upgraded clearance to 0.8.2

Daniel Croak
1 parent 726dd83e
Showing 104 changed files with 2065 additions and 2120 deletions Show diff stats
config/environment.rb
vendor/gems/thoughtbot-clearance-0.7.0/.specification
vendor/gems/thoughtbot-clearance-0.7.0/CHANGELOG.textile
vendor/gems/thoughtbot-clearance-0.7.0/LICENSE
vendor/gems/thoughtbot-clearance-0.7.0/README.textile
vendor/gems/thoughtbot-clearance-0.7.0/Rakefile
vendor/gems/thoughtbot-clearance-0.7.0/TODO.textile
vendor/gems/thoughtbot-clearance-0.7.0/app/controllers/clearance/confirmations_controller.rb
vendor/gems/thoughtbot-clearance-0.7.0/app/controllers/clearance/passwords_controller.rb
vendor/gems/thoughtbot-clearance-0.7.0/app/controllers/clearance/sessions_controller.rb
vendor/gems/thoughtbot-clearance-0.7.0/app/controllers/clearance/users_controller.rb
vendor/gems/thoughtbot-clearance-0.7.0/app/models/clearance_mailer.rb
vendor/gems/thoughtbot-clearance-0.7.0/app/views/clearance_mailer/change_password.html.erb
vendor/gems/thoughtbot-clearance-0.7.0/app/views/clearance_mailer/confirmation.html.erb
vendor/gems/thoughtbot-clearance-0.7.0/app/views/passwords/edit.html.erb
vendor/gems/thoughtbot-clearance-0.7.0/app/views/passwords/new.html.erb
vendor/gems/thoughtbot-clearance-0.7.0/app/views/sessions/new.html.erb
vendor/gems/thoughtbot-clearance-0.7.0/app/views/users/_form.html.erb
vendor/gems/thoughtbot-clearance-0.7.0/app/views/users/new.html.erb
vendor/gems/thoughtbot-clearance-0.7.0/config/clearance_routes.rb
@@ -49,7 +49,7 @@ Rails::Initializer.run do |config|
   config.gem "thoughtbot-clearance", 
     :lib     => 'clearance', 
     :source  => 'http://gems.github.com', 
-    :version => '0.7.0'
+    :version => '0.8.2'
   config.gem "activemerchant",
     :lib     => 'active_merchant',
     :version => '1.4.2'
@@ -1,145 +0,0 @@
---- !ruby/object:Gem::Specification 
-name: thoughtbot-clearance
-version: !ruby/object:Gem::Version 
-  version: 0.7.0
-platform: ruby
-authors: 
-- Dan Croak
-- Mike Burns
-- Jason Morrison
-- Joe Ferris
-- Eugene Bolshakov
-- Nick Quaranto
-- Josh Nichols
-- Mike Breen
-- "Marcel G\xC3\xB6rner"
-- Bence Nagy
-- Ben Mabey
-- Eloy Duran
-- Tim Pope
-- Mihai Anca
-- Mark Cornick
-- Shay Arnett
-autorequire: 
-bindir: bin
-cert_chain: []
-
-date: 2009-08-04 00:00:00 -04:00
-default_executable: 
-dependencies: []
-
-description: Rails authentication with email & password.
-email: support@thoughtbot.com
-executables: []
-
-extensions: []
-
-extra_rdoc_files: []
-
-files: 
-- CHANGELOG.textile
-- LICENSE
-- Rakefile
-- README.textile
-- TODO.textile
-- app/controllers
-- app/controllers/clearance
-- app/controllers/clearance/confirmations_controller.rb
-- app/controllers/clearance/passwords_controller.rb
-- app/controllers/clearance/sessions_controller.rb
-- app/controllers/clearance/users_controller.rb
-- app/models
-- app/models/clearance_mailer.rb
-- app/views
-- app/views/clearance_mailer
-- app/views/clearance_mailer/change_password.html.erb
-- app/views/clearance_mailer/confirmation.html.erb
-- app/views/passwords
-- app/views/passwords/edit.html.erb
-- app/views/passwords/new.html.erb
-- app/views/sessions
-- app/views/sessions/new.html.erb
-- app/views/users
-- app/views/users/_form.html.erb
-- app/views/users/new.html.erb
-- config/clearance_routes.rb
-- generators/clearance
-- generators/clearance/clearance_generator.rb
-- generators/clearance/lib
-- generators/clearance/lib/insert_commands.rb
-- generators/clearance/lib/rake_commands.rb
-- generators/clearance/templates
-- generators/clearance/templates/factories.rb
-- generators/clearance/templates/migrations
-- generators/clearance/templates/migrations/create_users.rb
-- generators/clearance/templates/migrations/update_users.rb
-- generators/clearance/templates/README
-- generators/clearance/templates/user.rb
-- generators/clearance/USAGE
-- generators/clearance_features
-- generators/clearance_features/clearance_features_generator.rb
-- generators/clearance_features/templates
-- generators/clearance_features/templates/features
-- generators/clearance_features/templates/features/password_reset.feature
-- generators/clearance_features/templates/features/sign_in.feature
-- generators/clearance_features/templates/features/sign_out.feature
-- generators/clearance_features/templates/features/sign_up.feature
-- generators/clearance_features/templates/features/step_definitions
-- generators/clearance_features/templates/features/step_definitions/clearance_steps.rb
-- generators/clearance_features/templates/features/step_definitions/factory_girl_steps.rb
-- generators/clearance_features/templates/features/support
-- generators/clearance_features/templates/features/support/paths.rb
-- generators/clearance_features/USAGE
-- generators/clearance_views
-- generators/clearance_views/clearance_views_generator.rb
-- generators/clearance_views/templates
-- generators/clearance_views/templates/formtastic
-- generators/clearance_views/templates/formtastic/passwords
-- generators/clearance_views/templates/formtastic/passwords/edit.html.erb
-- generators/clearance_views/templates/formtastic/passwords/new.html.erb
-- generators/clearance_views/templates/formtastic/sessions
-- generators/clearance_views/templates/formtastic/sessions/new.html.erb
-- generators/clearance_views/templates/formtastic/users
-- generators/clearance_views/templates/formtastic/users/_inputs.html.erb
-- generators/clearance_views/templates/formtastic/users/new.html.erb
-- generators/clearance_views/USAGE
-- lib/clearance
-- lib/clearance/authentication.rb
-- lib/clearance/extensions
-- lib/clearance/extensions/errors.rb
-- lib/clearance/extensions/rescue.rb
-- lib/clearance/extensions/routes.rb
-- lib/clearance/user.rb
-- lib/clearance.rb
-- shoulda_macros/clearance.rb
-- rails/init.rb
-has_rdoc: true
-homepage: http://github.com/thoughtbot/clearance
-licenses: []
-
-post_install_message: 
-rdoc_options: []
-
-require_paths: 
-- lib
-required_ruby_version: !ruby/object:Gem::Requirement 
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      version: "0"
-  version: 
-required_rubygems_version: !ruby/object:Gem::Requirement 
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      version: "0"
-  version: 
-requirements: []
-
-rubyforge_project: 
-rubygems_version: 1.3.4
-signing_key: 
-specification_version: 3
-summary: Rails authentication with email & password.
-test_files: []
-
@@ -1,176 +0,0 @@
-h2. 0.7.0 (08/04/2009)
-
-* Redirect signed in user who clicks confirmation link again. (Dan Croak)
-* Redirect signed out user who clicks confirmation link again. (Dan Croak)
-* Added signed_out? convenience method for controllers, helpers, views. (Dan
-Croak)
-* Added clearance_views generator. By default, creates formtastic views which
-pass all tests and features. (Dan Croak)
-
-h2. 0.6.9 (07/04/2009)
-
-* Added timestamps to create users migration. (Dan Croak)
-* Ready for Ruby 1.9. (Jason Morrison, Nick Quaranto)
-
-h2. 0.6.8 (06/24/2009)
-
-* Added defined? checks for various Rails constants such as ActionController
-for easier unit testing of Clearance extensions... particularly ActiveRecord
-extensions... particularly strong_password. (Dan Croak)
-
-h2. 0.6.7 (06/13/2009)
-
-* [#30] Added sign_up, sign_in, sign_out named routes. (Dan Croak)
-* [#22] Minimizing Reek smell: Duplication in redirect_back_or. (Dan Croak)
-* Deprecated sign_user_in. Told developers to use sign_in instead. (Dan
-Croak)
-* [#16] flash_success_after_create, flash_notice_after_create, flash_failure_after_create, flash_sucess_after_update, flash_success_after_destroy, etc. (Dan Croak)
-* [#17] bug. added #create to forbidden before_filters on confirmations controller. (Dan Croak)
-* [#24] should_be_signed_in_as shouldn't look in the session. (Dan Croak)
-* README improvements. (Dan Croak)
-* Move routes loading to separate file. (Joshua Clayton)
-
-h2. 0.6.6 (05/18/2009)
-
-* [#14] replaced class_eval in Clearance::User with modules. This was needed
-in a thoughtbot client app so we could write our own validations. (Dan Croak)
-
-h2. 0.6.5 (05/17/2009)
-
-* [#6] Make Clearance i18n aware. (Timur Vafin, Marcel Goerner, Eugene Bolshakov, Dan Croak)
-
-h2. 0.6.4 (05/12/2009)
-
-* Moved issue tracking to Github from Lighthouse. (Dan Croak)
-* [#7] asking higher-level questions of controllers in webrat steps, such as signed_in? instead of what's in the session. same for accessors. (Dan Croak)
-* [#11] replacing sign_in_as & sign_out shoulda macros with a stubbing (requires no dependency) approach. this will avoid dealing with the internals of current_user, such as session & cookies. added sign_in macro which signs in an email confirmed user from clearance's factories. (Dan Croak)
-* [#13] move private methods on sessions controller into Clearance::Authentication module (Dan Croak)
-* [#9] audited flash keys. (Dan Croak)
-
-h2. 0.6.3 (04/23/2009)
-
-* Scoping ClearanceMailer properly within controllers so it works in production environments. (Nick Quaranto)
-
-h2. 0.6.2 (04/22/2009)
-
-* Insert Clearance::User into User model if it exists. (Nick Quaranto)
-* World(NavigationHelpers) Cucumber 3.0 style. (Shay Arnett & Mark Cornick)
-
-h2. 0.6.1 (04/21/2009)
-* Scope operators are necessary to keep Rails happy. Reverting the original
-revert so they're back in the library now for constants referenced inside of
-the gem. (Nick Quaranto)
-
-h2. 0.6.0 (04/21/2009)
-
-* Converted Clearance to a Rails engine. (Dan Croak & Joe Ferris)
-* Include Clearance::User in User model in app. (Dan Croak & Joe Ferris)
-* Include Clearance::Authentication in ApplicationController. (Dan Croak & Joe Ferris)
-* Namespace controllers under Clearance. (Dan Croak & Joe Ferris)
-* Routes move to engine, use namespaced controllers but publicly the same. (Dan Croak & Joe Ferris)
-* If you want to override a controller, subclass it like SessionsController <
-Clearance::SessionsController. This gives you access to usual hooks such as
-url_after_create. (Dan Croak & Joe Ferris)
-* Controllers, mailer, model, routes all unit tested inside engine. Use
-script/generate clearance_features to test integration of Clearance with your
-Rails app. No longer including modules in your app's test files. (Dan Croak & Joe Ferris)
-* Moved views to engine. (Joe Ferris)
-* Converted generated test/factories/clearance.rb to use inheritence for
-email_confirmed_user. (Dan Croak)
-* Corrected some spelling errors with methods (Nick Quaranto)
-* Converted "I should see error messages" to use a regex in the features (Nick
-Quaranto)
-* Loading clearance routes after rails routes via some monkeypatching (Nick
-Quaranto)
-* Made the clearance controllers unloadable to stop constant loading errors in
-development mode (Nick Quaranto)
-
-h2. 0.5.6 (4/11/2009)
-
-* [#57] Step definition changed for "User should see error messages" so
-features won't fail for certain validations. (Nick Quaranto)
-
-h2. 0.5.5 (3/23/2009)
-
-* Removing duplicate test to get rid of warning. (Nick Quaranto)
-
-h2. 0.5.4 (3/21/2009)
-
-* When users fail logging in, redirect them instead of rendering. (Matt
-Jankowski)
-
-h2. 0.5.3 (3/5/2009)
-
-* Clearance now works with (and requires) Shoulda 2.10.0. (Mark Cornick, Joe
-Ferris, Dan Croak)
-* Prefer flat over nested contexts in sessions_controller_test. (Joe Ferris,
-Dan Croak)
-
-h2. 0.5.2 (3/2/2009)
-
-* Fixed last remaining errors in Rails 2.3 tests. Now fully compatible. (Joe
-Ferris, Dan Croak)
-
-h2. 0.5.1 (2/27/2009)
-
-* [#46] A user with unconfirmed email who resets password now confirms email.
