Untitled

Index: test/unit/membership_test.rb
===================================================================
--- test/unit/membership_test.rb	(revision 2170)
+++ test/unit/membership_test.rb	(working copy)
@@ -8,7 +8,7 @@
   end

   def test_should_find_site_members
-    assert_models_equal [users(:arthur), users(:quentin)].collect(&:id).sort, sites(:first).members.collect(&:id).sort
+    assert_models_equal [users(:arthur), users(:quentin), users(:ben)].collect(&:id).sort, sites(:first).members.collect(&:id).sort
   end

   def test_should_find_site_admins
@@ -17,12 +17,12 @@
   end

   def test_should_find_all_site_users
-    assert_models_equal [users(:arthur), users(:quentin)].collect(&:id).sort, User.find_all_by_site(sites(:first)).collect(&:id).sort
-    assert_models_equal [users(:arthur), users(:quentin)].collect(&:id).sort, sites(:first).users.collect(&:id).sort
+    assert_models_equal [users(:arthur), users(:quentin), users(:ben)].collect(&:id).sort, User.find_all_by_site(sites(:first)).collect(&:id).sort
+    assert_models_equal [users(:arthur), users(:quentin), users(:ben)].collect(&:id).sort, sites(:first).users.collect(&:id).sort
   end

   def test_should_find_all_site_users_with_deleted
-    assert_models_equal [User.find_with_deleted(3), users(:arthur), users(:quentin)].collect(&:id).sort, User.find_all_by_site_with_deleted(sites(:first)).collect(&:id).sort
-    assert_models_equal [User.find_with_deleted(3), users(:arthur), users(:quentin)].collect(&:id).sort, sites(:first).users_with_deleted.collect(&:id).sort
+    assert_models_equal [User.find_with_deleted(3), users(:arthur), users(:quentin), users(:ben)].collect(&:id).sort, User.find_all_by_site_with_deleted(sites(:first)).collect(&:id).sort
+    assert_models_equal [User.find_with_deleted(3), users(:arthur), users(:quentin), users(:ben)].collect(&:id).sort, sites(:first).users_with_deleted.collect(&:id).sort
   end
 end
Index: test/unit/user_notifier_test.rb
===================================================================
--- test/unit/user_notifier_test.rb	(revision 0)
+++ test/unit/user_notifier_test.rb	(revision 0)
@@ -0,0 +1,45 @@
+require File.dirname(__FILE__) + '/../test_helper'
+require 'user_notifier'
+
+class UserNotifierTest < Test::Unit::TestCase
+  include ActionController::UrlWriter
+  fixtures :users
+
+  FIXTURES_PATH = File.dirname(__FILE__) + '/../fixtures'
+  CHARSET = "utf-8"
+
+  include ActionMailer::Quoting
+
+  def setup
+    ActionMailer::Base.delivery_method = :test
+    ActionMailer::Base.perform_deliveries = true
+    ActionMailer::Base.deliveries = []
+
+    @expected = TMail::Mail.new
+    @expected.set_content_type "text", "plain", { "charset" => CHARSET }
+  end
+
+  def test_forgot_password
+    user = users(:quentin)
+    user.forgot_password
+    response = UserNotifier.deliver_forgot_password(user)
+    assert_equal user.email, response.to[0]
+    assert_match /#{url_for :controller => :account, :action => :reset_password, :id => user.password_reset_code}/, response.body
+  end
+
+  def test_reset_password
+    user = users(:quentin)
+    response = UserNotifier.deliver_reset_password(user)
+    assert_equal user.email, response.to[0]
+    assert_match /Your password has been reset/, response.subject
+  end
+
+  private
+    def read_fixture(action)
+      IO.readlines("#{FIXTURES_PATH}/user_notifier/#{action}")
+    end
+
+    def encode(subject)
+      quoted_printable(subject, CHARSET)
+    end
+end
Index: test/functional/account_controller_test.rb
===================================================================
--- test/functional/account_controller_test.rb	(revision 2170)
+++ test/functional/account_controller_test.rb	(working copy)
@@ -5,7 +5,7 @@
 class AccountController; def rescue_action(e) raise e end; end

 class AccountControllerTest < Test::Unit::TestCase
-  fixtures :users, :sites, :memberships
+  fixtures :users, :sites, :memberships, :contents

   def setup
     @controller = AccountController.new
@@ -13,14 +13,35 @@
     @response   = ActionController::TestResponse.new

