Untitled

Index: test/unit/membership_test.rb
===================================================================
--- test/unit/membership_test.rb	(revision 2128)
+++ test/unit/membership_test.rb	(working copy)
@@ -8,7 +8,7 @@
   end

   def test_should_find_site_members
-    assert_models_equal [users(:arthur), users(:quentin)].collect(&:id).sort, sites(:first).members.collect(&:id).sort
+    assert_models_equal [users(:arthur), users(:quentin), users(:ben)].collect(&:id).sort, sites(:first).members.collect(&:id).sort
   end

   def test_should_find_site_admins
@@ -17,12 +17,12 @@
   end

   def test_should_find_all_site_users
-    assert_models_equal [users(:arthur), users(:quentin)].collect(&:id).sort, User.find_all_by_site(sites(:first)).collect(&:id).sort
-    assert_models_equal [users(:arthur), users(:quentin)].collect(&:id).sort, sites(:first).users.collect(&:id).sort
+    assert_models_equal [users(:arthur), users(:quentin), users(:ben)].collect(&:id).sort, User.find_all_by_site(sites(:first)).collect(&:id).sort
+    assert_models_equal [users(:arthur), users(:quentin), users(:ben)].collect(&:id).sort, sites(:first).users.collect(&:id).sort
   end

   def test_should_find_all_site_users_with_deleted
-    assert_models_equal [User.find_with_deleted(3), users(:arthur), users(:quentin)].collect(&:id).sort, User.find_all_by_site_with_deleted(sites(:first)).collect(&:id).sort
-    assert_models_equal [User.find_with_deleted(3), users(:arthur), users(:quentin)].collect(&:id).sort, sites(:first).users_with_deleted.collect(&:id).sort
+    assert_models_equal [User.find_with_deleted(3), users(:arthur), users(:quentin), users(:ben)].collect(&:id).sort, User.find_all_by_site_with_deleted(sites(:first)).collect(&:id).sort
+    assert_models_equal [User.find_with_deleted(3), users(:arthur), users(:quentin), users(:ben)].collect(&:id).sort, sites(:first).users_with_deleted.collect(&:id).sort
   end
 end
Index: test/functional/account_controller_test.rb
===================================================================
--- test/functional/account_controller_test.rb	(revision 2128)
+++ test/functional/account_controller_test.rb	(working copy)
@@ -5,7 +5,7 @@
 class AccountController; def rescue_action(e) raise e end; end

 class AccountControllerTest < Test::Unit::TestCase
-  fixtures :users, :sites, :memberships
+  fixtures :users, :sites, :memberships, :contents

   def setup
     @controller = AccountController.new
@@ -13,14 +13,37 @@
     @response   = ActionController::TestResponse.new

     # for testing action mailer
-    # @emails = ActionMailer::Base.deliveries
-    # @emails.clear
+    @emails = ActionMailer::Base.deliveries
+    @emails.clear
   end

   def test_should_login_and_redirect
     post :login, :login => 'quentin', :password => 'quentin'
     assert session[:user]
+    # quentin has User.admin true
     assert_redirected_to :controller => 'admin/overview', :action => 'index'
+
+    post :login, :login => 'arthur', :password => 'arthur'
+    assert session[:user]
+    # arthur is an admin for the site :first
+    assert_redirected_to :controller => 'admin/overview', :action => 'index'
+    get :logout
+    assert !session[:user]
+
+    # (need to activate ben before logging in)
+    get :activate, :activation_code => users(:ben).activation_code
+    post :login, :login => 'ben', :password => 'arthur'
+    assert session[:user]
+    # ben is not an admin so should be redirected to the front page
+    assert_redirected_to :controller => 'mephisto', :action => 'list'
+    get :logout
+    assert !session[:user]
+
+    # make sure redirected to referrer
+    post :login, :login => 'arthur', :password => 'arthur', :referrer => contents(:welcome).full_permalink
+    assert_redirected_to contents(:welcome).full_permalink
+    get :logout
+    assert !session[:user]
   end

   def test_should_fail_login_and_not_redirect
@@ -81,17 +104,90 @@
     assert !@controller.send(:logged_in?)
   end

