refinerycms 0.9.5.30 → 0.9.5.31

data/vendor/plugins/authentication/app/controllers/sessions_controller.rb

@@ -5,12 +5,14 @@ class SessionsController < ApplicationController
 
   def create
     self.current_user = User.authenticate(params[:session][:login], params[:session][:password])
+
     if logged_in?
       if params[:session][:remember_me] == "1"
         current_user.remember_me unless current_user.remember_token?
         cookies[:auth_token] = {:value => self.current_user.remember_token ,
                                 :expires => self.current_user.remember_token_expires_at}
       end
+
       redirect_back_or_default(admin_root_url)
       flash[:notice] = "Logged in successfully"
     else
@@ -28,6 +30,7 @@ class SessionsController < ApplicationController
   end
 
 protected
+
   def take_down_for_maintenance?;end
 
 end

data/vendor/plugins/authentication/app/controllers/users_controller.rb

@@ -1,7 +1,6 @@
 class UsersController < ApplicationController
 
   # Protect these actions behind an admin login
-  # before_filter :admin_required, :only => [:suspend, :unsuspend, :destroy, :purge]
   before_filter :find_user, :only => [:suspend, :unsuspend, :destroy, :purge]
 
   filter_parameter_logging 'password', 'password_confirmation'
@@ -32,8 +31,8 @@ class UsersController < ApplicationController
           current_user.activate!
           current_user.update_attribute(:superuser, true) if User.count == 1 # this is the superuser if this user is the only user.
           redirect_back_or_default(admin_root_url)
-
           flash[:notice] = "Welcome to Refinery, #{current_user.login}."
+
           if User.count == 1 or RefinerySetting[:site_name] == "Company Name"
             refinery_setting = RefinerySetting.find_by_name("site_name")
             flash[:notice] << "<br/>First let's give the site a name. <a href='#{edit_admin_refinery_setting_url(refinery_setting)}'>Go here</a> to edit your website's name"
@@ -47,39 +46,55 @@ class UsersController < ApplicationController
 
   def activate
     self.current_user = params[:activation_code].blank? ? false : User.find_by_activation_code(params[:activation_code])
+
     if logged_in? && !current_user.active?
       current_user.activate!
       flash[:notice] = "Signup complete!"
     end
+
     redirect_back_or_default(root_url)
   end
 
-  def suspend
-    @user.suspend!
-    redirect_to users_path
-  end
+  def forgot
+    if request.post?
+      user = User.find_by_email(params[:user][:email])
+
+      if user
+        user.create_reset_code
+
+				begin
+					flash[:notice] = "An email has been sent to #{user.email} with a link to reset your password."
+					UserMailer.deliver_reset_notification(user, request)
+				rescue
+					info.logger "error: email could not be sent for user password reset"
+				end
+      else
+        flash[:notice] = "Sorry, #{params[:user][:email]} isn't associated with any acounts. Are you sure you typed the correct email address?"
+      end
 
-  def unsuspend
-    @user.unsuspend!
-    redirect_to users_path
+      redirect_back_or_default(forgot_url)
+    end
   end
 
-  def destroy
-    @user.delete!
-    redirect_to users_path
-  end
+	def reset
+		@user = User.find_by_reset_code(params[:reset_code]) unless params[:reset_code].nil?
 
-  def purge
-    @user.destroy
-    redirect_to users_path
-  end
+		if request.post?
+			if @user.update_attributes(:password => params[:user][:password], :password_confirmation => params[:user][:password_confirmation])
+				self.current_user = @user
+				@user.delete_reset_code
+
+				flash[:notice] = "Password reset successfully for #{@user.email}"
+				redirect_back_or_default(admin_root_url)
+			else
+				render :action => :reset
+			end
+		end
+	end
 
 protected
-  def take_down_for_maintenance?;end
 
-  def find_user
-    @user = User.find(params[:id])
-  end
+  def take_down_for_maintenance?;end
 