-(Marcel Görner)
-* Refactored user_from_cookie, user_from_session, User#authenticate to use
-more direct return code instead of ugly, harder to read ternary. (Dan Croak)
-* Switch order of cookies and sessions to take advantage of Rails 2.3's "Rack-based lazy-loaded sessions":http://is.gd/i23E. (Dan Croak)
-* Altered generator to interact with application_controller.rb instead of
-application.rb in Rails 2.3 apps. (Dan Croak)
-* [#42] Bug fix. Rack-based session change altered how to test remember me
-cookie. (Mihai Anca)
-
-h2. 0.5.0 (2/27/2009)
-
-* Fixed problem with Cucumber features. (Dan Croak)
-* Fixed mising HTTP fluency use case. (Dan Croak)
-* Refactored User#update_password to take just parameters it needs. (Dan
-Croak)
-* Refactored User unit tests to be more readable. (Dan Croak)
-
-h2. 0.4.9 (2/20/2009)
-
-* Protect passwords & confirmations actions with forbidden filters. (Dan Croak)
-* Return 403 Forbidden status code in those cases. (Tim Pope)
-* Test 403 Forbidden status code in Cucumber feature. (Dan Croak, Joe Ferris)
-* Raise custom ActionController::Forbidden error internally. (Joe Ferris, Mike Burns, Jason Morrison)
-* Test ActionController::Forbidden error is raised in functional test. (Joe Ferris, Mike Burns, Dan Croak)
-* [#45] Fixed bug that allowed anyone to edit another user's password (Marcel Görner)
-* Required Factory Girl >= 1.2.0. (Dan Croak)
-
-h2. 0.4.8 (2/16/2009)
-
-* Added support paths for Cucumber. (Ben Mabey)
-* Added documentation for the flash. (Ben Mabey)
-* Generators require "test_helper" instead of File.join. for rr compatibility. (Joe Ferris)
-* Removed interpolated email address from flash message to make i18n easier. (Bence Nagy)
-* Standardized flash messages that refer to email delivery. (Dan Croak)
-
-h2. 0.4.7 (2/12/2009)
-
-* Removed Clearance::Test::TestHelper so there is one less setup step. (Dan Croak)
-* All test helpers now in shoulda_macros. (Dan Croak)
-
-h2. 0.4.6 (2/11/2009)
-
-* Made the modules behave like mixins again. (hat-tip Eloy Duran)
-* Created Actions and PrivateMethods modules on controllers for future RDoc reasons. (Dan Croak, Joe Ferris)
-
-h2. 0.4.5 (2/9/2009)
-
-* [#43] Removed email downcasing because local-part is case sensitive per RFC5321. (Dan Croak)
-* [#42] Removed dependency on Mocha. (Dan Croak)
-* Required Shoulda >= 2.9.1. (Dan Croak)
-* Added password reset feature to clearance_features generator. (Eugene Bolshakov, Dan Croak)
-* Removed unnecessary session[:salt]. (Dan Croak)
-* [#41] Only store location for session[:return_to] for GET requests. (Dan Croak)
-* Audited "sign up" naming convention. "Register" had slipped in a few places. (Dan Croak)
-* Switched to SHA1 encryption. Cypher doesn't matter much for email confirmation, password reset. Better to have shorter hashes in the emails for clients who line break on 72 chars. (Dan Croak)
-
-h2. 0.4.4 (2/2/2009)
-
-* Added a generator for Cucumber features. (Joe Ferris, Dan Croak)
-* Standarized naming for "Sign up," "Sign in," and "Sign out". (Dan Croak) 
@@ -1,21 +0,0 @@
-The MIT License
-
-Copyright (c) 2008 thoughtbot, inc.
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
@@ -1,123 +0,0 @@
-h1. Clearance
-
-Rails authentication with email & password.
-
-"We have clearance, Clarence.":http://www.youtube.com/v/mNRXJEE3Nz8
-
-h2. Wiki
-
-Most information regarding Clearance is on the "Github Wiki":http://wiki.github.com/thoughtbot/clearance.
-
-h2. Installation
-
-Clearance is a Rails engine. It works with versions of Rails greater than 2.3.
-
-In config/environment.rb:
-
-<pre>
-config.gem "thoughtbot-clearance", 
-  :lib     => 'clearance', 
-  :source  => 'http://gems.github.com', 
-  :version => '0.6.9'
-</pre>
-
-Vendor the gem:
-
-<pre>
-rake gems:install
-rake gems:unpack
-</pre>
-
-Make sure the development database exists and run the generator:
-
-@script/generate clearance@
-
-A number of files will be created and instructions will be printed.
-
-You may already have some of these files. Don't worry. You'll be asked if you want to overwrite them.
-
-Run the migration:
-
-@rake db:migrate@
-
-Define a HOST constant in your environment files.
-In config/environments/test.rb and config/environments/development.rb it can be:
-
-@HOST = "localhost"@
-
-In production.rb it must be the actual host your application is deployed to.
-The constant is used by mailers to generate URLs in emails.
-
-In config/environment.rb:
-
-@DO_NOT_REPLY = "donotreply@example.com"@
-
-Define root_url to *something* in your config/routes.rb:
-
-@map.root :controller => 'home'@
-
-h2. Cucumber Features
-
-As your app evolves, you want to know that authentication still works. Clearance's opinion is that you should test its integration with your app using "Cucumber":http://cukes.info/.
-
-In config/environments/test.rb:
-
-<pre>
-config.gem 'webrat',
-  :version => '= 0.4.4'
-config.gem 'cucumber',
-  :version => '= 0.3.0'
-config.gem 'thoughtbot-factory_girl',
-  :lib     => 'factory_girl',
-  :source  => "http://gems.github.com", 
-  :version => '1.2.1'
-</pre>
-
-Vendor the gems:
-
-<pre>
-rake gems:install RAILS_ENV=test
-rake gems:unpack  RAILS_ENV=test
-</pre>
-
-We don't vendor nokogiri due to its native extensions, so install it normally on your machine:
-
-@sudo gem install nokogiri@
-
-Run the Cucumber generator (if you haven't already) and Clearance's feature generator:
-
-<pre>
-script/generate cucumber
-script/generate clearance_features
-</pre>
-
-All of the files generated should be new with the exception of the features/support/paths.rb file. If you have not modified your paths.rb then you will be okay to replace it with this one. If you need to keep your paths.rb file then add these locations in your paths.rb manually:
-
-<pre>
-def path_to(page_name)
-  case page_name
-   ...
-  when /the sign up page/i
-   new_user_path
-  when /the sign in page/i
-   new_session_path
-  when /the password reset request page/i
-   new_password_path
-  ...
-end
-</pre>
-
-h2. Authors
-
-Clearance was extracted out of "Hoptoad":http://hoptoadapp.com. We merged the authentication code from two of thoughtbot's clients' Rails apps and have since used it each time we need authentication. The following people have improved the library. Thank you!
-
-Dan Croak, Mike Burns, Jason Morrison, Joe Ferris, Eugene Bolshakov, Nick Quaranto, Josh Nichols, Mike Breen, Marcel Görner, Bence Nagy, Ben Mabey, Eloy Duran, Tim Pope, Mihai Anca, Mark Cornick, Shay Arnett, Joshua Clayton & Mustafa Ekim.
-
-h2. Questions?
-
-Ask the "mailing list":http://groups.google.com/group/thoughtbot-clearance
-
-h2. Suggestions, Bugs, Refactoring?
-
-Fork away and create a "Github Issue":http://github.com/thoughtbot/clearance/issues. Please don't send pull requests.