     # for testing action mailer
-    # @emails = ActionMailer::Base.deliveries
-    # @emails.clear
+    @emails = ActionMailer::Base.deliveries
+    @emails.clear
   end

   def test_should_login_and_redirect
     post :login, :login => 'quentin', :password => 'quentin'
     assert session[:user]
+    # quentin has User.admin true
     assert_redirected_to :controller => 'admin/overview', :action => 'index'
+
+    post :login, :login => 'arthur', :password => 'arthur'
+    assert session[:user]
+    # arthur is an admin for the site :first
+    assert_redirected_to :controller => 'admin/overview', :action => 'index'
+    get :logout
+    assert !session[:user]
+
+    post :login, :login => 'ben', :password => 'arthur'
+    assert session[:user]
+    # ben is not an admin so should be redirected to the front page
+    assert_redirected_to :controller => 'mephisto', :action => 'dispatch'
+    get :logout
+    assert !session[:user]
+
+    # make sure redirected to referrer
+    post :login, :login => 'arthur', :password => 'arthur', :referrer => contents(:welcome).full_permalink
+    assert_redirected_to contents(:welcome).full_permalink
+    get :logout
+    assert !session[:user]
   end

   def test_should_fail_login_and_not_redirect
@@ -81,17 +102,46 @@
     assert !@controller.send(:logged_in?)
   end

+  def test_should_allow_password_change
+    post :login, :login => 'quentin', :password => 'quentin'
+    assert session[:user]
+    post :change_password, :old_password => 'quentin', :password => 'newpassword', :password_confirmation => 'newpassword'
+    assert_equal 'newpassword', assigns(:current_user).password # doesn't work because passwords are crypted
+    assert_equal "Password changed", flash[:notice]
+    post :logout
+    assert_nil session[:user]
+    post :login, :login => 'quentin', :password => 'newpassword'
+    assert session[:user]
+  end
+
+  def test_non_matching_passwords_should_not_change
+    post :login, :login => 'quentin', :password => 'quentin'
+    assert session[:user]
+    post :change_password, { :old_password => 'test', :password => 'newpassword', :password_confirmation => 'test' }
+    assert_not_equal 'newpassword', assigns(:current_user).password
+    assert_equal "Wrong password", flash[:notice]
+  end
+
+  def test_incorrect_old_password_does_not_change
+    post :login, :login => 'quentin', :password => 'quentin'
+    assert session[:user]
+    post :change_password, { :old_password => 'wrongpassword', :password => 'newpassword', :password_confirmation => 'newpassword' }
+    assert_not_equal 'newpassword', assigns(:current_user).password
+    assert_equal "Wrong password", flash[:notice]
+  end
+
   protected
-    def auth_token(token)
-      CGI::Cookie.new('name' => 'auth_token', 'value' => token)
-    end
-
-    def cookie_for(user)
-      auth_token users(user).remember_token
-    end

-    def create_user(options = {})
-      post :signup, :user => { :login => 'quire', :email => 'quire@example.com',
-                               :password => 'quire', :password_confirmation => 'quire' }.merge(options)
-    end
+  def auth_token(token)
+    CGI::Cookie.new('name' => 'auth_token', 'value' => token)
+  end
+
+  def cookie_for(user)
+    auth_token users(user).remember_token
+  end
+
+  def create_user(options = {})
+    post :signup, :user => { :login => 'quire', :email => 'quire@example.com',
+      :password => 'quire', :password_confirmation => 'quire' }.merge(options)
+  end
 end
Index: test/functional/admin/users_controller_test.rb
===================================================================
--- test/functional/admin/users_controller_test.rb	(revision 2170)
+++ test/functional/admin/users_controller_test.rb	(working copy)
@@ -40,7 +40,7 @@
     login_as :quentin
     assert_difference User, :count do
       assert_difference Membership, :count do
-        post :create, :user => { :login => 'bob', :email => 'foo', :password => 'testy', :password_confirmation => 'testy', :admin => true }
+        post :create, :user => { :login => 'bob', :email => 'foo@example.com', :password => 'testy', :password_confirmation => 'testy', :admin => true }
         assert_models_equal [sites(:first)], assigns(:user).sites
         assert_equal assigns(:user), User.authenticate_for(sites(:first), 'bob', 'testy')
         assert_redirected_to :action => 'index'
@@ -51,34 +51,34 @@