-  protected
-    def auth_token(token)
-      CGI::Cookie.new('name' => 'auth_token', 'value' => token)
+  def test_should_activate_user
+    if User.require_activation
+      assert_nil User.authenticate_for(sites(:first), 'ben', 'arthur')
+      get :activate, :activation_code => users(:ben).activation_code
+      assert_equal users(:ben), User.authenticate_for(sites(:first), 'ben', 'arthur')
     end
-
-    def cookie_for(user)
-      auth_token users(user).remember_token
+  end
+
+  def test_should_not_activate_nil
+    get :activate, :activation_code => nil
+    assert_activate_error
+  end
+
+  def test_should_not_activate_bad
+    get :activate, :activation_code => 'foobar'
+    assert flash.has_key?(:error), "Flash should contain error message."
+    assert_activate_error
+  end
+
+  def assert_activate_error
+    assert_response :success
+    assert_template "account/activate"
+  end
+
+  def test_should_activate_user_and_send_activation_email
+    if User::require_activation
+      get :activate, :activation_code => users(:ben).activation_code
+      assert_equal 1, @emails.length
+      assert(@emails.first.subject =~ /Your account has been activated/)
+      assert(@emails.first.body    =~ /#{assigns(:user).login}, your account has been activated/)
     end
+  end

-    def create_user(options = {})
-      post :signup, :user => { :login => 'quire', :email => 'quire@example.com',
-                               :password => 'quire', :password_confirmation => 'quire' }.merge(options)
+  def test_should_send_activation_email_after_signup
+    if User::require_activation
+      create_user
+      assert_equal 1, @emails.length
+      assert(@emails.first.subject =~ /Please activate your new account/)
+      assert(@emails.first.body    =~ /Username: quire/)
+      assert(@emails.first.body    =~ /Password: quire/)
+      assert(@emails.first.body    =~ /account\/activate\/#{assigns(:user).activation_code}/)
     end
+  end
+
+  def test_should_allow_password_change
+    post :login, :login => 'quentin', :password => 'quentin'
+    assert session[:user]
+    post :change_password, :old_password => 'quentin', :password => 'newpassword', :password_confirmation => 'newpassword'
+    assert_equal 'newpassword', assigns(:current_user).password # doesn't work because passwords are crypted
+    assert_equal "Password changed", flash[:notice]
+    post :logout
+    assert_nil session[:user]
+    post :login, :login => 'quentin', :password => 'newpassword'
+    assert session[:user]
+  end
+
+  def test_non_matching_passwords_should_not_change
+    post :login, :login => 'quentin', :password => 'quentin'
+    assert session[:user]
+    post :change_password, { :old_password => 'test', :password => 'newpassword', :password_confirmation => 'test' }
+    assert_not_equal 'newpassword', assigns(:current_user).password
+    assert_equal "Wrong password", flash[:notice]
+  end
+
+  def test_incorrect_old_password_does_not_change
+    post :login, :login => 'quentin', :password => 'quentin'
+    assert session[:user]
+    post :change_password, { :old_password => 'wrongpassword', :password => 'newpassword', :password_confirmation => 'newpassword' }
+    assert_not_equal 'newpassword', assigns(:current_user).password
+    assert_equal "Wrong password", flash[:notice]
+  end
+
+  protected
+
+  def auth_token(token)
+    CGI::Cookie.new('name' => 'auth_token', 'value' => token)
+  end
+
+  def cookie_for(user)
+    auth_token users(user).remember_token
+  end
+
+  def create_user(options = {})
+    post :signup, :user => { :login => 'quire', :email => 'quire@example.com',
+      :password => 'quire', :password_confirmation => 'quire' }.merge(options)
+  end
 end
Index: test/functional/admin/users_controller_test.rb
===================================================================