-
@@ -1,103 +0,0 @@
-# encoding: utf-8
-
-require 'rake'
-require 'rake/testtask'
-require 'cucumber/rake/task'
-
-namespace :test do
-  Rake::TestTask.new(:basic => ["generator:cleanup",
-                                "generator:clearance",
-                                "generator:clearance_features"]) do |task|
-    task.libs << "lib"
-    task.libs << "test"
-    task.pattern = "test/**/*_test.rb"
-    task.verbose = false
-  end
-
-  Rake::TestTask.new(:views => ["generator:clearance_views"]) do |task|
-    task.libs << "lib"
-    task.libs << "test"
-    task.pattern = "test/**/*_test.rb"
-    task.verbose = false
-  end
-
-  Cucumber::Rake::Task.new(:features) do |t|
-    t.cucumber_opts   = "--format progress"
-    t.feature_pattern = "test/rails_root/features/*.feature"
-  end
-
-  Cucumber::Rake::Task.new(:features_for_views) do |t|
-    t.cucumber_opts   = "--format progress"
-    t.feature_pattern = "test/rails_root/features/*.feature"
-  end
-end
-
-generators = %w(clearance clearance_features clearance_views)
-
-namespace :generator do
-  desc "Cleans up the test app before running the generator"
-  task :cleanup do
-    generators.each do |generator|
-      FileList["generators/#{generator}/templates/**/*.*"].each do |each|
-        file = "test/rails_root/#{each.gsub("generators/#{generator}/templates/",'')}"
-        File.delete(file) if File.exists?(file)
-      end
-    end
-
-    FileList["test/rails_root/db/**/*"].each do |each| 
-      FileUtils.rm_rf(each)
-    end
-
-    FileUtils.rm_rf("test/rails_root/vendor/plugins/clearance")
-    FileUtils.mkdir_p("test/rails_root/vendor/plugins")
-    clearance_root = File.expand_path(File.dirname(__FILE__))
-    system("ln -s #{clearance_root} test/rails_root/vendor/plugins/clearance")
-
-    FileUtils.rm_rf("test/rails_root/app/views/passwords")
-    FileUtils.rm_rf("test/rails_root/app/views/sessions")
-    FileUtils.rm_rf("test/rails_root/app/views/users")
-  end
-
-  desc "Run the clearance generator"
-  task :clearance do
-    system "cd test/rails_root && ./script/generate clearance && rake db:migrate db:test:prepare"
-  end
-
-  desc "Run the clearance features generator"
-  task :clearance_features do
-    system "cd test/rails_root && ./script/generate clearance_features"
-  end
-
-  desc "Run the clearance views generator"
-  task :clearance_views do
-    system "cd test/rails_root && ./script/generate clearance_views"
-  end
-end
-
-desc "Run the test suite"
-task :default => ['test:basic', 'test:features',
-                  'test:views', 'test:features_for_views']
-
-gem_spec = Gem::Specification.new do |gem_spec|
-  gem_spec.name        = "clearance"
-  gem_spec.version     = "0.7.0"
-  gem_spec.summary     = "Rails authentication with email & password."
-  gem_spec.email       = "support@thoughtbot.com"
-  gem_spec.homepage    = "http://github.com/thoughtbot/clearance"
-  gem_spec.description = "Rails authentication with email & password."
-  gem_spec.authors     = ["Dan Croak", "Mike Burns", "Jason Morrison",
-                          "Joe Ferris", "Eugene Bolshakov", "Nick Quaranto",
-                          "Josh Nichols", "Mike Breen", "Marcel Görner",
-                          "Bence Nagy", "Ben Mabey", "Eloy Duran",
-                          "Tim Pope", "Mihai Anca", "Mark Cornick",
-                          "Shay Arnett"]
-  gem_spec.files       = FileList["[A-Z]*", "{app,config,generators,lib,shoulda_macros,rails}/**/*"]
-end
-
-desc "Generate a gemspec file"
-task :gemspec do
-  File.open("#{gem_spec.name}.gemspec", 'w') do |f|
-    f.write gem_spec.to_yaml
-  end
-end
-
@@ -1,6 +0,0 @@
-h1. To-do
-
-* Make insertion of Clearance::User into User model automatic from the generator.
-* Change generated README to include instruction about running the migration.
-* DO_NOT_REPLY, HOST refactoring.
-
@@ -1,73 +0,0 @@
-class Clearance::ConfirmationsController < ApplicationController
-  unloadable
-
-  before_filter :redirect_signed_in_confirmed_user,  :only => [:new, :create]
-  before_filter :redirect_signed_out_confirmed_user, :only => [:new, :create]
-  before_filter :forbid_missing_token,               :only => [:new, :create]
-  before_filter :forbid_non_existent_user,           :only => [:new, :create]
-
-  filter_parameter_logging :token
-
-  def new
-    create
-  end
-
-  def create
-    @user = ::User.find_by_id_and_token(params[:user_id], params[:token])
-    @user.confirm_email!
-
-    sign_in(@user)
-    flash_success_after_create
-    redirect_to(url_after_create)
-  end
-
-  private
-
-  def redirect_signed_in_confirmed_user
-    user = ::User.find_by_id(params[:user_id])
-    if user && user.email_confirmed? && current_user == user
-      flash_success_after_create
-      redirect_to(url_after_create)
-    end
-  end
-
-  def redirect_signed_out_confirmed_user
-    user = ::User.find_by_id(params[:user_id])
-    if user && user.email_confirmed? && signed_out?
-      flash_already_confirmed
-      redirect_to(url_already_confirmed)
-    end
-  end
-
-  def forbid_missing_token
-    if params[:token].blank?
-      raise ActionController::Forbidden, "missing token"
-    end
-  end
-
-  def forbid_non_existent_user
-    unless ::User.find_by_id_and_token(params[:user_id], params[:token])
-      raise ActionController::Forbidden, "non-existent user"
-    end
-  end
-
-  def flash_success_after_create
-    flash[:success] = translate(:confirmed_email,
-      :scope   => [:clearance, :controllers, :confirmations],
-      :default => "Confirmed email and signed in.")
-  end
-
-  def flash_already_confirmed
-    flash[:success] = translate(:already_confirmed_email,
-      :scope   => [:clearance, :controllers, :confirmations],
-      :default => "Already confirmed email. Please sign in.")
-  end
-
-  def url_after_create
-    root_url
-  end
-
-  def url_already_confirmed
-    sign_in_url
-  end
-end
@@ -1,81 +0,0 @@
-class Clearance::PasswordsController < ApplicationController
-  unloadable
-
-  before_filter :forbid_missing_token,     :only => [:edit, :update]
-  before_filter :forbid_non_existent_user, :only => [:edit, :update]
-  filter_parameter_logging :password, :password_confirmation
-
-  def new
-    render :template => 'passwords/new'
-  end
-
-  def create
-    if user = ::User.find_by_email(params[:password][:email])
-      user.forgot_password!
-      ::ClearanceMailer.deliver_change_password user
-      flash_notice_after_create
-      redirect_to(url_after_create)
-    else
-      flash_failure_after_create
-      render :template => 'passwords/new'
-    end
-  end
-
-  def edit
-    @user = ::User.find_by_id_and_token(params[:user_id], params[:token])
-    render :template => 'passwords/edit'
-  end
-
-  def update
-    @user = ::User.find_by_id_and_token(params[:user_id], params[:token])
-
-    if @user.update_password(params[:user][:password],
-                             params[:user][:password_confirmation])
-      @user.confirm_email!
-      sign_in(@user)
-      flash_success_after_update
-      redirect_to(url_after_update)
-    else
-      render :template => 'passwords/edit'
-    end
-  end
-
-  private
-
-  def forbid_missing_token
-    if params[:token].blank?
-      raise ActionController::Forbidden, "missing token"
-    end
-  end
-
-  def forbid_non_existent_user
-    unless ::User.find_by_id_and_token(params[:user_id], params[:token])
-      raise ActionController::Forbidden, "non-existent user"
-    end
-  end
-
-  def flash_notice_after_create
-    flash[:notice] = translate(:deliver_change_password,
-      :scope   => [:clearance, :controllers, :passwords],
-      :default => "You will receive an email within the next few minutes. " <<
-                  "It contains instructions for changing your password.")
-  end
-
-  def flash_failure_after_create
-    flash.now[:failure] = translate(:unknown_email,
-      :scope   => [:clearance, :controllers, :passwords],
-      :default => "Unknown email.")
-  end
-
-  def url_after_create
-    new_session_url
-  end
-
-  def flash_success_after_update
-    flash[:success] = translate(:signed_in, :default => "Signed in.")
-  end
-
-  def url_after_update
-    root_url
-  end
-end
@@ -1,67 +0,0 @@
-class Clearance::SessionsController < ApplicationController
-  unloadable
-
-  protect_from_forgery :except => :create
-  filter_parameter_logging :password
-
-  def new
-    render :template => 'sessions/new'
-  end
-
-  def create
-    @user = ::User.authenticate(params[:session][:email],
-                                params[:session][:password])
-    if @user.nil?
-      flash_failure_after_create
-      render :template => 'sessions/new', :status => :unauthorized
-    else
-      if @user.email_confirmed?
-        sign_in(@user)
-        remember(@user) if remember?
-        flash_success_after_create
-        redirect_back_or(url_after_create)
-      else
-        ::ClearanceMailer.deliver_confirmation(@user)
-        flash_notice_after_create
-        redirect_to(new_session_url)
-      end
-    end
-  end
-
-  def destroy
-    forget(current_user)
-    flash_success_after_destroy
-    redirect_to(url_after_destroy)
-  end
-
-  private
-
-  def flash_failure_after_create
-    flash.now[:failure] = translate(:bad_email_or_password,
-      :scope   => [:clearance, :controllers, :sessions],
-      :default => "Bad email or password.")
-  end
-
-  def flash_success_after_create
-    flash[:success] = translate(:signed_in, :default =>  "Signed in.")
-  end
-
-  def flash_notice_after_create
-    flash[:notice] = translate(:unconfirmed_email,
-      :scope   => [:clearance, :controllers, :sessions],
-      :default => "User has not confirmed email. " <<
-                  "Confirmation email will be resent.")
-  end
-
-  def url_after_create
-    root_url
-  end
-
-  def flash_success_after_destroy
-    flash[:success] = translate(:signed_out, :default =>  "Signed out.")
-  end
-
-  def url_after_destroy
-    new_session_url
-  end
-end
@@ -1,35 +0,0 @@
-class Clearance::UsersController < ApplicationController
-  unloadable
-
-  before_filter :redirect_to_root, :only => [:new, :create], :if => :signed_in?
-  filter_parameter_logging :password
-
-  def new
-    @user = ::User.new(params[:user])
-    render :template => 'users/new'
-  end
-
-  def create
-    @user = ::User.new params[:user]
-    if @user.save
-      ::ClearanceMailer.deliver_confirmation @user
-      flash_notice_after_create
-      redirect_to(url_after_create)
-    else
-      render :template => 'users/new'
-    end
-  end
-
-  private
-
-  def flash_notice_after_create
-    flash[:notice] = translate(:deliver_confirmation,
-      :scope   => [:clearance, :controllers, :users],
-      :default => "You will receive an email within the next few minutes. " <<
-                  "It contains instructions for confirming your account.")
