parlement 0.3 → 0.4

data/vendor/plugins/engines/test/action_view_extensions_test.rb

@@ -0,0 +1,9 @@
+ENV["RAILS_ENV"] = "test"
+require File.expand_path(File.dirname(__FILE__) + '/../../../../config/environment')
+require 'test_help'
+
+class ActionViewExtensionsTest < Test::Unit::TestCase
+  def test_stylesheet_path
+    assert true
+  end
+end

data/vendor/plugins/engines/test/ruby_extensions_test.rb

@@ -2,7 +2,7 @@ ENV["RAILS_ENV"] = "test"
 require File.expand_path(File.dirname(__FILE__) + '/../../../../config/environment')
 require 'test_help'
 
-class EnginesTest < Test::Unit::TestCase
+class RubyExtensionsTest < Test::Unit::TestCase
 
   def setup
     # create the module to be used for config testing
@@ -33,13 +33,21 @@ class EnginesTest < Test::Unit::TestCase
     assert_equal(123, TestModule.config(:monkey))
     assert_equal(456, TestModule.config(:donkey))
   end
-  
+
+  def test_config_can_store_hash
+    TestModule.config :hash, :key1 => 'val1', :key2 => 'val2'
+    assert_equal({:key1 => 'val1', :key2 => 'val2'}, TestModule.config(:hash))
+  end
+    
   def test_config_cant_overwrite_existing_config_values
     TestModule.config :monkey, 123
     assert_equal(123, TestModule.config(:monkey))
     TestModule.config :monkey, 456
     assert_equal(123, TestModule.config(:monkey))
     
+    TestModule.config :monkey => 456
+    assert_equal(123, TestModule.config(:monkey))    
+    
     # in this case, the resulting Hash only has {:baboon => "goodbye!"} - that's Ruby, users beware.
     TestModule.config :baboon => "hello", :baboon => "goodbye!"
     assert_equal("goodbye!", TestModule.config(:baboon))    
@@ -47,9 +55,22 @@ class EnginesTest < Test::Unit::TestCase
   
   def test_config_force_new_value
     TestModule.config :monkey, 123
+    TestModule.config :man, 321
     assert_equal(123, TestModule.config(:monkey))
+    assert_equal(321, TestModule.config(:man))
     TestModule.config :monkey, 456, :force
-    assert_equal(456, TestModule.config(:monkey))    
+    assert_equal(456, TestModule.config(:monkey))  
+    TestModule.config :monkey => 456, :man => 654, :force => true
+    assert_equal(456, TestModule.config(:monkey))
+    assert_equal(654, TestModule.config(:man))      
+    TestModule.config :monkey => 789, :man => 987, :force => false
+    assert_equal(456, TestModule.config(:monkey))
+    assert_equal(654, TestModule.config(:man))
+    
+    TestModule.config :hash, :key1 => 'val1', :key2 => 'val2'
+    assert_equal({:key1 => 'val1', :key2 => 'val2'}, TestModule.config(:hash))
+    TestModule.config :hash => {:key1 => 'val3', :key2 => 'val4'}, :force => true
+    assert_equal({:key1 => 'val3', :key2 => 'val4'}, TestModule.config(:hash))           
   end
   
   # this test is somewhat redundant, but it might be an idea to havbe it explictly anyway

data/vendor/plugins/guid/README.TXT

@@ -1,4 +1,4 @@
- This plugin for ActiveRecord makes the "ID" field into a URL-safe GUID
+# This plugin for ActiveRecord makes the "ID" field into a URL-safe GUID
 # It is a mashup by Andy Singleton <andy@assembla.com> that includes 
 # * the UUID class from Bob Aman.
 # * the plugin skeleton from Demetrius Nunes
@@ -13,7 +13,17 @@
 # Install as a plugin in the rails directory vendor/plugin/guid
 # define ID as char(22)
 # call "usesguid" in ActiveRecord class declaration, like
-# class Mymodel < ActiveRecord::Base
-#	usesguid			
-#
+class Mymodel < ActiveRecord::Base
+  usesguid			
+  
 # if your ID field is not called "ID", call "usesguid :column =>'IdColumnName' "
+
+# if you create your tables with migrations, you need to bypass the rails default primary key index. Do this:
+
+create_table :mytable, :id => false do |t|
+  t.column :id, :string, :limit => 22
+  ... more fields
+end      
+
+execute "ALTER TABLE mytable ADD PRIMARY KEY (id)"
+