--- test/functional/admin/users_controller_test.rb	(revision 2128)
+++ test/functional/admin/users_controller_test.rb	(working copy)
@@ -40,7 +40,7 @@
     login_as :quentin
     assert_difference User, :count do
       post :create, :user => { :login => 'bob', :email => 'foo', :password => 'testy', :password_confirmation => 'testy', :admin => true }
-      assert_equal assigns(:user), User.authenticate_for(sites(:first), 'bob', 'testy')
+      assert_equal assigns(:user), User.authenticate_for(sites(:first), 'bob', 'testy', :require_activation => false)
       assert_redirected_to :action => 'index'
       assert flash[:notice]
     end
@@ -114,7 +114,7 @@
   def test_should_show_deleted_users
     login_as :quentin
     get :index
-    assert_equal 3, assigns(:users).size
+    assert_equal 4, assigns(:users).size
     user_tag    = { :tag => 'li', :attributes => { :id => 'user-1', :class => 'clear' } }
     normal_tag  = { :tag => 'li', :attributes => { :id => 'user-2', :class => 'clear' } }
     deleted_tag = { :tag => 'li', :attributes => { :id => 'user-3', :class => 'clear deleted' } }
Index: test/fixtures/users.yml
===================================================================
--- test/fixtures/users.yml	(revision 2128)
+++ test/fixtures/users.yml	(working copy)
@@ -10,7 +10,7 @@
   filter: textile_filter
   remember_token: quentintoken
   remember_token_expires_at: <%= 5.days.from_now.to_s :db %>
-  # activated_at: <%= 5.days.ago.to_s :db %> # only if you're activating new signups
+  activated_at: <%= 5.days.ago.to_s :db %> # only if you're activating new signups
   admin: true
 arthur:
   id: 2
@@ -21,6 +21,7 @@
   activation_code: arthurscode # only if you're activating new signups
   created_at: <%= 1.days.ago.to_s :db %>
   updated_at: <%= 1.days.ago.to_s :db %>
+  activated_at: <%= 5.days.ago.to_s :db %> # only if you're activating new signups
   filter: markdown_filter
 aaron:
   id: 3
@@ -32,4 +33,14 @@
   created_at: <%= 1.days.ago.to_s :db %>
   updated_at: <%= 1.days.ago.to_s :db %>
   deleted_at: <%= 5.hours.ago.to_s :db %>
-  filter: markdown_filter
\ No newline at end of file
+  filter: markdown_filter
+ben:
+  id: 4
+  login: ben
+  email: ben@example.com
+  salt: 55bc51360864c82dcd7ff4bcfec56a8d8e79e751
+  crypted_password: 37ba966058c6f39162e5b537adb516af91cd1fe6 # arthur
+  activation_code: benscode # only if you're activating new signups
+  created_at: <%= 1.days.ago.to_s :db %>
+  updated_at: <%= 1.days.ago.to_s :db %>
+  filter: markdown_filter
Index: test/fixtures/memberships.yml
===================================================================
--- test/fixtures/memberships.yml	(revision 2128)
+++ test/fixtures/memberships.yml	(working copy)
@@ -22,4 +22,8 @@
   id: 5
   user_id: 1
   site_id: 2
-  admin: true
\ No newline at end of file
+  admin: true
+ben_first:
+  id: 6
+  user_id: 4
+  site_id: 1
Index: app/models/user.rb
===================================================================
--- app/models/user.rb	(revision 2128)
+++ app/models/user.rb	(working copy)
@@ -3,7 +3,7 @@
   has_many :articles
   acts_as_paranoid

-  has_many :memberships
+  has_many :memberships, :dependent=>:destroy
   has_many :sites, :through => :memberships, :order => 'title, host'

   def self.find_admins(*args)
Index: app/models/user_auth.rb
===================================================================
--- app/models/user_auth.rb	(revision 2128)
+++ app/models/user_auth.rb	(working copy)
@@ -18,13 +18,23 @@
   validates_uniqueness_of   :login, :email, :case_sensitve => false
   before_save :encrypt_password

-  # Uncomment this to use activation
-  # before_create :make_activation_code
+  @@require_activation = false  # Set to true to require activation
+  if @@require_activation
+    before_create :make_activation_code
+  end
+  mattr_reader :require_activation