-  end
-
-  def url_after_create
-    new_session_url
-  end
-end
@@ -1,23 +0,0 @@
-class ClearanceMailer < ActionMailer::Base
-
-  default_url_options[:host] = HOST
-
-  def change_password(user)
-    from       DO_NOT_REPLY
-    recipients user.email
-    subject    I18n.t(:change_password,
-                      :scope   => [:clearance, :models, :clearance_mailer],
-                      :default => "Change your password")
-    body       :user => user
-  end
-
-  def confirmation(user)
-    from       DO_NOT_REPLY
-    recipients user.email
-    subject    I18n.t(:confirmation,
-                      :scope   => [:clearance, :models, :clearance_mailer],
-                      :default => "Account confirmation")
-    body      :user => user
-  end
-
-end
@@ -1,7 +0,0 @@
-Someone, hopefully you, has requested that we send you a link to change your password.
-
-Here's the link:
-
-<%= edit_user_password_url(@user, :token => @user.token, :escape => false) %>
-
-If you didn't request this, ignore this email. Don't worry. Your password hasn't been changed.
@@ -1,2 +0,0 @@
-
-<%= new_user_confirmation_url :user_id => @user, :token => @user.token, :encode => false %>
@@ -1,23 +0,0 @@
-<h2>Change your password</h2>
-
-<p>
-  Your password has been reset. Choose a new password below.
-</p>
-
-<%= error_messages_for :user %>
-
-<% form_for(:user,
-            :url => user_password_path(@user, :token    => @user.token),
-            :html => { :method => :put }) do |form| %>
-  <div class="password_field">
-    <%= form.label :password, "Choose password" %>
-    <%= form.password_field :password %>
-  </div>
-  <div class="password_field">
-    <%= form.label :password_confirmation, "Confirm password" %>
-    <%= form.password_field :password_confirmation %>
-  </div>
-  <div class="submit_field">
-    <%= form.submit "Save this password", :disable_with => "Please wait..." %>
-  </div>
-<% end %>
@@ -1,15 +0,0 @@
-<h2>Change your password</h2>
-
-<p>
-  We will email you a link to change your password.
-</p>
-
-<% form_for :password, :url => passwords_path do |form| %>
-  <div class="text_field">
-    <%= form.label :email, "Email address" %>
-    <%= form.text_field :email %>
-  </div>
-  <div class="submit_field">
-    <%= form.submit "Reset password", :disable_with => "Please wait..." %>
-  </div>
-<% end %>
 \ No newline at end of file
@@ -1,28 +0,0 @@
-<h2>Sign in</h2>
-
-<% form_for :session, :url => session_path do |form| %>
-  <div class="text_field">
-    <%= form.label :email %>
-    <%= form.text_field :email %>  
-  </div>
-  <div class="text_field">
-    <%= form.label :password %>
-    <%= form.password_field :password %>
-  </div>
-  <div class="text_field">
-    <%= form.check_box :remember_me %>
-    <%= form.label :remember_me %>
-  </div>
-  <div class="submit_field">
-    <%= form.submit "Sign in", :disable_with => "Please wait..." %>
-  </div>
-<% end %>
-
-<ul>
-  <li>
-    <%= link_to "Sign up", new_user_path %>
-  </li>
-  <li>
-    <%= link_to "Forgot password?", new_password_path %>
-  </li>
-</ul>
 \ No newline at end of file
@@ -1,13 +0,0 @@
-<%= form.error_messages %>
-<div class="text_field">
-  <%= form.label :email %>
-  <%= form.text_field :email %>
-</div>
-<div class="password_field">
-  <%= form.label :password %>
-  <%= form.password_field :password %>
-</div>
-<div class="password_field">
-  <%= form.label :password_confirmation, "Confirm password" %>
-  <%= form.password_field :password_confirmation %>
-</div>
 \ No newline at end of file
@@ -1,6 +0,0 @@
-<h2>Sign up</h2>
-
-<% form_for @user do |form| %>
-  <%= render :partial => '/users/form', :object => form %>
-  <%= form.submit 'Sign up', :disable_with => 'Please wait...' %>
-<% end %>
@@ -1,30 +0,0 @@
-ActionController::Routing::Routes.draw do |map|
-  map.resources :passwords,
-    :controller => 'clearance/passwords',
-    :only       => [:new, :create]
-
-  map.resource  :session,
-    :controller => 'clearance/sessions',
-    :only       => [:new, :create, :destroy]
-
-  map.resources :users, :controller => 'clearance/users' do |users|
-    users.resource :password,
-      :controller => 'clearance/passwords',
-      :only       => [:create, :edit, :update]
-
-    users.resource :confirmation,
-      :controller => 'clearance/confirmations',
-      :only       => [:new, :create]
-  end
-
-  map.sign_up  'sign_up',
-    :controller => 'clearance/users',
-    :action     => 'new'
-  map.sign_in  'sign_in',
-    :controller => 'clearance/sessions',
-    :action     => 'new'
-  map.sign_out 'sign_out',
-    :controller => 'clearance/sessions',
-    :action     => 'destroy',
-    :method     => :delete
-end
@@ -1 +0,0 @@
-script/generate clearance
 \ No newline at end of file
@@ -1,41 +0,0 @@
-require File.expand_path(File.dirname(__FILE__) + "/lib/insert_commands.rb")
-require File.expand_path(File.dirname(__FILE__) + "/lib/rake_commands.rb")
-require 'factory_girl'
-
-class ClearanceGenerator < Rails::Generator::Base
-
-  def manifest
-    record do |m|
-      m.insert_into "app/controllers/application_controller.rb",
-                    "include Clearance::Authentication"
-
-      user_model = "app/models/user.rb"
-      if File.exists?(user_model)
-        m.insert_into user_model, "include Clearance::User"
-      else
-        m.directory File.join("app", "models")
-        m.file "user.rb", user_model
-      end
-
-      m.directory File.join("test", "factories")
-      m.file "factories.rb", "test/factories/clearance.rb"
-
-      m.migration_template "migrations/#{migration_name}.rb",
-                           'db/migrate',
-                           :migration_file_name => "clearance_#{migration_name}"
-
-      m.readme "README"
-    end
-  end
-
-  private
-
-  def migration_name
-    if ActiveRecord::Base.connection.table_exists?(:users)
-      'update_users'
-    else
-      'create_users'
-    end
-  end
-
-end
@@ -1,33 +0,0 @@
-# Mostly pinched from http://github.com/ryanb/nifty-generators/tree/master
-
-Rails::Generator::Commands::Base.class_eval do
-  def file_contains?(relative_destination, line)
-    File.read(destination_path(relative_destination)).include?(line)
-  end
-end
-
-Rails::Generator::Commands::Create.class_eval do
-  def insert_into(file, line)
-    logger.insert "#{line} into #{file}"
-    unless options[:pretend] || file_contains?(file, line)
-      gsub_file file, /^(class|module) .+$/ do |match|
-        "#{match}\n  #{line}"
-      end
-    end
-  end
-end
-
-Rails::Generator::Commands::Destroy.class_eval do
-  def insert_into(file, line)
-    logger.remove "#{line} from #{file}"
-    unless options[:pretend]
-      gsub_file file, "\n  #{line}", ''
-    end
-  end
-end
-
-Rails::Generator::Commands::List.class_eval do
-  def insert_into(file, line)
-    logger.insert "#{line} into #{file}"
-  end
-end
@@ -1,22 +0,0 @@
-Rails::Generator::Commands::Create.class_eval do
-  def rake_db_migrate
-    logger.rake "db:migrate"
-    unless system("rake db:migrate")
-      logger.rake "db:migrate failed. Rolling back"      
-      command(:destroy).invoke!
-    end
-  end
-end
-
-Rails::Generator::Commands::Destroy.class_eval do
-  def rake_db_migrate
-    logger.rake "db:rollback"  
-    system "rake db:rollback"  
-  end
-end
-
-Rails::Generator::Commands::List.class_eval do
-  def rake_db_migrate
-    logger.rake "db:migrate"    
-  end
-end
@@ -1,22 +0,0 @@
-
-*******************************************************************************
-
-Ok, enough fancy automatic stuff. Time for some old school monkey copy-pasting.
-
-1. Define a HOST constant in your environments files.
-In config/environments/test.rb and config/environments/development.rb it can be:
-
-    HOST = "localhost"
-
-In production.rb it must be the actual host your application is deployed to.
-The constant is used by mailers to generate URLs in emails.