data/vendor/plugins/guid/init.rb

@@ -15,9 +15,16 @@
 # Install as a plugin in the rails directory vendor/plugin/guid
 # define ID as char(22)
 # call "usesguid" in ActiveRecord class declaration, like
-# class Mymodel < ActiveRecord::Base
-#	usesguid			
+#   class Mymodel < ActiveRecord::Base
+#	  usesguid			
 #
 # if your ID field is not called "ID", call "usesguid :column =>'IdColumnName' "
 
+# if you create your tables with migrations, you need to bypass the rails default primary key index. Do this:
+#   create_table :mytable, :id => false do |t|
+#     t.column :id, :string, :limit => 22
+#     ... more fields
+#   end      
+#   execute "ALTER TABLE mytable ADD PRIMARY KEY (id)"
+
 require 'usesguid'

data/vendor/plugins/guid/lib/uuidtools.rb

@@ -21,7 +21,7 @@
 # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #++
 
-UUID_TOOLS_VERSION = "0.1.4"
+UUID_TOOLS_VERSION = "1.0.0"
 
 $:.unshift(File.dirname(__FILE__))
 
@@ -474,23 +474,29 @@ class UUID
         end
       else
         begin
-          ifconfig_output = `ifconfig`
-          mac_addresses = ifconfig_output.scan(
-            Regexp.new("ether (#{(["[0-9a-fA-F]{2}"] * 6).join(":")})"))
-          if mac_addresses.size == 0
-            ifconfig_output = `ifconfig | grep HWaddr | cut -c39-`
-            mac_addresses = ifconfig_output.scan(
-              Regexp.new("(#{(["[0-9a-fA-F]{2}"] * 6).join(":")})"))
-          end
-          if mac_addresses.size == 0
-            ifconfig_output = `/sbin/ifconfig`
+          mac_addresses = []
+          if File.exists?('/sbin/ifconfig')
+            ifconfig_output =
+              `/sbin/ifconfig 2>&1`
             mac_addresses = ifconfig_output.scan(
               Regexp.new("ether (#{(["[0-9a-fA-F]{2}"] * 6).join(":")})"))
-          end
-          if mac_addresses.size == 0
-            ifconfig_output = `/sbin/ifconfig | grep HWaddr | cut -c39-`
+            if mac_addresses.size == 0
+              ifconfig_output =
+                `/sbin/ifconfig | grep HWaddr | cut -c39- 2>&1`
+              mac_addresses = ifconfig_output.scan(
+                Regexp.new("(#{(["[0-9a-fA-F]{2}"] * 6).join(":")})"))
+            end
+          else
+            ifconfig_output =
+              `ifconfig 2>&1`
             mac_addresses = ifconfig_output.scan(
-              Regexp.new("(#{(["[0-9a-fA-F]{2}"] * 6).join(":")})"))
+              Regexp.new("ether (#{(["[0-9a-fA-F]{2}"] * 6).join(":")})"))
+            if mac_addresses.size == 0
+              ifconfig_output =
+                `ifconfig | grep HWaddr | cut -c39- 2>&1`
+              mac_addresses = ifconfig_output.scan(
+                Regexp.new("(#{(["[0-9a-fA-F]{2}"] * 6).join(":")})"))
+            end
           end
           if mac_addresses.size > 0
             @@mac_address = mac_addresses.first.first
@@ -519,6 +525,7 @@ class UUID
       hash.update(rand.to_s)
       hash.update(hash.object_id.to_s)
       hash.update(self.methods.inspect)
+      hash.update($:.to_s)
       begin
         random_device = nil
         if File.exists? "/dev/urandom"