   def test_should_update_email_and_password
     login_as :quentin
-    post :update, :id => users(:quentin).id, :user => { :email => 'foo', :password => 'testy', :password_confirmation => 'testy' }
+    post :update, :id => users(:quentin).id, :user => { :email => 'foo@example.com', :password => 'testy', :password_confirmation => 'testy' }
     users(:quentin).reload
-    assert_equal 'foo', users(:quentin).email
+    assert_equal 'foo@example.com', users(:quentin).email
     assert_equal users(:quentin), User.authenticate_for(sites(:first), 'quentin', 'testy')
     assert_response :success
   end

   def test_should_update_email_and_password_as_site_member
     login_as :arthur, :hostess
-    post :update, :id => users(:arthur).id, :user => { :email => 'foo', :password => 'testy', :password_confirmation => 'testy' }
+    post :update, :id => users(:arthur).id, :user => { :email => 'foo@example.com', :password => 'testy', :password_confirmation => 'testy' }
     users(:arthur).reload
-    assert_equal 'foo', users(:arthur).email
+    assert_equal 'foo@example.com', users(:arthur).email
     assert_equal users(:arthur), User.authenticate_for(sites(:hostess), 'arthur', 'testy')
     assert_response :success
   end

   def test_should_leave_password_alone
     login_as :quentin
-    post :update, :id => users(:quentin).id, :user => { :email => 'foo', :password => '', :password_confirmation => '' }
+    post :update, :id => users(:quentin).id, :user => { :email => 'foo@example.com', :password => '', :password_confirmation => '' }
     users(:quentin).reload
-    assert_equal 'foo', users(:quentin).email
+    assert_equal 'foo@example.com', users(:quentin).email
     assert_equal users(:quentin), User.authenticate_for(sites(:first), 'quentin', 'quentin')
     assert_response :success
   end

   def test_should_show_error_while_updating
     login_as :quentin
-    post :update, :id => users(:quentin).id, :user => { :email => 'foo', :password => 'tea', :password_confirmation => '' }
+    post :update, :id => users(:quentin).id, :user => { :email => 'foo@example.com', :password => 'tea', :password_confirmation => '' }
     users(:quentin).reload
     assert_equal 'quentin@example.com', users(:quentin).email
     assert_equal users(:quentin), User.authenticate_for(sites(:first), 'quentin', 'quentin')
@@ -87,7 +87,7 @@

   def test_should_show_error_while_creating
     login_as :quentin
-    post :create, :user => { :email => 'foo', :password => 'tea', :password_confirmation => '' }
+    post :create, :user => { :email => 'foo@example.com', :password => 'tea', :password_confirmation => '' }
     assert_response :success
   end