-
-2. In config/environment.rb:
-
-    DO_NOT_REPLY = "donotreply@example.com"
-
-3. Define root_url to *something* in your config/routes.rb:
-
-    map.root :controller => 'home'
-
-*******************************************************************************
@@ -1,13 +0,0 @@
-Factory.sequence :email do |n|
-  "user#{n}@example.com"
-end
-
-Factory.define :user do |user|
-  user.email                 { Factory.next :email }
-  user.password              { "password" }
-  user.password_confirmation { "password" }
-end
-
-Factory.define :email_confirmed_user, :parent => :user do |user|
-  user.email_confirmed { true }
-end
@@ -1,21 +0,0 @@
-class ClearanceCreateUsers < ActiveRecord::Migration
-  def self.up
-    create_table(:users) do |t|
-      t.string   :email
-      t.string   :encrypted_password, :limit => 128
-      t.string   :salt,               :limit => 128
-      t.string   :token,              :limit => 128
-      t.datetime :token_expires_at
-      t.boolean  :email_confirmed, :default => false, :null => false
-      t.timestamps
-    end
-
-    add_index :users, [:id, :token]
-    add_index :users, :email
-    add_index :users, :token
-  end
-
-  def self.down
-    drop_table :users
-  end
-end
@@ -1,41 +0,0 @@
-class ClearanceUpdateUsers < ActiveRecord::Migration
-  def self.up
-<% 
-      existing_columns = ActiveRecord::Base.connection.columns(:users).collect { |each| each.name }
-      columns = [
-        [:email,              't.string :email'],
-        [:encrypted_password, 't.string :encrypted_password, :limit => 128'],
-        [:salt,               't.string :salt, :limit => 128'],
-        [:token,              't.string :token, :limit => 128'],
-        [:token_expires_at,   't.datetime :token_expires_at'],
-        [:email_confirmed,    't.boolean :email_confirmed, :default => false, :null => false']
-      ].delete_if {|c| existing_columns.include?(c.first.to_s)} 
--%>
-    change_table(:users) do |t|
-<% columns.each do |c| -%>
-      <%= c.last %>
-<% end -%>
-    end
-    
-<%
-    existing_indexes = ActiveRecord::Base.connection.indexes(:users)
-    index_names = existing_indexes.collect { |each| each.name }
-    new_indexes = [
-      [:index_users_on_id_and_token, 'add_index :users, [:id, :token]'],
-      [:index_users_on_email,        'add_index :users, :email'],
-      [:index_users_on_token,        'add_index :users, :token']
-    ].delete_if { |each| index_names.include?(each.first.to_s) }
--%>
-<% new_indexes.each do |each| -%>
-    <%= each.last %>
-<% end -%>
-  end
-  
-  def self.down
-    change_table(:users) do |t|
-<% unless columns.empty? -%>
-      t.remove <%= columns.collect { |each| ":#{each.first}" }.join(',') %>
-<% end -%>
-    end
-  end
-end
@@ -1,3 +0,0 @@
-class User < ActiveRecord::Base
-  include Clearance::User
-end
@@ -1 +0,0 @@
-script/generate clearance_features
@@ -1,20 +0,0 @@
-class ClearanceFeaturesGenerator < Rails::Generator::Base
-
-  def manifest
-    record do |m|
-      m.directory File.join("features", "step_definitions")
-      m.directory File.join("features", "support")
-
-      ["features/step_definitions/clearance_steps.rb",
-       "features/step_definitions/factory_girl_steps.rb",
-       "features/support/paths.rb",
-       "features/sign_in.feature",
-       "features/sign_out.feature",       
-       "features/sign_up.feature",
-       "features/password_reset.feature"].each do |file|
-        m.file file, file
-       end
-    end
-  end
-
-end
@@ -1,33 +0,0 @@
-Feature: Password reset
-  In order to sign in even if user forgot their password
-  A user
-  Should be able to reset it
-
-    Scenario: User is not signed up
-      Given no user exists with an email of "email@person.com"
-      When I request password reset link to be sent to "email@person.com"
-      Then I should see "Unknown email"
-
-    Scenario: User is signed up and requests password reset
-      Given I signed up with "email@person.com/password"
-      When I request password reset link to be sent to "email@person.com"
-      Then I should see "instructions for changing your password"
-      And a password reset message should be sent to "email@person.com"
-
-    Scenario: User is signed up updated his password and types wrong confirmation
-      Given I signed up with "email@person.com/password"
-      When I follow the password reset link sent to "email@person.com"
-      And I update my password with "newpassword/wrongconfirmation"
-      Then I should see error messages
-      And I should be signed out
-
-    Scenario: User is signed up and updates his password
-      Given I signed up with "email@person.com/password"
-      When I follow the password reset link sent to "email@person.com"
-      And I update my password with "newpassword/newpassword"
-      Then I should be signed in
-      When I sign out
-      Then I should be signed out
-      And I sign in as "email@person.com/newpassword"
-      Then I should be signed in
-
@@ -1,42 +0,0 @@
-Feature: Sign in
-  In order to get access to protected sections of the site
-  A user
-  Should be able to sign in
-
-    Scenario: User is not signed up
-      Given no user exists with an email of "email@person.com"
-      When I go to the sign in page
-      And I sign in as "email@person.com/password"
-      Then I should see "Bad email or password"
-      And I should be signed out
-
-    Scenario: User is not confirmed
-      Given I signed up with "email@person.com/password"
-      When I go to the sign in page
-      And I sign in as "email@person.com/password"
-      Then I should see "User has not confirmed email"
-      And I should be signed out
-
-   Scenario: User enters wrong password
-      Given I am signed up and confirmed as "email@person.com/password"
-      When I go to the sign in page
-      And I sign in as "email@person.com/wrongpassword"
-      Then I should see "Bad email or password"
-      And I should be signed out
-
-   Scenario: User signs in successfully
-      Given I am signed up and confirmed as "email@person.com/password"
-      When I go to the sign in page
-      And I sign in as "email@person.com/password"
-      Then I should see "Signed in"
-      And I should be signed in
-
-   Scenario: User signs in and checks "remember me"
-      Given I am signed up and confirmed as "email@person.com/password"
-      When I go to the sign in page
-      And I sign in with "remember me" as "email@person.com/password"
-      Then I should see "Signed in"
-      And I should be signed in
-      When I return next time
-      Then I should be signed in
-
@@ -1,23 +0,0 @@
-Feature: Sign out
-  To protect my account from unauthorized access
-  A signed in user
-  Should be able to sign out
-
-    Scenario: User signs out
-      Given I am signed up and confirmed as "email@person.com/password"
-      When I sign in as "email@person.com/password"
-      Then I should be signed in
-      And I sign out
-      Then I should see "Signed out"
-      And I should be signed out
-
-    Scenario: User who was remembered signs out
-      Given I am signed up and confirmed as "email@person.com/password"
-      When I sign in with "remember me" as "email@person.com/password"
-      Then I should be signed in
-      And I sign out
-      Then I should see "Signed out"
-      And I should be signed out
-      When I return next time
-      Then I should be signed out
-
@@ -1,45 +0,0 @@
-Feature: Sign up
-  In order to get access to protected sections of the site
-  A user
-  Should be able to sign up
-
-    Scenario: User signs up with invalid data
-      When I go to the sign up page
-      And I fill in "Email" with "invalidemail"
-      And I fill in "Password" with "password"
-      And I fill in "Confirm password" with ""
-      And I press "Sign Up"
-      Then I should see error messages
-
-    Scenario: User signs up with valid data
-      When I go to the sign up page
-      And I fill in "Email" with "email@person.com"
-      And I fill in "Password" with "password"
-      And I fill in "Confirm password" with "password"
-      And I press "Sign Up"
-      Then I should see "instructions for confirming"
-      And a confirmation message should be sent to "email@person.com"
-
-    Scenario: User confirms his account
-      Given I signed up with "email@person.com/password"
-      When I follow the confirmation link sent to "email@person.com"
-      Then I should see "Confirmed email and signed in"
-      And I should be signed in
-
-    Scenario: Signed in user clicks confirmation link again
-      Given I signed up with "email@person.com/password"
-      When I follow the confirmation link sent to "email@person.com"
-      Then I should be signed in
-      When I follow the confirmation link sent to "email@person.com"
-      Then I should see "Confirmed email and signed in"
-      And I should be signed in
-
-    Scenario: Signed out user clicks confirmation link again
-      Given I signed up with "email@person.com/password"
-      When I follow the confirmation link sent to "email@person.com"
-      Then I should be signed in
-      When I sign out
-      And I follow the confirmation link sent to "email@person.com"
-      Then I should see "Already confirmed email. Please sign in."
-      And I should be signed out
-
@@ -1,110 +0,0 @@
-# General
-
-Then /^I should see error messages$/ do
-  assert_match /error(s)? prohibited/m, response.body
-end
-
-# Database
-
-Given /^no user exists with an email of "(.*)"$/ do |email|
-  assert_nil User.find_by_email(email)
-end
-
-Given /^I signed up with "(.*)\/(.*)"$/ do |email, password|
-  user = Factory :user,
-    :email                 => email,
-    :password              => password,
-    :password_confirmation => password
-end 
-
-Given /^I am signed up and confirmed as "(.*)\/(.*)"$/ do |email, password|
-  user = Factory :email_confirmed_user,
-    :email                 => email,
-    :password              => password,
-    :password_confirmation => password
-end
-
-# Session
-
-Then /^I should be signed in$/ do
-  assert controller.signed_in?
-end
-
-Then /^I should be signed out$/ do
-  assert ! controller.signed_in?
-end
-
-When /^session is cleared$/ do
-  request.reset_session
-  controller.instance_variable_set(:@_current_user, nil)
-end
-
-# Emails
-
-Then /^a confirmation message should be sent to "(.*)"$/ do |email|
-  user = User.find_by_email(email)
-  sent = ActionMailer::Base.deliveries.first
-  assert_equal [user.email], sent.to
-  assert_match /confirm/i, sent.subject
-  assert !user.token.blank?
-  assert_match /#{user.token}/, sent.body
-end
-
-When /^I follow the confirmation link sent to "(.*)"$/ do |email|
-  user = User.find_by_email(email)
-  visit new_user_confirmation_path(:user_id => user, :token => user.token)
-end
-
-Then /^a password reset message should be sent to "(.*)"$/ do |email|
-  user = User.find_by_email(email)
-  sent = ActionMailer::Base.deliveries.first
-  assert_equal [user.email], sent.to
-  assert_match /password/i, sent.subject
-  assert !user.token.blank?
-  assert_match /#{user.token}/, sent.body
-end
-
-When /^I follow the password reset link sent to "(.*)"$/ do |email|
-  user = User.find_by_email(email)
-  visit edit_user_password_path(:user_id => user, :token => user.token)
-end
-
-When /^I try to change the password of "(.*)" without token$/ do |email|
-  user = User.find_by_email(email)
-  visit edit_user_password_path(:user_id => user)
-end
-
-Then /^I should be forbidden$/ do
-  assert_response :forbidden
-end
-
-# Actions
-
-When /^I sign in( with "remember me")? as "(.*)\/(.*)"$/ do |remember, email, password|
-  When %{I go to the sign in page}
-  And %{I fill in "Email" with "#{email}"}
-  And %{I fill in "Password" with "#{password}"}
-  And %{I check "Remember me"} if remember
-  And %{I press "Sign In"}
-end
-
-When /^I sign out$/ do
-  visit '/session', :delete
-end
-
-When /^I request password reset link to be sent to "(.*)"$/ do |email|
-  When %{I go to the password reset request page}
-  And %{I fill in "Email address" with "#{email}"}
-  And %{I press "Reset password"}
-end
-
-When /^I update my password with "(.*)\/(.*)"$/ do |password, confirmation|
-  And %{I fill in "Choose password" with "#{password}"}
-  And %{I fill in "Confirm password" with "#{confirmation}"}
-  And %{I press "Save this password"}
-end
-
-When /^I return next time$/ do
-  When %{session is cleared}
-  And %{I go to the homepage}
-end
@@ -1,5 +0,0 @@
-Factory.factories.each do |name, factory|
-  Given /^an? #{name} exists with an? (.*) of "([^"]*)"$/ do |attr, value|
-    Factory(name, attr.gsub(' ', '_') => value)
-  end
-end
@@ -1,22 +0,0 @@
-module NavigationHelpers
-  def path_to(page_name)
-    case page_name
-    
-    when /the homepage/i
-      root_path
-    when /the sign up page/i
-      new_user_path
-    when /the sign in page/i
-      new_session_path
-    when /the password reset request page/i
-      new_password_path
-    
-    # Add more page name => path mappings here
-    
-    else
-      raise "Can't find mapping from \"#{page_name}\" to a path."
