     def store_location(options={})
       options[:overwrite] = true if options[:overwrite].nil?
       return if !options[:overwrite] and session[:return_to]
       session[:return_to] = options[:uri] or request.request_uri
       else
     end
-

     # move to the last store_location call or to the passed default one
     def redirect_back_or_default(default)
       session[:return_to] ? redirect_to_url(session[:return_to]) : redirect_to(default)
@@ -95,4  101,4 @@
       end
       return [user, pass]
     end
-end
\ No newline at end of file
 end