   # Authenticates a user by their login name and unencrypted password.  Returns the user or nil.
-  def self.authenticate_for(site, login, password)
+  def self.authenticate_for(site, login, password, options={})
+    options[:require_activation] = @@require_activation if options[:require_activation].nil?
+    if options[:require_activation]
+      activation_cond = ' and activated_at is not NULL'
+    else
+      activation_cond = ''
+    end
     u = find(:first, @@membership_options.merge(
-      :conditions => ['users.login = ? and (memberships.site_id = ? or users.admin = ?)', login, site.id, true]))
+      :conditions => ['users.login = ? and (memberships.site_id = ? or users.admin = ?)' + activation_cond,
+                      login, site.id, true]))
     u && u.authenticated?(password) ? u : nil
   end

@@ -45,15 +55,25 @@
     find_with_deleted(:all, @@membership_options.merge(options.reverse_merge(:conditions => ['memberships.site_id = ? or users.admin = ?', site.id, true]))).uniq
   end

+  def self.find_by_site_and_activation_code(site, activation_code)
+    with_deleted_scope do
+      find_with_deleted(:first, @@membership_options.merge(
+      :conditions => ['users.activation_code = ? and memberships.site_id = ?', activation_code, site.id]))
+    end
+  end
+
+  def self.find_by_site_and_password_reset_code(site, password_reset_code)
+    with_deleted_scope do
+      find_with_deleted(:first, @@membership_options.merge(
+      :conditions => ['users.password_reset_code = ? and memberships.site_id = ?', password_reset_code, site.id]))
+    end
+  end
+
   # Encrypts some data with the salt.
   def self.encrypt(password, salt)
     Digest::SHA1.hexdigest("--#{salt}--#{password}--")
   end

-  def make_activation_code
-    self.activation_code = Digest::SHA1.hexdigest( Time.now.to_s.split('//').sort_by {rand}.join )
-  end
-
   # Encrypts the password with the user salt
   def encrypt(password)
     self.class.encrypt(password, salt)
@@ -80,14 +100,54 @@
     save(false)
   end

+  # Activates the user in the database.
+  def activate
+    @activated = true
+    update_attributes(:activated_at => Time.now.utc)
+  end
+
+  # Returns true if the user has just been activated.
+  def recently_activated?
+    @activated
+  end
+
+  def forgot_password
+    @forgotten_password = true
+    self.make_password_reset_code
+  end
+
+  def reset_password
+    # First update the password_reset_code before setting the
+    # reset_password flag to avoid duplicate email notifications.
+    update_attributes(:password_reset_code => nil)
+    @reset_password = true
+  end
+
+  def recently_reset_password?
+    @reset_password
+  end
+
+  def recently_forgot_password?
+    @forgotten_password
+  end
+
   protected
-    def encrypt_password
-      return if password.blank?
-      self.salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}--#{login}--") if new_record?
-      self.crypted_password = encrypt(password)
-    end
+
+  def encrypt_password
+    return if password.blank?
+    self.salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}--#{login}--") if new_record?
+    self.crypted_password = encrypt(password)
+  end

-    def password_required?
-      crypted_password.nil? || !password.blank?
-    end
+  def password_required?
+    crypted_password.nil? || !password.blank?
+  end
+
+  def make_activation_code
+    self.activation_code = Digest::SHA1.hexdigest( Time.now.to_s.split(//).sort_by {rand}.join )
+  end
+
+  def make_password_reset_code
+    self.password_reset_code = Digest::SHA1.hexdigest( Time.now.to_s.split(//).sort_by {rand}.join )
+  end
 end
Index: app/models/site.rb
===================================================================
--- app/models/site.rb	(revision 2128)
+++ app/models/site.rb	(working copy)
@@ -16,7 +16,7 @@
   has_many  :assets, :as => :attachable, :order => 'created_at desc'
   has_many  :assets, :order => 'created_at desc', :conditions => 'parent_id is null'

-  has_many :memberships
+  has_many :memberships, :dependent=>:destroy
   has_many :members, :through => :memberships, :source => :user
   has_many :admins,  :through => :memberships, :source => :user, :conditions => ['memberships.admin = ? or users.admin = ?', true, true]