@@ -117,7 +117,7 @@
   def test_should_show_deleted_users
     login_as :quentin
     get :index
-    assert_equal 3, assigns(:users).size
+    assert_equal 4, assigns(:users).size
     user_tag    = { :tag => 'li', :attributes => { :id => 'user-1', :class => 'clear' } }
     normal_tag  = { :tag => 'li', :attributes => { :id => 'user-2', :class => 'clear' } }
     deleted_tag = { :tag => 'li', :attributes => { :id => 'user-3', :class => 'clear deleted' } }
Index: test/fixtures/users.yml
===================================================================
--- test/fixtures/users.yml	(revision 2170)
+++ test/fixtures/users.yml	(working copy)
@@ -10,7 +10,7 @@
   filter: textile_filter
   remember_token: quentintoken
   remember_token_expires_at: <%= 5.days.from_now.to_s :db %>
-  # activated_at: <%= 5.days.ago.to_s :db %> # only if you're activating new signups
+  activated_at: <%= 5.days.ago.to_s :db %> # only if you're activating new signups
   admin: true
 arthur:
   id: 2
@@ -21,6 +21,7 @@
   activation_code: arthurscode # only if you're activating new signups
   created_at: <%= 1.days.ago.to_s :db %>
   updated_at: <%= 1.days.ago.to_s :db %>
+  activated_at: <%= 5.days.ago.to_s :db %> # only if you're activating new signups
   filter: markdown_filter
 aaron:
   id: 3
@@ -32,4 +33,14 @@
   created_at: <%= 1.days.ago.to_s :db %>
   updated_at: <%= 1.days.ago.to_s :db %>
   deleted_at: <%= 5.hours.ago.to_s :db %>
-  filter: markdown_filter
\ No newline at end of file
+  filter: markdown_filter
+ben:
+  id: 4
+  login: ben
+  email: ben@example.com
+  salt: 55bc51360864c82dcd7ff4bcfec56a8d8e79e751
+  crypted_password: 37ba966058c6f39162e5b537adb516af91cd1fe6 # arthur
+  activation_code: benscode # only if you're activating new signups
+  created_at: <%= 1.days.ago.to_s :db %>
+  updated_at: <%= 1.days.ago.to_s :db %>
+  filter: markdown_filter
Index: test/fixtures/memberships.yml
===================================================================
--- test/fixtures/memberships.yml	(revision 2170)
+++ test/fixtures/memberships.yml	(working copy)
@@ -22,4 +22,8 @@
   id: 5
   user_id: 1
   site_id: 2
-  admin: true
\ No newline at end of file
+  admin: true
+ben_first:
+  id: 6
+  user_id: 4
+  site_id: 1
Index: app/models/user_notifier.rb
===================================================================
--- app/models/user_notifier.rb	(revision 0)
+++ app/models/user_notifier.rb	(revision 0)
@@ -0,0 +1,25 @@
+class UserNotifier < ActionMailer::Base
+  include ActionController::UrlWriter
+  @@mail_from = nil
+  mattr_accessor :host, :mail_from
+
+  def forgot_password(user)
+    setup_email(user)
+    @subject += 'Request to change your password'
+    @body[:url]  = url_for :controller => :account, :action => :reset_password, :id => user.password_reset_code
+  end
+
+  def reset_password(user)
+    setup_email(user)
+    @subject += 'Your password has been reset'
+  end
+
+  protected
+  def setup_email(user)
+    @recipients  = "#{user.email}"
+    @from        = "#{@@mail_from}"
+    @subject     = "#{default_url_options[:host]}: "
+    @sent_on     = Time.now
+    @body[:user] = user
+  end
+end
Index: app/models/user_observer.rb
===================================================================
--- app/models/user_observer.rb	(revision 0)
+++ app/models/user_observer.rb	(revision 0)
@@ -0,0 +1,6 @@
+class UserObserver < ActiveRecord::Observer
+  def after_save(user)
+    UserNotifier.deliver_forgot_password(user) if user.recently_forgot_password?
+    UserNotifier.deliver_reset_password(user) if user.recently_reset_password?
+  end
+end
Index: app/models/user_auth.rb
===================================================================
--- app/models/user_auth.rb	(revision 2170)
+++ app/models/user_auth.rb	(working copy)
@@ -9,18 +9,15 @@
   attr_accessor :password

   validates_presence_of     :login, :email
+  validates_format_of       :email, :with => Mephisto::EmailRegex
   validates_presence_of     :password,                   :if => :password_required?
   validates_presence_of     :password_confirmation,      :if => :password_required?
   validates_length_of       :password, :within => 5..40, :if => :password_required?
   validates_confirmation_of :password,                   :if => :password_required?
   validates_length_of       :login,    :within => 3..40
-  validates_length_of       :email,    :within => 3..100
   validates_uniqueness_of   :login, :email, :case_sensitve => false
   before_save :encrypt_password

-  # Uncomment this to use activation
-  # before_create :make_activation_code
-
   # Authenticates a user by their login name and unencrypted password.  Returns the user or nil.
   def self.authenticate_for(site, login, password)
     u = find(:first, @@membership_options.merge(
@@ -45,15 +42,18 @@
     find_with_deleted(:all, @@membership_options.merge(options.reverse_merge(:conditions => ['memberships.site_id = ? or users.admin = ?', site.id, true]))).uniq
   end

+  def self.find_by_site_and_password_reset_code(site, password_reset_code)
+    with_deleted_scope do
+      find_with_deleted(:first, @@membership_options.merge(
+      :conditions => ['users.password_reset_code = ? and memberships.site_id = ?', password_reset_code, site.id]))
+    end
+  end
+
   # Encrypts some data with the salt.
   def self.encrypt(password, salt)
     Digest::SHA1.hexdigest("--#{salt}--#{password}--")
   end