data/vendor/plugins/login_engine/CHANGELOG

@@ -0,0 +1,14 @@
+= v1.0.1
+ * Added CHANGELOG
+ * Changed wording for when password forgotten to 'reset', rather than 'retrieve'. (snowblink@gmail.com)
+ * Fixed new location of engines testing extensions. (lazyatom@gmail.com)
+ * Removed schema.db from Login Engine; migrations should be used instead. (snowblink@gmail.com)
+ * Updated User Controller tests to parse the user_id and email out of the URL in the email body. (snowblink@gmail.com)
+ * Ticket #89 (lazyatom@gmail.com) User creation halts the after_save callback chain.
+ * Ticket #97 (dcorbin@machturtle.com) The forgotten_password view generates invalid HTML
+ * Ticket #112 (segabor@gmail.com) Authentication system will break even on successful login
+ * Added simple email validation to the User model. (snowblink@gmail.com)
+   This should also take care of the unit test failures detailed in Ticket #114 (morris@wolfman.com)
+ * Ticket #118 (augustz@augustz.com) SVN source for login_engine not found
+ * Ticket #119 (Goynang) Unit tests for engines fail after default install
+ * Ticket #126 (lazyatom@gmail.com) Add install.rb to login engine

data/vendor/plugins/login_engine/README

@@ -7,14 +7,28 @@ This is a Rails Engine version of the Salted Login Generator, a most excellent l
 * A few new functions have been thrown in
 * It's... uh.... a Rails Engine now ;-)
 
-However, what I'm trying to say is that 99.9999% of the credit for this should go to Tobias Luetke (xal) and the folks that worked on the original Salted Login generator code. I've just wrapped it into something runnable with the Rails Engine system.
+However, what I'm trying to say is that 99.9999% of the credit for this should go to Joe Hosteny, Tobias Luetke (xal) and the folks that worked on the original Salted Login generator code. I've just wrapped it into something runnable with the Rails Engine system.
 
 Please also bear in mind that this is a work in progress, and things like testing are wildly up in the air... but they will fall into place very soon. And now, on with the show.
 
 
 = Installation
 
-Installing the Login Engine is fairly simple, but there are a few configuration steps that you'll need to take to get everything running smoothly. Listed below are the changes to your application you will need to make.
+Installing the Login Engine is fairly simple.
+
+Your options are:
+  1.  Install as a rails plugin:
+      $ script/plugin install login_engine
+  2.  Use svn:externals
+      $ svn propedit svn:externals vendor/plugins
+
+      You can choose to use the latest stable release:
+          login_engine http://svn.rails-engines.org/plugins/login_engine
+
+      Or a tagged release (recommended for releases of your code):
+          login_engine http://svn.rails-engines.org/logine_engine/tags/<TAGGED_RELEASE>
+
+There are a few configuration steps that you'll need to take to get everything running smoothly. Listed below are the changes to your application you will need to make.
 
 === Setup your Rails application
 
@@ -85,7 +99,11 @@ You'll need to configure it properly so that email can be sent. One of the easie
 
 === Create the DB schema
 
-After you have done the modifications the the ApplicationController and its helper, you can import the user model into the database. An ActiveRecord schema.rb file is provided in login_engine/db/schema.rb. You should check that this file isn't going to interfere with anything in your application. You can set the table name used by adding
+After you have done the modifications the the ApplicationController and its helper, you can import the user model into the database. An ActiveRecord schema.rb file is provided in login_engine/db/schema.rb, along with migration information in login_engine/db/migrate/. 
+
+You *MUST* check that these files aren't going to interfere with anything in your application. 
+
+You can change the table name used by adding
 
   module LoginEngine
     
@@ -94,9 +112,9 @@ After you have done the modifications the the ApplicationController and its help
 
   end
 
-To the LoginEngine configuration in <tt>environment.rb</tt>. Then run from the root of your project:
+...to the LoginEngine configuration in <tt>environment.rb</tt>. Then run from the root of your project:
 
-  rake import_login_engine_schema
+  rake engine_migrate ENGINE=login
 
 to import the schema into your database.
 
@@ -109,6 +127,23 @@ If you want the default stylesheet, add the following line to your layout:
   
 ... somewhere in the <head> section of your HTML layout file.
 