Index: app/controllers/account_controller.rb
===================================================================
--- app/controllers/account_controller.rb	(revision 2128)
+++ app/controllers/account_controller.rb	(working copy)
@@ -2,23 +2,32 @@
   include AuthenticatedSystem
   before_filter :login_from_cookie
   layout 'simple'
+  observer :user_observer

   def index
     render :action => 'login'
   end

   def login
+    @referrer = params[:referrer] || request.env["HTTP_REFERER"] || ""
     return unless request.post?
+    @login = params[:login]
     self.current_user = User.authenticate_for(site, params[:login], params[:password])
     if logged_in?
       if params[:remember_me] == "1"
         self.current_user.remember_me
         cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }
       end
-      redirect_back_or_default(:controller => '/admin/overview', :action => 'index')
-      flash[:notice] = "Logged in successfully"
+      store_location :overwrite => false, :uri => @referrer.blank? ? nil : @referrer
+      flash[:notice] = "You are logged in"
+      redirect_back_or_default(default_url(self.current_user))
     else
-      flash[:error] = "Could not log you in. Are you sure your Login name and Password are correct?"
+      if User.require_activation and user = User.authenticate_for(site, params[:login], params[:password], :require_activation=>false)
+        flash[:error] = "You must activate your account before you can log in.  An activation code was e-mailed to you when you signed up."
+        flash[:user_to_activate] = user
+      else
+        flash[:error] = "Could not log you in. Are you sure your Login name and Password are correct?"
+      end
     end
   end

@@ -29,4 +38,109 @@
     flash[:notice] = "You have been logged out."
     redirect_back_or_default(:controller => 'mephisto', :action => 'list', :sections => [])
   end
+
+  def signup
+    @user = User.new(params[:user])
+    return unless request.post?
+    @user.save!
+    Membership.create(:user_id=>@user.id, :site_id=>site.id)
+    self.current_user = @user
+    if User.require_activation
+      flash[:notice] = "Thanks for signing up!  An activation code has been sent to #{@user.email}"
+    else
+      flash[:notice] = "Thanks for signing up!"
+    end
+    redirect_back_or_default(:controller => '/account', :action => 'index')
+  rescue ActiveRecord::RecordInvalid
+    render :action => 'signup'
+  end
+
+  def activate
+    if params[:activation_code]
+      @user = User.find_by_site_and_activation_code(site, params[:activation_code])
+      if @user
+        if @user.activated_at
+          flash[:notice] = "Your account has already been activated."
+        else
+          @user.activate
+          flash[:notice] = "Your account has been activated."
+        end
+        self.current_user = @user
+        redirect_back_or_default(default_url(self.current_user))
+      else
+        flash[:error] = "Unable to activate the account.  Did you enter the correct information?"
+      end
+    end
+  end
+
+  def forgot_password
+    return unless request.post?
+    if @user = User.find_by_email(params[:email])
+      @user.forgot_password
+      @user.save
+      flash[:notice] = "A password reset link has been sent to your email address"
+      redirect_back_or_default(:controller => '/account', :action => 'index')
+    else
+      flash[:notice] = "Could not find a user with that email address"
+    end
+  end
+
+  def reset_password
+    @user = User.find_by_site_and_password_reset_code(params[:id])
+    raise if @user.nil?
+    return if @user unless params[:password]
+    if (params[:password] == params[:password_confirmation])
+      self.current_user = @user #for the next two lines to work
+      current_user.password_confirmation = params[:password_confirmation]
+      current_user.password = params[:password]
+      @user.reset_password
+      flash[:notice] = current_user.save ? "Password reset" : "Password not reset"
+    else
+      flash[:notice] = "Password mismatch"
+    end
+    redirect_back_or_default(default_url(self.current_user))
+  rescue
+    logger.error "Invalid Reset Code entered"
+    flash[:notice] = "Sorry, that is an invalid password reset code.  Please check the link and try again. (Perhaps your email client inserted a carriage return?)"
+    redirect_back_or_default(:controller => '/account', :action => 'index')
+  end
+
+  def change_password
+    return unless request.post?
+    if User.authenticate_for(site, current_user.login, params[:old_password])
+      if (params[:password] == params[:password_confirmation])
+        current_user.password_confirmation = params[:password_confirmation]
+        current_user.password = params[:password]
+        flash[:notice] = current_user.save ?
+              "Password changed" :
+              "Password not changed"
+      else
+        flash[:notice] = "Password mismatch"
+        @old_password = params[:old_password]
+      end
+    else
+      flash[:notice] = "Wrong password"
+    end
+  end
+
+  def send_activation_code
+    if request.post? and user = flash[:user_to_activate]
+      UserNotifier.deliver_signup_notification(user)
+      flash[:user_to_activate] = nil
+      flash[:error] = nil
+      flash[:notice] = "An activation code has been sent to #{user.email}"
+    end
+    redirect_to :controller => '/account', :action => 'login'
+  end
+
+  protected
+
+  def default_url(user)
+    if admin?
+      url_for :controller => '/admin/overview', :action => 'index'
+    else
+      section_url :sections=>[]
+    end
+  end
+
 end
Index: app/controllers/application.rb
===================================================================
--- app/controllers/application.rb	(revision 2128)
+++ app/controllers/application.rb	(working copy)
@@ -7,6 +7,10 @@
   helper_method  :site
   attr_reader    :site