-  def make_activation_code
-    self.activation_code = Digest::SHA1.hexdigest( Time.now.to_s.split('//').sort_by {rand}.join )
-  end
-
   # Encrypts the password with the user salt
   def encrypt(password)
     self.class.encrypt(password, salt)
@@ -80,6 +80,26 @@
     save(false)
   end

+  def forgot_password
+    @forgotten_password = true
+    self.make_password_reset_code
+  end
+
+  def reset_password
+    # First update the password_reset_code before setting the
+    # reset_password flag to avoid duplicate email notifications.
+    update_attributes(:password_reset_code => nil)
+    @reset_password = true
+  end
+
+  def recently_reset_password?
+    @reset_password
+  end
+
+  def recently_forgot_password?
+    @forgotten_password
+  end
+
   protected
     def encrypt_password
       return if password.blank?
@@ -90,4 +110,8 @@
     def password_required?
       crypted_password.nil? || !password.blank?
     end
+
+    def make_password_reset_code
+      self.password_reset_code = Digest::SHA1.hexdigest( Time.now.to_s.split(//).sort_by {rand}.join )
+    end
 end
Index: app/models/comment.rb
===================================================================
--- app/models/comment.rb	(revision 2170)
+++ app/models/comment.rb	(working copy)
@@ -1,3 +1,4 @@
+require 'mephisto_constants'
 require 'uri'

 class Comment < Content
@@ -2,3 +3,3 @@
   validates_presence_of :author, :author_ip, :article_id, :body
-  validates_format_of :author_email, :with => /(\A(\s*)\Z)|(\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\Z)/i
+  validates_format_of :author_email, :with => Mephisto::EmailRegex
   before_validation :clean_up_author_email
Index: app/controllers/account_controller.rb
===================================================================
--- app/controllers/account_controller.rb	(revision 2170)
+++ app/controllers/account_controller.rb	(working copy)
@@ -2,21 +2,25 @@
   include AuthenticatedSystem
   before_filter :login_from_cookie
   layout 'simple'
+  observer :user_observer

   def index
     render :action => 'login'
   end

   def login
+    @referrer = params[:referrer] || request.env["HTTP_REFERER"] || ""
     return unless request.post?
+    @login = params[:login]
     self.current_user = User.authenticate_for(site, params[:login], params[:password])
     if logged_in?
       if params[:remember_me] == "1"
         self.current_user.remember_me
         cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }
       end
-      redirect_back_or_default(:controller => '/admin/overview', :action => 'index')
-      flash[:notice] = "Logged in successfully"
+      store_location :overwrite => false, :uri => @referrer.blank? ? nil : @referrer
+      flash[:notice] = "You are logged in"
+      return redirect_back_or_default(default_url(self.current_user))
     else
       flash[:error] = "Could not log you in. Are you sure your Login name and Password are correct?"
     end
@@ -29,4 +33,65 @@
     flash[:notice] = "You have been logged out."
     redirect_back_or_default(dispatch_path)
   end
+
+  def forgot_password
+    return unless request.post?
+    if @user = User.find_by_email(params[:email])
+      @user.forgot_password
+      @user.save
+      flash[:notice] = "A password reset link has been sent to your email address"
+      redirect_back_or_default(:controller => '/account', :action => 'index')
+    else
+      flash[:notice] = "Could not find a user with that email address"
+    end
+  end
+
+  def reset_password
+    @user = User.find_by_site_and_password_reset_code(params[:id])
+    raise if @user.nil?
+    return if @user unless params[:password]
+    if (params[:password] == params[:password_confirmation])
+      self.current_user = @user #for the next two lines to work
+      current_user.password_confirmation = params[:password_confirmation]
+      current_user.password = params[:password]
+      @user.reset_password
+      flash[:notice] = current_user.save ? "Password reset" : "Password not reset"
+    else
+      flash[:notice] = "Password mismatch"
+    end
+    redirect_back_or_default(default_url(self.current_user))
+  rescue
+    logger.error "Invalid Reset Code entered"
+    flash[:notice] = "Sorry, that is an invalid password reset code.  Please check the link and try again. (Perhaps your email client inserted a carriage return?)"
+    redirect_back_or_default(:controller => '/account', :action => 'index')
+  end
+
+  def change_password
+    return unless request.post?
+    if User.authenticate_for(site, current_user.login, params[:old_password])
+      if (params[:password] == params[:password_confirmation])
+        current_user.password_confirmation = params[:password_confirmation]
+        current_user.password = params[:password]
+        flash[:notice] = current_user.save ?
+              "Password changed" :
+              "Password not changed"
+      else
+        flash[:notice] = "Password mismatch"
+        @old_password = params[:old_password]
+      end
+    else
+      flash[:notice] = "Wrong password"
+    end
+  end
+
+  protected
+
+    def default_url(user)
+      if admin?
+        url_for :controller => '/admin/overview', :action => 'index'
+      else
+        dispatch_url :path => []
+      end
+    end
+
 end
Index: app/controllers/application.rb
===================================================================
--- app/controllers/application.rb	(revision 2170)
+++ app/controllers/application.rb	(working copy)
@@ -7,6 +7,10 @@
   helper_method  :site
   attr_reader    :site