-    end
-  end
-end
- 
-World(NavigationHelpers)
@@ -1,27 +0,0 @@
-class ClearanceViewsGenerator < Rails::Generator::Base
-
-  def manifest
-    record do |m|
-      strategy          = "formtastic"
-      template_strategy = "erb"
-
-      m.directory File.join("app", "views", "users")
-      m.file "#{strategy}/users/new.html.#{template_strategy}",
-        "app/views/users/new.html.#{template_strategy}"
-      m.file "#{strategy}/users/_inputs.html.#{template_strategy}",
-        "app/views/users/_inputs.html.#{template_strategy}"
-
-      m.directory File.join("app", "views", "sessions")
-      m.file "#{strategy}/sessions/new.html.#{template_strategy}",
-        "app/views/sessions/new.html.#{template_strategy}"
-
-      m.directory File.join("app", "views", "passwords")
-      m.file "#{strategy}/passwords/new.html.#{template_strategy}",
-        "app/views/passwords/new.html.#{template_strategy}"
-      m.file "#{strategy}/passwords/edit.html.#{template_strategy}",
-        "app/views/passwords/edit.html.#{template_strategy}"
-    end
-  end
-
-end
-
@@ -1,21 +0,0 @@
-<h2>Change your password</h2>
-
-<p>
-  Your password has been reset. Choose a new password below.
-</p>
-
-<% semantic_form_for(:user,
-            :url  => user_password_path(@user, :token => @user.token),
-            :html => { :method => :put }) do |form| %>
-  <%= form.error_messages %>
-  <% form.inputs do -%>
-    <%= form.input :password, :as => :password,
-                   :label => "Choose password" %>
-    <%= form.input :password_confirmation, :as => :password,
-                   :label => "Confirm password" %>
-  <% end -%>
-  <% form.buttons do -%>
-    <%= form.commit_button "Save this password" %>
-  <% end -%>
-<% end %>
-
@@ -1,15 +0,0 @@
-<h2>Reset your password</h2>
-
-<p>
-  We will email you a link to reset your password.
-</p>
-
-<% semantic_form_for :password, :url => passwords_path do |form| -%>
-  <% form.inputs do -%>
-    <%= form.input :email, :label => "Email address" %>
-  <% end -%>
-  <% form.buttons do -%>
-    <%= form.commit_button "Reset password" %>
-  <% end -%>
-<% end -%>
-
@@ -1,22 +0,0 @@
-<h2>Sign in</h2>
-
-<% semantic_form_for :session, :url => session_path do |form| %>
-  <% form.inputs do %>
-    <%= form.input :email %>
-    <%= form.input :password, :as => :password %>
-    <%= form.input :remember_me, :as => :boolean, :required => false %>
-  <% end %>
-  <% form.buttons do %>
-    <%= form.commit_button "Sign in" %>
-  <% end %>
-<% end %>
-
-<ul>
-  <li>
-    <%= link_to "Sign up", new_user_path %>
-  </li>
-  <li>
-    <%= link_to "Forgot password?", new_password_path %>
-  </li>
-</ul>
-
@@ -1,6 +0,0 @@
-<% form.inputs do %>
-  <%= form.input :email %>
-  <%= form.input :password %>
-  <%= form.input :password_confirmation, :label => "Confirm password" %>
-<% end %>
-
@@ -1,10 +0,0 @@
-<h2>Sign up</h2>
-
-<% semantic_form_for @user do |form| %>
-  <%= form.error_messages %>
-  <%= render :partial => "/users/inputs", :locals => { :form => form } %>
-  <% form.buttons do %>
-    <%= form.commit_button "Sign up" %>
-  <% end %>
-<% end %>
-
@@ -1,6 +0,0 @@
-require 'clearance/extensions/errors'
-require 'clearance/extensions/rescue'
-require 'clearance/extensions/routes'
-
-require 'clearance/authentication'
-require 'clearance/user'
@@ -1,102 +0,0 @@
-module Clearance
-  module Authentication
-
-    def self.included(controller)
-      controller.send(:include, InstanceMethods)
-
-      controller.class_eval do
-        helper_method :current_user, :signed_in?, :signed_out?
-        hide_action   :current_user, :signed_in?, :signed_out?
-      end
-    end
-
-    module InstanceMethods
-      def current_user
-        @_current_user ||= (user_from_cookie || user_from_session)
-      end
-
-      def signed_in?
-        ! current_user.nil?
-      end
-
-      def signed_out?
-        current_user.nil?
-      end
-
-      protected
-
-      def authenticate
-        deny_access unless signed_in?
-      end
-
-      def user_from_session
-        if session[:user_id]
-          return nil  unless user = ::User.find_by_id(session[:user_id])
-          return user if     user.email_confirmed?
-        end
-      end
-
-      def user_from_cookie
-        if token = cookies[:remember_token]
-          return nil  unless user = ::User.find_by_token(token)
-          return user if     user.remember?
-        end
-      end
-
-      def sign_user_in(user)
-        warn "[DEPRECATION] sign_user_in: unnecessary. use sign_in(user) instead."
-        sign_in(user)
-      end
-
-      def sign_in(user)
-        if user
-          session[:user_id] = user.id
-        end
-      end
-
-      def remember?
-        params[:session] && params[:session][:remember_me] == "1"
-      end
-
-      def remember(user)
-        user.remember_me!
-        cookies[:remember_token] = { :value   => user.token,
-                                     :expires => user.token_expires_at }
-      end
-
-      def forget(user)
-        user.forget_me! if user
-        cookies.delete(:remember_token)
-        reset_session
-      end
-
-      def redirect_back_or(default)
-        redirect_to(return_to || default)
-        clear_return_to
-      end
-
-      def return_to
-        session[:return_to] || params[:return_to]
-      end
-
-      def clear_return_to
-        session[:return_to] = nil
-      end
-
-      def redirect_to_root
-        redirect_to(root_url)
-      end
-
-      def store_location
-        session[:return_to] = request.request_uri if request.get?
-      end
-
-      def deny_access(flash_message = nil, opts = {})
-        store_location
-        flash[:failure] = flash_message if flash_message
-        redirect_to(new_session_url)
-      end
-    end
-
-  end
-end
@@ -1,6 +0,0 @@
-if defined?(ActionController)
-  module ActionController
-    class Forbidden < StandardError
-    end
-  end
-end
@@ -1,3 +0,0 @@
-if defined?(ActionController::Base)
-  ActionController::Base.rescue_responses.update('ActionController::Forbidden' => :forbidden)
-end
@@ -1,14 +0,0 @@
-if defined?(ActionController::Routing::RouteSet)
-  class ActionController::Routing::RouteSet
-    def load_routes_with_clearance!
-      lib_path = File.dirname(__FILE__)
-      clearance_routes = File.join(lib_path, *%w[.. .. .. config clearance_routes.rb])
-      unless configuration_files.include?(clearance_routes)
-        add_configuration_file(clearance_routes)
-      end
-      load_routes_without_clearance!
-    end
-
-    alias_method_chain :load_routes!, :clearance
-  end
-end
@@ -1,143 +0,0 @@
-require 'digest/sha1'
-
-module Clearance
-  module User
-
-    def self.included(model)
-      model.extend(ClassMethods)
-
-      model.send(:include, InstanceMethods)
-      model.send(:include, AttrAccessible)
-      model.send(:include, AttrAccessor)
-      model.send(:include, Validations)
-      model.send(:include, Callbacks)
-    end
-
-    module AttrAccessible
-      def self.included(model)
-        model.class_eval do
-          attr_accessible :email, :password, :password_confirmation
-        end
-      end
-    end
-
-    module AttrAccessor
-      def self.included(model)
-        model.class_eval do
-          attr_accessor :password, :password_confirmation
-        end
-      end
-    end
-
-    module Validations
-      def self.included(model)
-        model.class_eval do
-          validates_presence_of     :email
-          validates_uniqueness_of   :email, :case_sensitive => false
-          validates_format_of       :email, :with => %r{.+@.+\..+}
-
-          validates_presence_of     :password, :if => :password_required?
-          validates_confirmation_of :password, :if => :password_required?
-        end
-      end
-    end
-
-    module Callbacks
-      def self.included(model)
-        model.class_eval do
-          before_save :initialize_salt, :encrypt_password, :initialize_token
-        end
-      end
-    end
-
-    module InstanceMethods
-      def authenticated?(password)
-        encrypted_password == encrypt(password)
-      end
-
-      def encrypt(string)
-        generate_hash("--#{salt}--#{string}--")
-      end
-
-      def remember?
-        token_expires_at && Time.now.utc < token_expires_at
-      end
-
-      def remember_me!
-        remember_me_until! 2.weeks.from_now.utc
-      end
-
-      def forget_me!
-        clear_token
-        save(false)
-      end
-
-      def confirm_email!
-        self.email_confirmed  = true
-        self.token            = nil
-        save(false)
-      end
-
-      def forgot_password!
-        generate_token
-        save(false)
-      end
-
-      def update_password(new_password, new_password_confirmation)
-        self.password              = new_password
-        self.password_confirmation = new_password_confirmation
-        clear_token if valid?
-        save
-      end
-
-      protected
-
-      def generate_hash(string)
-        Digest::SHA1.hexdigest(string)
-      end
-
-      def initialize_salt
-        if new_record?
-          self.salt = generate_hash("--#{Time.now.utc.to_s}--#{password}--")
-        end
-      end
-
-      def encrypt_password
-        return if password.blank?
-        self.encrypted_password = encrypt(password)
-      end
-
-      def generate_token
-        self.token = encrypt("--#{Time.now.utc.to_s}--#{password}--")
-        self.token_expires_at = nil
-      end
-
-      def clear_token
-        self.token            = nil
-        self.token_expires_at = nil
-      end
-
-      def initialize_token
-        generate_token if new_record?
-      end
-
-      def password_required?
-        encrypted_password.blank? || !password.blank?
-      end
-
-      def remember_me_until!(time)
-        self.token_expires_at = time
-        self.token = encrypt("--#{token_expires_at}--#{password}--")
-        save(false)
-      end
-    end
-
-    module ClassMethods
-      def authenticate(email, password)
-        return nil  unless user = find_by_email(email)
-        return user if     user.authenticated?(password)
-      end
-    end
-
-  end
-end
@@ -1 +0,0 @@
-require 'clearance'
 \ No newline at end of file
@@ -1,268 +0,0 @@
-module Clearance
-  module Shoulda
-
-    # STATE OF AUTHENTICATION
-
-    def should_be_signed_in_as(&block)
-      should "be signed in as #{block.bind(self).call}" do
-        user = block.bind(self).call
-        assert_not_nil user,
-          "please pass a User. try: should_be_signed_in_as { @user }"
-        assert_equal user, @controller.send(:current_user),
-          "#{user.inspect} is not the current_user, " <<
-          "which is #{@controller.send(:current_user).inspect}"
-      end
-    end
-
-    def should_be_signed_in_and_email_confirmed_as(&block)
-      warn "[DEPRECATION] should_be_signed_in_and_email_confirmed_as: questionable usefulness"
-      should_be_signed_in_as &block
-
-      should "have confirmed email" do
-        user = block.bind(self).call
-
-        assert_not_nil user
-        assert_equal user, assigns(:user)
-        assert assigns(:user).email_confirmed?