+== Integrate flash messages into your layout
+
+LoginEngine does not display any flash messages in the views it contains, and thus you must display them yourself. This allows you to integrate any flash messages into your existing layout. LoginEngine adheres to the emerging flash usage standard, namely:
+
+* :warning - warning (failure) messages
+* :notice - success messages
+* :message - neutral (reminder, informational) messages
+
+This gives you the flexibility to theme the different message classes separately. In your layout you should check for and display flash[:warning], flash[:notice] and flash[:message]. For example:
+
+  <% for name in [:notice, :warning, :message] %>
+    <% if flash[name] %>
+      <%= "<div id=\"#{name}\">#{flash[name]}</div>" %>
+    <% end %>
+  <% end %>
+
+Alternately, you could look at using the flash helper plugin (available from https://opensvn.csie.org/traccgi/flash_helper_plugin/trac.cgi/), which supports the same naming convention.
 
 
 = How to use the Login Engine 
@@ -144,7 +179,53 @@ Of course, you can override this Engine behaviour in your application - see belo
 
 == Configuration
 
-TODO: document the configuration options in the LoginEngine
+The following configuration variables are set in lib/login_engine.rb. If you wish to override them, you should set them BEFORE calling Engines.start (it is possible to set them after, but it's simpler to just do it before. Please refer to the Engine documentation for the #config method for more information).
+
+For example, the following might appear at the bottom of /config/environment.rb:
+
+  module LoginEngine
+    config :salt, 'my salt'
+    config :app_name, 'My Great App'
+    config :app_url, 'http://www.wow-great-domain.com'
+  end
+  
+  Engines.start
+
+=== Configuration Options
+
++email_from+:: The email from which registration/administration emails will appear to 
+               come from. Defaults to 'webmaster@your.company'.
++admin_email+:: The email address users are prompted to contact if passwords cannot
+                be emailed. Defaults to 'webmaster@your.company'.
++app_url+:: The URL of the site sent to users for signup/forgotten passwords, etc.
+            Defaults to 'http://localhost:3000/'.
++app_name+:: The application title used in emails. Defaults to 'TestApp'.
++mail_charset+:: The charset used in emails. Defaults to 'utf-8'.
++security_token_life_hours+:: The life span of security tokens, in hours. If a security
+                              token is older than this when it is used to try and authenticate
+                              a user, it will be discarded. In other words, the amount of time
+                              new users have between signing up and clicking the link they
+                              are sent. Defaults to 24 hours.
++two_column_input+:: If true, forms created with the UserHelper#form_input method will
+                     use a two-column table. Defaults to true.
++changeable_fields+:: An array of fields within the user model which the user
+                      is allowed to edit. The Salted Hash Login generator documentation
+                      states that you should NOT include the email field in this
+                      array, although I am not sure why. Defaults to +[ 'firstname', 'lastname' ]+.
++delayed_delete+::  Set to true to allow delayed deletes (i.e., delete of record
+                    doesn't happen immediately after user selects delete account,
+                    but rather after some expiration of time to allow this action
+                    to be reverted). Defaults to false.
++delayed_delete_days+:: The time delay used for the 'delayed_delete' feature. Defaults to
+                        7 days.
++user_table+:: The table to store User objects in. Defaults to "users" (or "user" if
+               ActiveRecord pluralization is disabled).
++use_email_notification+:: If false, no emails will be sent to the user. As a consequence,
+                           users who signup are immediately verified, and they cannot request
+                           forgotten passwords. Defaults to true.
++confirm_account+:: An overriding flag to control whether or not user accounts must be
+                    verified by email. This overrides the +user_email_notification+ flag.
+                    Defaults to true.
 
 == Overriding controllers and views
 
@@ -198,6 +279,11 @@ One of the more common problems people have seen is that after verifying an acco
 
 The most common cause of this problem is that the DB and session get out of sync. In particular, it always happens for me after recreating the DB if I have run the server previously. To fix the problem, remove the /tmp/ruby* session files (from wherever they are for your installation) while the server is stopped, and then restart. This usually is the cause of the problem.
 
