From ae7ac63a9dbe101854f46497460f6e211f1bf35d Mon Sep 17 00:00:00 2001
From: Alexey Verkhovsky <averkhov@thoughtworks.com>
Date: Sat, 26 Mar 2005 15:43:59 +0000
Subject: [PATCH] Fixed web password protection (was broken by earlier
 refactoring), also adcded some user-friendlines to it

---
 app/controllers/application.rb     | 11 ++++++++++-
 app/controllers/wiki_controller.rb | 10 +---------
 app/views/wiki/login.rhtml         | 11 +++++++----
 3 files changed, 18 insertions(+), 14 deletions(-)

diff --git a/app/controllers/application.rb b/app/controllers/application.rb
index f6e15080..47a267e7 100644
--- a/app/controllers/application.rb
+++ b/app/controllers/application.rb
@@ -31,7 +31,7 @@ class ApplicationController < ActionController::Base
     if in_a_web? and 
         not authorized? and 
         not %w( login authenticate published ).include?(@action_name)
-      redirect_to :action => 'login'
+      redirect_to :action => 'login', :web => @web_name
       return false
     end
   end
@@ -72,6 +72,15 @@ class ApplicationController < ActionController::Base
     not @web_name.nil?
   end
 
+  def password_check(password)
+    if password == @web.password
+      cookies['web_address'] = password
+      true
+    else
+      false
+    end
+  end
+
   def password_error(password)
     if password.nil? or password.empty?
       'Please enter the password.'
diff --git a/app/controllers/wiki_controller.rb b/app/controllers/wiki_controller.rb
index 184e8d56..29f520ef 100644
--- a/app/controllers/wiki_controller.rb
+++ b/app/controllers/wiki_controller.rb
@@ -25,6 +25,7 @@ class WikiController < ApplicationController
     if password_check(@params['password'])
       redirect_show('HomePage')
     else 
+      flash[:info] = password_error(@params['password'])
       redirect_to :action => 'login', :web => @web_name
     end
   end
@@ -308,15 +309,6 @@ class WikiController < ApplicationController
     [ limit, start_date, end_date ]
   end
   
-  def password_check(password)
-    if password == @web.password
-      cookies['web_address'] = password
-      true
-    else
-      false
-    end
-  end
-
   def remote_ip
     ip = @request.remote_ip
     logger.info(ip)
diff --git a/app/views/wiki/login.rhtml b/app/views/wiki/login.rhtml
index a6941c72..785cc042 100644
--- a/app/views/wiki/login.rhtml
+++ b/app/views/wiki/login.rhtml
@@ -1,8 +1,11 @@
 <% @title = "#{@web_name} Login" %><% @hide_navigation = true %>
 
-<form action="authenticate" method="post">
-<p>
+
+<%= form_tag({ :controller => 'wiki', :action => 'authenticate', :web => @web.address},
+    {'id' => 'loginForm', 'method' => 'post'})
+%>
+  <p>
     <b>Password</b><br />
     <input type="password" name="password" />
-</p>
-</form>
+  </p>
+<%= end_form_tag %>