-      end
-    end
-
-    def should_not_be_signed_in
-      should "not be signed in" do
-        assert_nil session[:user_id]
-      end
-    end
-
-    def should_deny_access_on(http_method, action, opts = {})
-      warn "[DEPRECATION] should_deny_access_on: use a setup & should_deny_access(:flash => ?)"
-      flash_message = opts.delete(:flash)
-      context "on #{http_method} to #{action}" do
-        setup do
-          send(http_method, action, opts)
-        end
-
-        should_deny_access(:flash => flash_message)
-      end
-    end
-
-    def should_deny_access(opts = {})
-      if opts[:flash]
-        should_set_the_flash_to opts[:flash]
-      else
-        should_not_set_the_flash
-      end
-
-      should_redirect_to('new_session_url') { new_session_url }
-    end
-
-    # HTTP FLUENCY
-
-    def should_forbid(description, &block)
-      should "forbid #{description}" do
-        assert_raises ActionController::Forbidden do
-          instance_eval(&block)
-        end
-      end
-    end
-
-    # CONTEXTS
-
-    def signed_in_user_context(&blk)
-      warn "[DEPRECATION] signed_in_user_context: creates a Mystery Guest, causes Obscure Test"
-      context "A signed in user" do
-        setup do
-          @user = Factory(:user)
-          @user.confirm_email!
-          sign_in_as @user
-        end
-        merge_block(&blk)
-      end
-    end
-
-    def public_context(&blk)
-      warn "[DEPRECATION] public_context: common case is no-op. call sign_out otherwise"
-      context "The public" do
-        setup { sign_out }
-        merge_block(&blk)
-      end
-    end
-
-    # CREATING USERS
-
-    def should_create_user_successfully
-      warn "[DEPRECATION] should_create_user_successfully: not meant to be public, no longer used internally"
-      should_assign_to :user
-      should_change 'User.count', :by => 1
-
-      should "send the confirmation email" do
-        assert_sent_email do |email|
-          email.subject =~ /account confirmation/i
-        end
-      end
-
-      should_set_the_flash_to /confirm/i
-      should_redirect_to_url_after_create
-    end
-
-    # RENDERING
-
-    def should_render_nothing
-      should "render nothing" do
-        assert @response.body.blank?
-      end
-    end
-
-    # REDIRECTS
-
-    def should_redirect_to_url_after_create
-      should_redirect_to("the post-create url") do
-        @controller.send(:url_after_create)
-      end
-    end
-
-    def should_redirect_to_url_after_update
-      should_redirect_to("the post-update url") do
-        @controller.send(:url_after_update)
-      end
-    end
-
-    def should_redirect_to_url_after_destroy
-      should_redirect_to("the post-destroy url") do
-        @controller.send(:url_after_destroy)
-      end
-    end
-
-    def should_redirect_to_url_already_confirmed
-      should_redirect_to("the already confirmed url") do
-        @controller.send(:url_already_confirmed)
-      end
-    end
-
-    # VALIDATIONS
-
-    def should_validate_confirmation_of(attribute, opts = {})
-      warn "[DEPRECATION] should_validate_confirmation_of: not meant to be public, no longer used internally"
-      raise ArgumentError if opts[:factory].nil?
-
-      context "on save" do
-        should_validate_confirmation_is_not_blank opts[:factory], attribute
-        should_validate_confirmation_is_not_bad   opts[:factory], attribute
-      end
-    end
-
-    def should_validate_confirmation_is_not_blank(factory, attribute, opts = {})
-      warn "[DEPRECATION] should_validate_confirmation_is_not_blank: not meant to be public, no longer used internally"
-      should "validate #{attribute}_confirmation is not blank" do
-        model = Factory.build(factory, blank_confirmation_options(attribute))
-        model.save
-        assert_confirmation_error(model, attribute,
-          "#{attribute}_confirmation cannot be blank")
-      end
-    end
-
-    def should_validate_confirmation_is_not_bad(factory, attribute, opts = {})
-      warn "[DEPRECATION] should_validate_confirmation_is_not_bad: not meant to be public, no longer used internally"
-      should "validate #{attribute}_confirmation is different than #{attribute}" do
-        model = Factory.build(factory, bad_confirmation_options(attribute))
-        model.save
-        assert_confirmation_error(model, attribute, 
-          "#{attribute}_confirmation cannot be different than #{attribute}")
-      end
-    end
-
-    # FORMS
-
-    def should_display_a_password_update_form
-      warn "[DEPRECATION] should_display_a_password_update_form: not meant to be public, no longer used internally"
-      should "have a form for the user's token, password, and password confirm" do
-        update_path = ERB::Util.h(
-          user_password_path(@user, :token => @user.token)
-        )
-
-        assert_select 'form[action=?]', update_path do
-          assert_select 'input[name=_method][value=?]', 'put'
-          assert_select 'input[name=?]', 'user[password]'
-          assert_select 'input[name=?]', 'user[password_confirmation]'
-        end
-      end
-    end
-
-    def should_display_a_sign_up_form
-      warn "[DEPRECATION] should_display_a_sign_up_form: not meant to be public, no longer used internally"
-      should "display a form to sign up" do
-        assert_select "form[action=#{users_path}][method=post]",
-        true, "There must be a form to sign up" do
-          assert_select "input[type=text][name=?]",
-            "user[email]", true, "There must be an email field"
-          assert_select "input[type=password][name=?]",
-            "user[password]", true, "There must be a password field"
-          assert_select "input[type=password][name=?]",
-            "user[password_confirmation]", true, "There must be a password confirmation field"
-          assert_select "input[type=submit]", true,
-            "There must be a submit button"
-        end
-      end
-    end
-
-    def should_display_a_sign_in_form
-      warn "[DEPRECATION] should_display_a_sign_in_form: not meant to be public, no longer used internally"
-      should 'display a "sign in" form' do
-        assert_select "form[action=#{session_path}][method=post]",
-          true, "There must be a form to sign in" do
-            assert_select "input[type=text][name=?]",
-              "session[email]", true, "There must be an email field"
-            assert_select "input[type=password][name=?]",
-              "session[password]", true, "There must be a password field"
-            assert_select "input[type=checkbox][name=?]",
-              "session[remember_me]", true, "There must be a 'remember me' check box"
-            assert_select "input[type=submit]", true,
-              "There must be a submit button"
-        end
-      end
-    end
-  end
-end
-
-module Clearance
-  module Shoulda
-    module Helpers
-      def sign_in_as(user)
-        @controller.class_eval { attr_accessor :current_user }
-        @controller.current_user = user
-        return user
-      end
-
-      def sign_in
-        sign_in_as Factory(:email_confirmed_user)
-      end
-
-      def sign_out
-        @controller.class_eval { attr_accessor :current_user }
-        @controller.current_user = nil
-      end
-
-      def blank_confirmation_options(attribute)
-        warn "[DEPRECATION] blank_confirmation_options: not meant to be public, no longer used internally"
-        opts = { attribute => attribute.to_s }
-        opts.merge("#{attribute}_confirmation".to_sym => "")
-      end
-
-      def bad_confirmation_options(attribute)
-        warn "[DEPRECATION] bad_confirmation_options: not meant to be public, no longer used internally"
-        opts = { attribute => attribute.to_s }
-        opts.merge("#{attribute}_confirmation".to_sym => "not_#{attribute}")
-      end
-
-      def assert_confirmation_error(model, attribute, message = "confirmation error")
-        warn "[DEPRECATION] assert_confirmation_error: not meant to be public, no longer used internally"
-        assert model.errors.on(attribute).include?("doesn't match confirmation"),
-          message
-      end
-    end
-  end
-end
-
-class Test::Unit::TestCase
-  include Clearance::Shoulda::Helpers
-end
-Test::Unit::TestCase.extend(Clearance::Shoulda)
@@ -0,0 +1,194 @@
+h2. 0.8.2 (09/01/2009)
+
+* current_user= accessor method. (Joe Ferris, Josh Clayton)
+* set current_user in sign_in. (Jon Yurek)
+
+h2. 0.8.1 (08/31/2009)
+
+* Removed unnecessary remember_token_expires_at column and the
+remember? and forget_me! user instance methods. (Dan Croak)
+
+h2. 0.8.0 (08/31/2009)
+
+* Always remember me. Replaced session-and-remember-me authentication with
+always using a cookie with a long timeout. (Dan Croak)
+* Documented Clearance::Authentication with YARD. (Dan Croak)
+* Documented Clearance::User with YARD. (Dan Croak)
+
+h2. 0.7.0 (08/04/2009)
+
+* Redirect signed in user who clicks confirmation link again. (Dan Croak)
+* Redirect signed out user who clicks confirmation link again. (Dan Croak)
+* Added signed_out? convenience method for controllers, helpers, views. (Dan
+Croak)
+* Added clearance_views generator. By default, creates formtastic views which
+pass all tests and features. (Dan Croak)
+
+h2. 0.6.9 (07/04/2009)
+
+* Added timestamps to create users migration. (Dan Croak)
+* Ready for Ruby 1.9. (Jason Morrison, Nick Quaranto)
+
+h2. 0.6.8 (06/24/2009)
+
+* Added defined? checks for various Rails constants such as ActionController
+for easier unit testing of Clearance extensions... particularly ActiveRecord
+extensions... particularly strong_password. (Dan Croak)
+
+h2. 0.6.7 (06/13/2009)
+
+* [#30] Added sign_up, sign_in, sign_out named routes. (Dan Croak)
+* [#22] Minimizing Reek smell: Duplication in redirect_back_or. (Dan Croak)
+* Deprecated sign_user_in. Told developers to use sign_in instead. (Dan
+Croak)
+* [#16] flash_success_after_create, flash_notice_after_create, flash_failure_after_create, flash_sucess_after_update, flash_success_after_destroy, etc. (Dan Croak)
+* [#17] bug. added #create to forbidden before_filters on confirmations controller. (Dan Croak)
+* [#24] should_be_signed_in_as shouldn't look in the session. (Dan Croak)