+= Notes
+
+=== Database Schemas & Testing
+
+Currently, since not all databases appear to support structure cloning, the tests will load the entire schema into your test database, potentially blowing away any other test structures you might have. If this presents an issue for your application, comment out the line in test/test_helper.rb
 
 
 = Database Schema Details
@@ -255,4 +341,4 @@ You need a database table corresponding to the User model. This is provided as a
     delete_after DATETIME default NULL
   );
 
-Of course your user model can have any amount of extra fields. This is just a starting point.
+Of course your user model can have any amount of extra fields. This is just a starting point.

data/vendor/plugins/login_engine/app/controllers/user_controller.rb

@@ -12,20 +12,25 @@ class UserController < ApplicationController
         # 'validate_key' action instead.
   end
 
+  # The action used to log a user in. If the user was redirected to the login page
+  # by the login_required method, they should be sent back to the page they were
+  # trying to access. If not, they will be sent to "/user/home".
   def login
     return if generate_blank
-    @user = User.new(params[:user]) # what does this achieve?
+    @user = User.new(params[:user])
     if session[:user] = User.authenticate(params[:user][:login], params[:user][:password])
       session[:user].logged_in_at = Time.now
       session[:user].save
       flash[:notice] = 'Login successful'
-      redirect_back_or_default :action => 'home'
+      redirect_to_stored_or_default :action => 'home'
     else
       @login = params[:user][:login]
       flash.now[:warning] = 'Login unsuccessful'
     end
   end
 
+  # Register as a new user. Upon successful registration, the user will be sent to
+  # "/user/login" to enter their details.
   def signup
     return if generate_blank
     params[:user].delete('form')
@@ -33,14 +38,14 @@ class UserController < ApplicationController
     begin
       User.transaction(@user) do
         @user.new_password = true
-        unless LoginEngine.config(:use_email_notification)
+        unless LoginEngine.config(:use_email_notification) and LoginEngine.config(:confirm_account)
           @user.verified = 1
         end
         if @user.save
           key = @user.generate_security_token
-          url = url_for(:action => 'home', 'user[id]' => @user.id, :key => key)
-          flash[:notice] = 'Signup successful!'
-          if LoginEngine.config(:use_email_notification)
+          url = url_for(:action => 'home', :user_id => @user.id, :key => key)
+          flash[:notice] = 'Signup successful! Please log in.'
+          if LoginEngine.config(:use_email_notification) and LoginEngine.config(:confirm_account)
             UserNotify.deliver_signup(@user, params[:user][:password], url)
             flash[:notice] << ' Please check your registered email account to verify your account registration and continue with the login.'
           end
@@ -50,6 +55,7 @@ class UserController < ApplicationController
     rescue Exception => e
       flash.now[:notice] = nil
       flash.now[:warning] = 'Error creating account: confirmation email not sent'
+      logger.error "Unable to send confirmation E-Mail:"
       logger.error e
     end
   end
@@ -61,10 +67,11 @@ class UserController < ApplicationController
 
   def change_password
     return if generate_filled_in
-    #puts "original password: #{@user.salted_password}"
-    do_change_password_for(@user)
-    #@user.reload
-    #puts "final password value: #{@user.salted_password}"
+    if do_change_password_for(@user)
+      # since sometimes we're changing the password from within another action/template...
+      #redirect_to :action => params[:back_to] if params[:back_to]
+      redirect_back_or_default :action => 'change_password'
+    end
   end
 
   protected
@@ -73,17 +80,16 @@ class UserController < ApplicationController
         User.transaction(user) do
           user.change_password(params[:user][:password], params[:user][:password_confirmation])
           if user.save
-            #@user.reload
-            #puts "changed password: #{@user.salted_password}"
             if LoginEngine.config(:use_email_notification)
               UserNotify.deliver_change_password(user, params[:user][:password])
               flash[:notice] = "Updated password emailed to #{@user.email}"
             else
               flash[:notice] = "Password updated."
             end
-            # since sometimes we're changing the password from within another action/template...
-            redirect_to :action => params[:back_to] if params[:back_to]
+            return true
           else
+            flash[:warning] = 'There was a problem saving the password. Please retry.'
+            return false
           end
         end
       rescue
@@ -104,7 +110,7 @@ class UserController < ApplicationController
 