   def can_create_public_user
     User.count == 0

data/vendor/plugins/authentication/app/models/user.rb

@@ -1,5 +1,6 @@
 require 'digest/sha1'
 class User < ActiveRecord::Base
+	
   # Hack: Allow "rake gems:install" to run when this class is missing its gem dependency.
   # For further clarification on why, refer to:
   # https://rails.lighthouseapp.com/projects/8994/tickets/780-rake-gems-install-doesn-t-work-if-plugins-are-missing-gem-dependencies
@@ -10,8 +11,6 @@ class User < ActiveRecord::Base
     aasm_state :passive
     aasm_state :pending, :enter => :make_activation_code
     aasm_state :active,  :enter => :do_activate
-    aasm_state :suspended
-    aasm_state :deleted, :enter => :do_delete
 
     aasm_event :register do
       transitions :from => :passive, :to => :pending, :guard => Proc.new {|u| !(u.crypted_password.blank? && u.password.blank?) }
@@ -20,20 +19,6 @@ class User < ActiveRecord::Base
     aasm_event :activate do
       transitions :from => :pending, :to => :active
     end
-
-    aasm_event :suspend do
-      transitions :from => [:passive, :pending, :active], :to => :suspended
-    end
-
-    aasm_event :delete do
-      transitions :from => [:passive, :pending, :active, :suspended], :to => :deleted
-    end
-
-    aasm_event :unsuspend do
-      transitions :from => :suspended, :to => :active,  :guard => Proc.new {|u| !u.activated_at.blank? }
-      transitions :from => :suspended, :to => :pending, :guard => Proc.new {|u| !u.activation_code.blank? }
-      transitions :from => :suspended, :to => :passive
-    end
   end
 
   # Virtual attribute for the unencrypted password
@@ -49,13 +34,13 @@ class User < ActiveRecord::Base
   validates_uniqueness_of   :login, :email, :case_sensitive => false
   before_save :encrypt_password
 
-  serialize :plugins_column#, Array # this is seriously deprecated and will be removed later.
+  serialize :plugins_column # Array # this is seriously deprecated and will be removed later.
 
   has_many :plugins, :class_name => "UserPlugin", :order => "position ASC"
 
   # prevents a user from submitting a crafted form that bypasses activation
   # anything else you want your user to change should be added here.
-  attr_accessible :login, :email, :password, :password_confirmation, :plugins
+  attr_accessible :login, :email, :password, :password_confirmation, :plugins, :reset_code
 
   # Authenticates a user by their login name and unencrypted password.  Returns the user or nil.
   def self.authenticate(login, password)
@@ -125,30 +110,44 @@ class User < ActiveRecord::Base
     !self.superuser and User.count > 1 and (current_user.nil? or self.id != current_user.id)
   end
 
-  protected
-    # before filter
-    def encrypt_password
-      return if password.blank?
-      self.salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}--#{login}--") if new_record?
-      self.crypted_password = encrypt(password)
-    end
+  def create_reset_code
+    @reset = true
+		code = Digest::SHA1.hexdigest( Time.now.to_s.split(//).sort_by {rand}.join )
+    self.attributes = {:reset_code => code[0..6]}
+    save(false)
+  end 
+  
+  def recently_reset?
+    @reset
+  end
 
-    def password_required?
-      crypted_password.blank? || !password.blank?
-    end
+  def delete_reset_code
+    self.attributes = {:reset_code => nil}
+    save(false)
+  end
 
-    def make_activation_code
-      self.deleted_at = nil
-      self.activation_code = Digest::SHA1.hexdigest( Time.now.to_s.split(//).sort_by {rand}.join )
-    end
+protected
 
-    def do_delete
-      self.deleted_at = Time.now.utc
-    end
+  # before filter
+  def encrypt_password
+    return if password.blank?
+    self.salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}--#{login}--") if new_record?
+    self.crypted_password = encrypt(password)
+  end
 