+  def admin?
+    logged_in? && current_user.admin? || current_user.site_admin?
+  end
+
   protected
     # so not the best place for this...
     def asset_image_args_for(asset, thumbnail = :tiny, options = {})
Index: app/controllers/admin/base_controller.rb
===================================================================
--- app/controllers/admin/base_controller.rb	(revision 2170)
+++ app/controllers/admin/base_controller.rb	(working copy)
@@ -3,13 +3,11 @@
   before_filter :login_from_cookie
   before_filter :login_required, :except => :feed

-  def admin?
-    logged_in? && current_user.admin? || current_user.site_admin?
-  end
-
   helper_method :admin?

   protected
+    alias authorized? admin?
+
     def find_and_sort_templates
       @layouts, @templates = site.templates.partition { |t| t.dirname.to_s =~ /layouts$/ }
     end
Index: app/views/account/forgot_password.rhtml
===================================================================
--- app/views/account/forgot_password.rhtml	(revision 0)
+++ app/views/account/forgot_password.rhtml	(revision 0)
@@ -0,0 +1,9 @@
+<%= start_form_tag({}, {:id=>'forgot_password'}) %>
+<div class="little-box">
+  <dl>
+    <dt><%= label_tag "email", "Email Address" %></dt>
+    <dd><%= text_field_tag 'email' %></dd>
+  </dl>
+  <p><%= submit_tag 'Forgot password' %></p>
+</div>
+<%= end_form_tag %>
Index: app/views/account/reset_password.rhtml
===================================================================
--- app/views/account/reset_password.rhtml	(revision 0)
+++ app/views/account/reset_password.rhtml	(revision 0)
@@ -0,0 +1,11 @@
+<%= start_form_tag({}, {:id=>'reset_password'}) %>
+<div class="little-box">
+  <dl>
+    <dt><%= label_tag "password", "Password" %></dt>
+    <dd><%= password_field_tag 'password' %></dd>
+    <dt><%= label_tag "password_confirmation", "Confirm Password" %></dt>
+    <dd><%= password_field_tag 'password_confirmation' %></dd>
+  </dl>
+  <p><%= submit_tag 'Reset password' %></p>
+</div>
+<%= end_form_tag %>
Index: app/views/account/change_password.rhtml
===================================================================
--- app/views/account/change_password.rhtml	(revision 0)
+++ app/views/account/change_password.rhtml	(revision 0)
@@ -0,0 +1,13 @@
+<%= start_form_tag({}, { :id => 'change_password' }) %>
+<div class="little-box">
+  <dl>
+    <dt><%= label_tag "old_password", "Old Password" %></dt>
+    <dd><%= password_field_tag 'old_password', @old_password %></dd>
+    <dt><%= label_tag "password", "Password" %></dt>
+    <dd><%= password_field_tag 'password' %></dd>
+    <dt><%= label_tag "password_confirmation", "Confirm Password" %></dt>
+    <dd><%= password_field_tag 'password_confirmation' %></dd>
+  </dl>
+  <p><%= submit_tag 'Change password' %></p>
+</div>
+<%= end_form_tag %>
Index: app/views/account/login.rhtml
===================================================================
--- app/views/account/login.rhtml	(revision 2170)
+++ app/views/account/login.rhtml	(working copy)
@@ -1,8 +1,9 @@
-<%= start_form_tag({}, { :id => 'login_form' }) %>
 <div class="little-box">
+<%= start_form_tag({:controller=>:account, :action=>:login}, { :id => 'login_form' }) %>
+<%= hidden_field_tag "referrer", @referrer %>
   <dl>
     <dt><%= label_tag 'login', 'Login' %></dt>
-    <dd><%= text_field_tag 'login', {}, :class => 'big' %></dd>