     # Email disabled... we are unable to provide the password
     if !LoginEngine.config(:use_email_notification)
-      flash[:message] = "Please contact the system admin at #{LoginEngine.config(:admin_email)} to retrieve your password."
+      flash[:message] = "Please contact the system admin at #{LoginEngine.config(:admin_email)} to reset your password."
       redirect_back_or_default :action => 'login'
       return
     end
@@ -121,7 +127,7 @@ class UserController < ApplicationController
       begin
         User.transaction(user) do
           key = user.generate_security_token
-          url = url_for(:action => 'change_password', 'user[id]' => user.id, :key => key)
+          url = url_for(:action => 'change_password', :user_id => user.id, :key => key)
           UserNotify.deliver_forgot_password(user, url)
           flash[:notice] = "Instructions on resetting your password have been emailed to #{params[:user][:email]}"
         end  
@@ -161,7 +167,11 @@ class UserController < ApplicationController
 
   def delete
     get_user_to_act_on
-    do_delete_user(@user)
+    if do_delete_user(@user)
+      logout
+    else
+      redirect_back_or_default :action => 'home'
+    end    
   end
   
   protected
@@ -171,21 +181,21 @@ class UserController < ApplicationController
           User.transaction(user) do
             key = user.set_delete_after
             if LoginEngine.config(:use_email_notification)
-              url = url_for(:action => 'restore_deleted', 'user[id]' => user.id, :key => key)
+              url = url_for(:action => 'restore_deleted', :user_id => user.id, :key => key)
               UserNotify.deliver_pending_delete(user, url)
             end
           end
         else
           destroy(@user)
         end
-        logout
+        return true
       rescue
         if LoginEngine.config(:use_email_notification)
           flash.now[:warning] = 'The delete instructions were not sent. Please try again later.'
         else
           flash.now[:notice] = 'The account has been scheduled for deletion. It will be removed in #{LoginEngine.config(:delayed_delete_days)} days.'
         end
-        redirect_back_or_default :action => 'home'
+        return false
       end
     end
     

data/vendor/plugins/login_engine/app/helpers/user_helper.rb

@@ -26,7 +26,7 @@ module UserHelper
         end)
 #      lname = "#{form_name}_#{field_name}_form"
 #      prompt = l(:"#{lname}")
-      if LoginEngine.config(:TwoColumnInput)
+      if LoginEngine.config(:two_column_input)
 <<-EOL
         <tr class="two_columns">
           <td class="prompt"><label>#{prompt}:</label></td>

data/vendor/plugins/login_engine/app/views/user/forgot_password.rhtml

@@ -7,7 +7,7 @@
     <p>Enter your email address in the field below and click 'Reset Password' to have instructions on how to retrieve your forgotten password emailed to you.</p>
 
     <%= start_form_tag_helper %>
-      <%= form_input :text_field, 'Email Address', 'email', :size => 30 %><br/>
+      <label>Email Address:</label> <%= text_field("user", "email", "size" => 30) %>
 
       <div class="button-bar">
         <%= submit_tag 'Submit request' %>
@@ -15,4 +15,4 @@
       </div>
     <%= end_form_tag %>
   </div>
-</div>
+</div>

data/vendor/plugins/login_engine/db/migrate/001_initial_schema.rb

@@ -0,0 +1,25 @@
+class InitialSchema < ActiveRecord::Migration
+  def self.up
+    create_table LoginEngine.config(:user_table), :force => true do |t|
+      t.column "login", :string, :limit => 80, :default => "", :null => false
+      t.column "salted_password", :string, :limit => 40, :default => "", :null => false
+      t.column "email", :string, :limit => 60, :default => "", :null => false
+      t.column "firstname", :string, :limit => 40
+      t.column "lastname", :string, :limit => 40
+      t.column "salt", :string, :limit => 40, :default => "", :null => false
+      t.column "verified", :integer, :default => 0
+      t.column "role", :string, :limit => 40
+      t.column "security_token", :string, :limit => 40
+      t.column "token_expiry", :datetime
+      t.column "created_at", :datetime
+      t.column "updated_at", :datetime
+      t.column "logged_in_at", :datetime
+      t.column "deleted", :integer, :default => 0
+      t.column "delete_after", :datetime
+    end
+  end
+
+  def self.down
+    drop_table LoginEngine.config(:user_table)
+  end
+end