-    def do_activate
-      @activated = true
-      self.activated_at = Time.now.utc
-      self.deleted_at = self.activation_code = nil
-    end
-end
+  def password_required?
+    crypted_password.blank? || !password.blank?
+  end
+
+  def make_activation_code
+    self.deleted_at = nil
+    self.activation_code = Digest::SHA1.hexdigest( Time.now.to_s.split(//).sort_by {rand}.join )
+  end
+
+  def do_activate
+    @activated = true
+    self.activated_at = Time.now.utc
+    self.deleted_at = self.activation_code = nil
+  end
+
+end

data/vendor/plugins/authentication/app/models/user_mailer.rb

@@ -1,23 +1,16 @@
 class UserMailer < ActionMailer::Base
 
-  def signup_notification(user)
+  def reset_notification(user, request)
     setup_email(user)
-    @subject    += 'Please activate your new account'
-    @body[:url]  = "http://YOURSITE/activate/#{user.activation_code}"
-  end
-
-  def activation(user)
-    setup_email(user)
-    @subject    += 'Your account has been activated!'
-    @body[:url]  = "http://YOURSITE/"
+    @subject    += 'Link to reset your password'
+    @body[:url]  = "#{request.protocol}#{request.host_with_port}/reset/#{user.reset_code}"
   end
 
 protected
 
   def setup_email(user)
-    @recipients  = "#{user.email}"
-    @from        = "ADMINEMAIL"
-    @subject     = "[YOURSITE] "
+    @recipients  = user.email
+    @subject     = ""
     @sent_on     = Time.now
     @body[:user] = user
   end

data/vendor/plugins/authentication/app/views/sessions/new.html.erb

@@ -9,6 +9,9 @@
       <%= f.password_field :password %>
     </div>
   </div>
+  <div class='field forgot_password'>
+    <%= link_to "I forgot my password", forgot_url %>
+  </div>
   <div class='field remember_me'>
     <%= f.label :remember_me, nil %>
     <%= f.check_box :remember_me %>

data/vendor/plugins/authentication/app/views/user_mailer/reset_notification.html.erb

@@ -0,0 +1,6 @@
+Request to reset password received for <%= @user.login %>
+
+Visit this url to choose a new password:
+  <%= @url %>
+  
+(Your password will remain the same if no action is taken)

data/vendor/plugins/authentication/app/views/users/forgot.html.erb

@@ -0,0 +1,13 @@
+<%= error_messages_for :user %>
+<% form_for :user do |f| -%>
+  <p>Enter the email address for your account.</p>
+  <div class='field'>
+    <%= f.label :email %>
+    <%= f.text_field :email %>
+  </div>
+  <div class='form-actions'>
+    <%= submit_tag 'Reset password' %>
+    or
+    <%= link_to "Cancel", login_url %>
+  </div>
+<% end -%>

data/vendor/plugins/authentication/app/views/users/reset.html.erb

@@ -0,0 +1,18 @@
+<%= error_messages_for :user %>
+<% form_for :user do |f| -%>
+  <p>Pick a new password for <%= @user.email %></p>
+  <div class='field'>
+    <%= f.label :password %>
+    <%= f.password_field :password %>
+  </div>
+  <div class='field'>
+    <%= f.label :password_confirmation %>
+    <%= f.password_field :password_confirmation %>
+  </div>
+  
+  <div class='form-actions'>
+    <%= submit_tag 'Reset password' %>
+    or
+    <%= link_to "Cancel", login_url %>
+  </div>
+<% end -%>

data/vendor/plugins/authentication/authentication.md

@@ -0,0 +1,7 @@
+# Authentication
+
+## About
+
+At the heart of Refinery's user management is the authentication plugin located in ``vendor/plugins/authentication``
+
+What this really is is just a standard [RESTFul authentication](http://github.com/technoweenie/restful-authentication) install extended with a few extra features like "I forgot my password" and hooked directly into the heart of Refinery's plugin system.