+  def admin?
+    logged_in? && current_user.admin? || current_user.site_admin?
+  end
+
   protected
     # so not the best place for this...
     def asset_image_args_for(asset, thumbnail = :tiny, options = {})
Index: app/controllers/admin/base_controller.rb
===================================================================
--- app/controllers/admin/base_controller.rb	(revision 2128)
+++ app/controllers/admin/base_controller.rb	(working copy)
@@ -3,9 +3,9 @@
   before_filter :login_from_cookie
   before_filter :login_required, :except => :feed

-  def admin?
-    logged_in? && current_user.admin? || current_user.site_admin?
-  end
-
   helper_method :admin?
+
+  protected
+
+  alias authorized? admin?
 end
Index: app/views/account/login.rhtml
===================================================================
--- app/views/account/login.rhtml	(revision 2128)
+++ app/views/account/login.rhtml	(working copy)
@@ -1,8 +1,9 @@
-<%= start_form_tag({}, { :id => 'login_form' }) %>
 <div class="little-box">
+<%= start_form_tag({:controller=>:account, :action=>:login}, { :id => 'login_form' }) %>
+<%= hidden_field_tag "referrer", @referrer %>
   <dl>
     <dt><%= label_tag 'login', 'Login' %></dt>
-    <dd><%= text_field_tag 'login', {}, :class => 'big' %></dd>
+    <dd><%= text_field_tag 'login', @login, :class => 'big' %></dd>
     <dt><%= label_tag 'password', 'Password' %></dt>
     <dd><%= password_field_tag 'password', {}, :class => 'big' %></dd>
     <dt></dt>
@@ -12,5 +13,16 @@
     </dd>
   </dl>
   <p class="btns"><%= submit_tag 'Sign in' %></p>
+<%= end_form_tag %>
 </div>
+
+<br />
+<% if user=flash[:user_to_activate] -%>
+<div class="little-box">
+<%= start_form_tag({:controller=>:account, :action=>:send_activation_code}, { :id => 'send_activation_code_form' }) %>
+  <p>Click the button below to send another activation code to <%=user.email%>.</p>
+  <%= hidden_field_tag 'id', user.id %>
+  <p class="btns"><%= submit_tag 'Resend code' %></p>
 <%= end_form_tag %>
+</div>
+<% end -%>
Index: config/routes.rb
===================================================================
--- config/routes.rb	(revision 2128)
+++ config/routes.rb	(working copy)
@@ -12,6 +12,8 @@
   map.admin    'admin', :controller => 'admin/overview', :action => 'index'
   map.resources :assets, :path_prefix => '/admin', :controller => 'admin/assets', :member => { :add_bucket => :post },
     :collection => { :latest => :post, :search => :post, :upload => :post, :clear_bucket => :post }
+
+  map.activate 'account/activate/:activation_code', :controller => 'account', :action => 'activate'

   map.connect 'xmlrpc', :controller => 'backend', :action => 'xmlrpc'