+    <dd><%= text_field_tag 'login', @login, :class => 'big' %></dd>
     <dt><%= label_tag 'password', 'Password' %></dt>
     <dd><%= password_field_tag 'password', {}, :class => 'big' %></dd>
     <dt></dt>
@@ -12,5 +13,5 @@
     </dd>
   </dl>
   <p class="btns"><%= submit_tag 'Sign in' %></p>
+<%= end_form_tag %>
 </div>
-<%= end_form_tag %>
Index: app/views/user_notifier/signup_notification.rhtml
===================================================================
--- app/views/user_notifier/signup_notification.rhtml	(revision 0)
+++ app/views/user_notifier/signup_notification.rhtml	(revision 0)
@@ -0,0 +1,8 @@
+Your account has been created.
+
+  Username: <%= @user.login %>
+  Password: <%= @user.password %>
+
+Visit this url to activate your account:
+
+  <%= @url %>
\ No newline at end of file
Index: app/views/user_notifier/activation.rhtml
===================================================================
--- app/views/user_notifier/activation.rhtml	(revision 0)
+++ app/views/user_notifier/activation.rhtml	(revision 0)
@@ -0,0 +1,3 @@
+<%= @user.login %>, your account has been activated.  You may now start adding your comments:
+
+  <%= @url %>
Index: app/views/user_notifier/forgot_password.rhtml
===================================================================
--- app/views/user_notifier/forgot_password.rhtml	(revision 0)
+++ app/views/user_notifier/forgot_password.rhtml	(revision 0)
@@ -0,0 +1,3 @@
+<%= @user.login %>, follow the link to reset your password
+
+  <%= @url %>
Index: app/views/user_notifier/reset_password.rhtml
===================================================================
--- app/views/user_notifier/reset_password.rhtml	(revision 0)
+++ app/views/user_notifier/reset_password.rhtml	(revision 0)
@@ -0,0 +1 @@
+<%= @user.login %>, your password has been reset
Index: app/views/user_notifier/signup_notification.rhtml.bak
===================================================================
--- app/views/user_notifier/signup_notification.rhtml.bak	(revision 0)
+++ app/views/user_notifier/signup_notification.rhtml.bak	(revision 0)
@@ -0,0 +1,8 @@
+Your account has been created.
+
+  Username: <%= @user.login %>
+  Password: <%= @user.password %>
+
+Visit this url to activate your account:
+
+  <%= @url %>
\ No newline at end of file
Index: config/environment.rb
===================================================================
--- config/environment.rb	(revision 2170)
+++ config/environment.rb	(working copy)
@@ -4,6 +4,10 @@
 # you don't control web/app server and can't set it the proper way
 # ENV['RAILS_ENV'] ||= 'production'

+#require 'rubygems'
+#require 'ruby-debug'
+#Debugger.start
+
 # Bootstrap the Rails environment, frameworks, and default configuration
 require File.join(File.dirname(__FILE__), 'boot')

@@ -43,4 +47,7 @@
 # Mephisto::SweeperMethods.cache_sweeper_tracing = true

 # Enable if you want to host multiple sites on this app
-# Site.multi_sites_enabled = true
\ No newline at end of file
+# Site.multi_sites_enabled = true
+
+UserNotifier.default_url_options[:host] = 'localhost:3000'
+UserNotifier.mail_from = 'webmaster@localhost'
Index: db/schema.rb
===================================================================
--- db/schema.rb	(revision 2170)
+++ db/schema.rb	(working copy)
@@ -2,7 +2,7 @@
 # migrations feature of ActiveRecord to incrementally modify your database, and
 # then regenerate this schema definition.