data/vendor/plugins/login_engine/install.rb

@@ -0,0 +1,4 @@
+# Install the engines plugin if it has been already
+unless File.exist?(File.dirname(__FILE__) + "/../engines")
+  Commands::Plugin.parse!(['install', 'http://svn.rails-engines.org/plugins/engines']) 
+end

data/vendor/plugins/login_engine/lib/login_engine/authenticated_system.rb

@@ -54,7 +54,6 @@ module LoginEngine
   
       # call overwriteable reaction to unauthorized access
       access_denied
-      return false 
     end
 
     # overwrite if you want to have special behavior in case the user is not authorized
@@ -73,7 +72,7 @@ module LoginEngine
     end
 
     # move to the last store_location call or to the passed default one
-    def redirect_back_or_default(default)
+    def redirect_to_stored_or_default(default=nil)
       if session['return-to'].nil?
         redirect_to default
       else
@@ -82,13 +81,20 @@ module LoginEngine
       end
     end
 
+    def redirect_back_or_default(default=nil)
+      if request.env["HTTP_REFERER"].nil?
+        redirect_to default
+      else
+        redirect_to(request.env["HTTP_REFERER"]) # same as redirect_to :back
+      end
+    end
+
     def user?
       # First, is the user already authenticated?
       return true if not session[:user].nil?
 
       # If not, is the user being authenticated by a token?
-      return false if not params[:user]
-      id = params[:user][:id]
+      id = params[:user_id]
       key = params[:key]
       if id and key
         session[:user] = User.authenticate_by_token(id, key)
@@ -104,4 +110,4 @@ module LoginEngine
       session[:user]
     end
   end
-end  
+end  

data/vendor/plugins/login_engine/lib/login_engine/authenticated_user.rb

@@ -13,10 +13,11 @@ module LoginEngine
 
         attr_accessor :new_password
       
-        validates_presence_of :login, :on => :create
-        validates_length_of :login, :within => 3..40, :on => :create
-        validates_uniqueness_of :login, :on => :create
-        validates_uniqueness_of :email, :on => :create
+        validates_presence_of :login
+        validates_length_of :login, :within => 3..40
+        validates_uniqueness_of :login
+        validates_uniqueness_of :email
+        validates_format_of :email, :with => /^[^@]+@.+$/
 
         validates_presence_of :password, :if => :validate_password?
         validates_confirmation_of :password, :if => :validate_password?
@@ -27,9 +28,9 @@ module LoginEngine
       
         attr_accessor :password, :password_confirmation
       
-        after_save '@new_password = false'
+        after_save :falsify_new_password
         after_validation :crypt_password
-      
+
       end
       base.extend(ClassMethods)
     end
@@ -37,15 +38,15 @@ module LoginEngine
     module ClassMethods
     
       def authenticate(login, pass)
-        u = find_first(["login = ? AND verified = 1 AND deleted = 0", login])
+        u = find(:first, :conditions => ["login = ? AND verified = 1 AND deleted = 0", login])
         return nil if u.nil?
-        find_first(["login = ? AND salted_password = ? AND verified = 1", login, AuthenticatedUser.salted_password(u.salt, AuthenticatedUser.hashed(pass))])
+        find(:first, :conditions => ["login = ? AND salted_password = ? AND verified = 1", login, AuthenticatedUser.salted_password(u.salt, AuthenticatedUser.hashed(pass))])
       end
 
       def authenticate_by_token(id, token)
         # Allow logins for deleted accounts, but only via this method (and
         # not the regular authenticate call)
-        u = find_first(["id = ? AND security_token = ?", id, token])
+        u = find(:first, :conditions => ["id = ? AND security_token = ?", id, token])
         return nil if u.nil? or u.token_expired?
         return nil if false == u.update_expiry
         u
@@ -129,6 +130,11 @@ module LoginEngine
       end
     end
 
+    def falsify_new_password
+      @new_password = false
+      true
+    end
+
     def new_security_token(hours = nil)
       write_attribute('security_token', AuthenticatedUser.hashed(self.salted_password + Time.now.to_i.to_s + rand.to_s))
       write_attribute('token_expiry', Time.at(Time.now.to_i + token_lifetime(hours)))