Index: config/environment.rb
===================================================================
--- config/environment.rb	(revision 2128)
+++ config/environment.rb	(working copy)
@@ -4,6 +4,10 @@
 # you don't control web/app server and can't set it the proper way
 # ENV['RAILS_ENV'] ||= 'production'

+require 'rubygems'
+require 'ruby-debug'
+Debugger.start
+
 # Bootstrap the Rails environment, frameworks, and default configuration
 require File.join(File.dirname(__FILE__), 'boot')

@@ -43,4 +47,7 @@
 # Mephisto::SweeperMethods.cache_sweeper_tracing = true

 # Enable if you want to host multiple sites on this app
-# Site.multi_sites_enabled = true
\ No newline at end of file
+# Site.multi_sites_enabled = true
+
+UserNotifier.default_url_options[:host] = 'localhost:3000'
+UserNotifier.mail_from = 'webmaster@localhost'
Index: db/schema.rb
===================================================================
--- db/schema.rb	(revision 2128)
+++ db/schema.rb	(working copy)
@@ -2,7 +2,7 @@
 # migrations feature of ActiveRecord to incrementally modify your database, and
 # then regenerate this schema definition.

-ActiveRecord::Schema.define(:version => 56) do
+ActiveRecord::Schema.define(:version => 100) do

   create_table "assets", :force => true do |t|
     t.column "content_type",     :string
@@ -162,6 +162,7 @@
     t.column "remember_token_expires_at", :datetime
     t.column "filter",                    :string
     t.column "admin",                     :boolean,                 :default => false
+    t.column "password_reset_code",       :string,   :limit => 40
   end

 end
Index: lib/mephisto/liquid/comment_form.rb
===================================================================
--- lib/mephisto/liquid/comment_form.rb	(revision 2128)
+++ lib/mephisto/liquid/comment_form.rb	(working copy)
@@ -9,12 +9,12 @@
         context.stack do
           if context['message'].blank?
             errors = context['errors'].blank? ? '' : %Q{<ul id="comment-errors"><li>#{context['errors'].join('</li><li>')}</li></ul>}
-
+
             submitted = context['submitted'] || {}
             submitted.each{ |k, v| submitted[k] = CGI::escapeHTML(v) }

             context['form'] = {
-              'body'   => %(<textarea id="comment_body" name="comment[body]">#{submitted['body']}</textarea>),
+              'body'   => %(<textarea id="comment_body" class="commentbox" name="comment[body]">#{submitted['body']}</textarea>),
               'name'   => %(<input type="text" id="comment_author" name="comment[author]" value="#{submitted['author']}" />),
               'email'  => %(<input type="text" id="comment_author_email" name="comment[author_email]" value="#{submitted['author_email']}" />),
               'url'    => %(<input type="text" id="comment_author_url" name="comment[author_url]" value="#{submitted['author_url']}" />),
@@ -30,4 +30,4 @@
       end
     end
   end
-end
\ No newline at end of file
+end
Index: lib/authenticated_system.rb
===================================================================
--- lib/authenticated_system.rb	(revision 2128)
+++ lib/authenticated_system.rb	(working copy)
@@ -36,10 +36,16 @@

     # store current uri in  the session.
     # we can return to this location by calling return_location
-    def store_location
-      session[:return_to] = request.request_uri
+    # Options:
+    # * :overwrite - (default = true) Overwrite existing stored location
+    # * :uri - Return to the specified URI (defaults to request.request_uri)
+    def store_location(options={})
+      options[:overwrite] = true if options[:overwrite].nil?
+      return if !options[:overwrite] and session[:return_to]
+      session[:return_to] = options[:uri] or request.request_uri
+      else
     end
-
+
     # move to the last store_location call or to the passed default one
     def redirect_back_or_default(default)
       session[:return_to] ? redirect_to_url(session[:return_to]) : redirect_to(default)
@@ -95,4 +101,4 @@
       end
       return [user, pass]
     end
-end
\ No newline at end of file
+end