data/vendor/plugins/authentication/config/routes.rb

@@ -1,10 +1,15 @@
 ActionController::Routing::Routes.draw do |map|
+	
   map.resources :users
   map.resource :session
+
   map.namespace(:admin) do |admin|
     admin.resources :users
   end
 
   map.login  '/login', :controller => 'sessions', :action => 'new'
   map.logout '/logout', :controller => 'sessions', :action => 'destroy'
-end
+	map.forgot '/forgot', :controller => 'users', :action => 'forgot'
+	map.reset 'reset/:reset_code', :controller => 'users', :action => 'reset'
+
+end

data/vendor/plugins/dashboard/dashboard.md

@@ -0,0 +1,22 @@
+# Dashboard
+
+![Refinery Dashboard](http://refinerycms.com/system/images/0000/0576/dashboard.png)
+
+## About
+
+Refinery's dashboard is a plugin that does two simple things
+
+* Reports recent activity on all the core plugins
+* Provides convenient links to common tasks.
+
+## How do I hook my custom plugin into the recent activity log?
+
+Read in plugins.rdoc the section titled "Getting your plugin to report activity in the dashboard"
+
+## Related Settings
+
+### "Activity Show Limit"
+
+This allows you to specify how many items should show up in your recent activity list.
+
+Example: if we set the activity show limit to 5, only 5 items will show in the recent activity.

data/vendor/plugins/images/images.md

@@ -0,0 +1,46 @@
+# Images
+
+![Refinery Images](http://refinerycms.com/system/images/0000/0616/images.png)
+
+## About
+
+All Refinery's images are stored in one place, the images plugin. This plugin: 
+
+* Reports recent activity on all the core plugins
+* Provides convenient links to common tasks.
+
+## Generating Thumbnails
+
+Refinery lets you generate a range of thumbnails when an image is uploaded so you can output this on a page in an appropriate size.
+
+To specify the sizes of your thumbnails edit the "Image Thumbnails" setting.
+
+This setting is stored as a serialize hash and is directly passed to attachment_fu
+
+Here's what the default looks like
+
+    --- 
+    :grid: c135x135
+    :lightbox: 500x500>
+    :dialog_thumb: c106x106
+    :medium: 225x255
+    :preview: c96x96
+    :thumb: 50x50
+    :side_body: 300x500
+
+Refinery requires some of these so you won't want to delete any, but add new ones to meet your design needs. Each thumbnail is not just a size guide but a RMagick geometry string that allows you to define min and max size too.
+
+Refinery also extends the geometry string support to allow cropping. Here's some examples
+
+    :grid: c135x135
+  
+This will crop (_that's what the "c" stands for_) the image down to ``135x135`` exactly without stretching the image.
+
+_Note: you will have to restart your web server after changing this setting for the changes to take effect._
+
+## Related Settings
+
+### "Preferred Image View"
+
+Set to ``"grid"`` to get your images to display as a grid of thumbnails
+Set to ``"list"`` to get your images to display as a list with image titles.

data/vendor/plugins/inquiries/app/controllers/inquiries_controller.rb

@@ -4,18 +4,10 @@ class InquiriesController < ApplicationController
 
   def thank_you
     @page = Page.find_by_menu_match("^/inquiries/thank_you$", :include => [:parts, :slugs])
-
-    respond_to do |wants|
-      wants.html
-    end
   end
 
   def new
     @inquiry = Inquiry.new
-
-    respond_to do |wants|
-      wants.html
-    end
   end
 
   def create

data/vendor/plugins/inquiries/app/views/admin/inquiries/show.html.erb

@@ -27,7 +27,7 @@
         <strong>From</strong>
       </td>
       <td>
-        <%= @inquiry.name %> [<%= mail_to @inquiry.email, @inquiry.email, {:title => "Click to email this address"} %>]
+        <%=h @inquiry.name %> [<%= mail_to @inquiry.email, @inquiry.email, {:title => "Click to email this address"} %>]
       </td>
     </tr>
     <% unless @inquiry.phone.blank? %>
@@ -36,7 +36,7 @@
           <strong>Phone</strong>
         </td>
         <td>
-          <%= @inquiry.phone %>
+          <%=h @inquiry.phone %>
         </td>
       </tr>
     <% end %>
@@ -54,7 +54,7 @@
       </td>
       <td>
         <p style='margin-top: 0px'>
-          <%= @inquiry.message.gsub("\r\n\r\n", "\r\n").gsub("\r\n", "</p><p>") %>
+          <%=h @inquiry.message.gsub("\r\n\r\n", "\r\n").gsub("\r\n", "</p><p>") %>
         </p>
       </td>
     </tr>