-ActiveRecord::Schema.define(:version => 58) do
+ActiveRecord::Schema.define(:version => 59) do

   create_table "assets", :force => true do |t|
     t.column "content_type",     :string
@@ -169,6 +169,7 @@
     t.column "remember_token_expires_at", :datetime
     t.column "filter",                    :string
     t.column "admin",                     :boolean,                 :default => false
+    t.column "password_reset_code",       :string,   :limit => 40
   end

 end
Index: db/migrate/059_add_password_reset_code.rb
===================================================================
--- db/migrate/059_add_password_reset_code.rb	(revision 0)
+++ db/migrate/059_add_password_reset_code.rb	(revision 0)
@@ -0,0 +1,9 @@
+class AddPasswordResetCode < ActiveRecord::Migration
+  def self.up
+    add_column "users", "password_reset_code", :string, :limit => 40
+  end
+
+  def self.down
+    remove_column "users", "password_reset_code"
+  end
+end
Index: lib/mephisto_constants.rb
===================================================================
--- lib/mephisto_constants.rb	(revision 0)
+++ lib/mephisto_constants.rb	(revision 0)
@@ -0,0 +1,3 @@
+module Mephisto
+  EmailRegex = /(\A(\s*)\Z)|(\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\Z)/i
+end
Index: lib/mephisto/liquid/comment_form.rb
===================================================================
--- lib/mephisto/liquid/comment_form.rb	(revision 2170)
+++ lib/mephisto/liquid/comment_form.rb	(working copy)
@@ -9,12 +9,12 @@
         context.stack do
           if context['message'].blank?
             errors = context['errors'].blank? ? '' : %Q{<ul id="comment-errors"><li>#{context['errors'].join('</li><li>')}</li></ul>}
-
+
             submitted = context['submitted'] || {}
             submitted.each{ |k, v| submitted[k] = CGI::escapeHTML(v) }

             context['form'] = {
-              'body'   => %(<textarea id="comment_body" name="comment[body]">#{submitted['body']}</textarea>),
+              'body'   => %(<textarea id="comment_body" class="commentbox" name="comment[body]">#{submitted['body']}</textarea>),
               'name'   => %(<input type="text" id="comment_author" name="comment[author]" value="#{submitted['author']}" />),
               'email'  => %(<input type="text" id="comment_author_email" name="comment[author_email]" value="#{submitted['author_email']}" />),
               'url'    => %(<input type="text" id="comment_author_url" name="comment[author_url]" value="#{submitted['author_url']}" />),
@@ -30,4 +30,4 @@
       end
     end
   end
-end
\ No newline at end of file
+end
Index: lib/mephisto/attachments/template_methods.rb
===================================================================
--- lib/mephisto/attachments/template_methods.rb	(revision 2170)
+++ lib/mephisto/attachments/template_methods.rb	(working copy)
@@ -29,4 +29,4 @@
       end
     end
   end
-end
\ No newline at end of file
+end
Index: lib/authenticated_system.rb
===================================================================
--- lib/authenticated_system.rb	(revision 2170)
+++ lib/authenticated_system.rb	(working copy)
@@ -36,10 +36,16 @@

     # store current uri in  the session.
     # we can return to this location by calling return_location
-    def store_location
-      session[:return_to] = request.request_uri
+    # Options:
+    # * :overwrite - (default = true) Overwrite existing stored location
+    # * :uri - Return to the specified URI (defaults to request.request_uri)
+    def store_location(options={})
+      options[:overwrite] = true if options[:overwrite].nil?
+      return if !options[:overwrite] and session[:return_to]
+      session[:return_to] = options[:uri] or request.request_uri
+      else
     end
-
+
     # move to the last store_location call or to the passed default one
     def redirect_back_or_default(default)
       session[:return_to] ? redirect_to_url(session[:return_to]) : redirect_to(default)
@@ -95,4 +101,4 @@
       end
       return [user, pass]
     end
-end
\ No newline at end of file
+end
Index: lib/mephisto_init.rb
===================================================================
--- lib/mephisto_init.rb	(revision 2170)
+++ lib/mephisto_init.rb	(working copy)
@@ -4,6 +4,7 @@
 require 'coderay'
 require 'ruby_pants'
 require 'xmlrpc_patch'
+require 'mephisto_constants'

 Inflector.inflections do |inflect|
   #inflect.plural /^(ox)$/i, '\1en'
@@ -116,4 +117,4 @@
       end
     end
   end
-end
\ No newline at end of file
+end