+* README improvements. (Dan Croak)
+* Move routes loading to separate file. (Joshua Clayton)
+
+h2. 0.6.6 (05/18/2009)
+
+* [#14] replaced class_eval in Clearance::User with modules. This was needed
+in a thoughtbot client app so we could write our own validations. (Dan Croak)
+
+h2. 0.6.5 (05/17/2009)
+
+* [#6] Make Clearance i18n aware. (Timur Vafin, Marcel Goerner, Eugene Bolshakov, Dan Croak)
+
+h2. 0.6.4 (05/12/2009)
+
+* Moved issue tracking to Github from Lighthouse. (Dan Croak)
+* [#7] asking higher-level questions of controllers in webrat steps, such as signed_in? instead of what's in the session. same for accessors. (Dan Croak)
+* [#11] replacing sign_in_as & sign_out shoulda macros with a stubbing (requires no dependency) approach. this will avoid dealing with the internals of current_user, such as session & cookies. added sign_in macro which signs in an email confirmed user from clearance's factories. (Dan Croak)
+* [#13] move private methods on sessions controller into Clearance::Authentication module (Dan Croak)
+* [#9] audited flash keys. (Dan Croak)
+
+h2. 0.6.3 (04/23/2009)
+
+* Scoping ClearanceMailer properly within controllers so it works in production environments. (Nick Quaranto)
+
+h2. 0.6.2 (04/22/2009)
+
+* Insert Clearance::User into User model if it exists. (Nick Quaranto)
+* World(NavigationHelpers) Cucumber 3.0 style. (Shay Arnett & Mark Cornick)
+
+h2. 0.6.1 (04/21/2009)
+
+* Scope operators are necessary to keep Rails happy. Reverting the original
+revert so they're back in the library now for constants referenced inside of
+the gem. (Nick Quaranto)
+
+h2. 0.6.0 (04/21/2009)
+
+* Converted Clearance to a Rails engine. (Dan Croak & Joe Ferris)
+* Include Clearance::User in User model in app. (Dan Croak & Joe Ferris)
+* Include Clearance::Authentication in ApplicationController. (Dan Croak & Joe Ferris)
+* Namespace controllers under Clearance. (Dan Croak & Joe Ferris)
+* Routes move to engine, use namespaced controllers but publicly the same. (Dan Croak & Joe Ferris)
+* If you want to override a controller, subclass it like SessionsController <
+Clearance::SessionsController. This gives you access to usual hooks such as
+url_after_create. (Dan Croak & Joe Ferris)
+* Controllers, mailer, model, routes all unit tested inside engine. Use
+script/generate clearance_features to test integration of Clearance with your
+Rails app. No longer including modules in your app's test files. (Dan Croak & Joe Ferris)
+* Moved views to engine. (Joe Ferris)
+* Converted generated test/factories/clearance.rb to use inheritence for
+email_confirmed_user. (Dan Croak)
+* Corrected some spelling errors with methods (Nick Quaranto)
+* Converted "I should see error messages" to use a regex in the features (Nick
+Quaranto)
+* Loading clearance routes after rails routes via some monkeypatching (Nick
+Quaranto)
+* Made the clearance controllers unloadable to stop constant loading errors in
+development mode (Nick Quaranto)
+
+h2. 0.5.6 (4/11/2009)
+
+* [#57] Step definition changed for "User should see error messages" so
+features won't fail for certain validations. (Nick Quaranto)
+
+h2. 0.5.5 (3/23/2009)
+
+* Removing duplicate test to get rid of warning. (Nick Quaranto)
+
+h2. 0.5.4 (3/21/2009)
+
+* When users fail logging in, redirect them instead of rendering. (Matt
+Jankowski)
+
+h2. 0.5.3 (3/5/2009)
+
+* Clearance now works with (and requires) Shoulda 2.10.0. (Mark Cornick, Joe
+Ferris, Dan Croak)
+* Prefer flat over nested contexts in sessions_controller_test. (Joe Ferris,
+Dan Croak)
+
+h2. 0.5.2 (3/2/2009)
+
+* Fixed last remaining errors in Rails 2.3 tests. Now fully compatible. (Joe
+Ferris, Dan Croak)
+
+h2. 0.5.1 (2/27/2009)
+
+* [#46] A user with unconfirmed email who resets password now confirms email.
+(Marcel Görner)
+* Refactored user_from_cookie, user_from_session, User#authenticate to use
+more direct return code instead of ugly, harder to read ternary. (Dan Croak)
+* Switch order of cookies and sessions to take advantage of Rails 2.3's "Rack-based lazy-loaded sessions":http://is.gd/i23E. (Dan Croak)
+* Altered generator to interact with application_controller.rb instead of
+application.rb in Rails 2.3 apps. (Dan Croak)
+* [#42] Bug fix. Rack-based session change altered how to test remember me
+cookie. (Mihai Anca)
+
+h2. 0.5.0 (2/27/2009)
+
+* Fixed problem with Cucumber features. (Dan Croak)
+* Fixed mising HTTP fluency use case. (Dan Croak)
+* Refactored User#update_password to take just parameters it needs. (Dan
+Croak)
+* Refactored User unit tests to be more readable. (Dan Croak)
+
+h2. 0.4.9 (2/20/2009)
+
+* Protect passwords & confirmations actions with forbidden filters. (Dan Croak)
+* Return 403 Forbidden status code in those cases. (Tim Pope)
+* Test 403 Forbidden status code in Cucumber feature. (Dan Croak, Joe Ferris)
+* Raise custom ActionController::Forbidden error internally. (Joe Ferris, Mike Burns, Jason Morrison)
+* Test ActionController::Forbidden error is raised in functional test. (Joe Ferris, Mike Burns, Dan Croak)
+* [#45] Fixed bug that allowed anyone to edit another user's password (Marcel Görner)
+* Required Factory Girl >= 1.2.0. (Dan Croak)
+
+h2. 0.4.8 (2/16/2009)
+
+* Added support paths for Cucumber. (Ben Mabey)
+* Added documentation for the flash. (Ben Mabey)
+* Generators require "test_helper" instead of File.join. for rr compatibility. (Joe Ferris)
+* Removed interpolated email address from flash message to make i18n easier. (Bence Nagy)
+* Standardized flash messages that refer to email delivery. (Dan Croak)
+
+h2. 0.4.7 (2/12/2009)
+
+* Removed Clearance::Test::TestHelper so there is one less setup step. (Dan Croak)
+* All test helpers now in shoulda_macros. (Dan Croak)
+
+h2. 0.4.6 (2/11/2009)
+
+* Made the modules behave like mixins again. (hat-tip Eloy Duran)
+* Created Actions and PrivateMethods modules on controllers for future RDoc reasons. (Dan Croak, Joe Ferris)
+
+h2. 0.4.5 (2/9/2009)
+
+* [#43] Removed email downcasing because local-part is case sensitive per RFC5321. (Dan Croak)
+* [#42] Removed dependency on Mocha. (Dan Croak)
+* Required Shoulda >= 2.9.1. (Dan Croak)
+* Added password reset feature to clearance_features generator. (Eugene Bolshakov, Dan Croak)
+* Removed unnecessary session[:salt]. (Dan Croak)
+* [#41] Only store location for session[:return_to] for GET requests. (Dan Croak)
+* Audited "sign up" naming convention. "Register" had slipped in a few places. (Dan Croak)
+* Switched to SHA1 encryption. Cypher doesn't matter much for email confirmation, password reset. Better to have shorter hashes in the emails for clients who line break on 72 chars. (Dan Croak)
+
+h2. 0.4.4 (2/2/2009)
+
+* Added a generator for Cucumber features. (Joe Ferris, Dan Croak)
+* Standarized naming for "Sign up," "Sign in," and "Sign out". (Dan Croak) 
@@ -0,0 +1,21 @@
+The MIT License
+
+Copyright (c) 2008 thoughtbot, inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
@@ -0,0 +1,123 @@
+h1. Clearance
+
+Rails authentication with email & password.
+
+"We have clearance, Clarence.":http://www.youtube.com/v/mNRXJEE3Nz8
+
+h2. Suspenders
+
+Clearance is included in "Suspenders":http://github.com/thoughtbot/suspenders, which thoughtbot uses on all of our apps. We highly recommend you try it. Suspenders is the "King Gem" in our ecosystem, representating what we think the current state-of-the-art is in Rails development.
+
+h2. Installation
+
+Clearance is a Rails engine. It works with versions of Rails greater than 2.3.
+
+In config/environment.rb:
+
+<pre>
+config.gem "thoughtbot-clearance",
+  :lib     => 'clearance',
+  :source  => 'http://gems.github.com',
+  :version => '0.8.2'
+</pre>
+
+Vendor the gem:
+
+<pre>
+rake gems:install
+rake gems:unpack
+</pre>
+
+Make sure the development database exists and run the generator:
+
+<pre>
+script/generate clearance
+</pre>
+
+A number of files will be created and instructions will be printed.
+
+You may already have some of these files. Don't worry. You'll be asked if you want to overwrite them.
+
+Run the migration:
+
+<pre>
+rake db:migrate
+</pre>
+
+h2. If you aren't on Suspenders, you aren't done
+
+Define a HOST constant in your environment files.
+In config/environments/test.rb and config/environments/development.rb it can be:
+
+<pre>
+HOST = "localhost"
+</pre>
+
+In production.rb it must be the actual host your application is deployed to.
+The constant is used by mailers to generate URLs in emails.
+
+In config/environment.rb:
+
+<pre>
+DO_NOT_REPLY = "donotreply@example.com"
+</pre>
+
+Define root_url to *something* in your config/routes.rb:
+
+<pre>
+map.root :controller => 'home'
+</pre>
+
+h2. Cucumber Features
+
+As your app evolves, you want to know that authentication still works. thoughtbot's opinion is that you should test its integration with your app using "Cucumber":http://cukes.info/.
+
+Run the Cucumber generator (if you haven't already) and Clearance's feature generator:
+
+<pre>
+script/generate cucumber
+script/generate clearance_features
+</pre>
+
+All of the files generated should be new with the exception of the features/support/paths.rb file. If you have not modified your paths.rb then you will be okay to replace it with this one. If you need to keep your paths.rb file then add these locations in your paths.rb manually:
+
+<pre>
+def path_to(page_name)
+  case page_name
+   ...
+  when /the sign up page/i
+   new_user_path
+  when /the sign in page/i
+   new_session_path
+  when /the password reset request page/i
+   new_password_path
+  ...
+end
+</pre>
+
+h2. Formtastic views
+
+We have begun standardizing our forms using "Formtastic":http://github.com/justinfrench/formtastic. We highly recommend trying it. It will make your Rails view life more interesting.
+
+Clearance has another generator to generate Formastic views:
+
+<pre>
+script/generate clearance_views
+</pre>
+
+Its implementation is designed so that other view styles can be generated if the community wants it. However, we haven't needed them so you'll have to write the patch and send it back if you want other styles (such as Haml).
+
+h2. Authors
+
+Clearance was extracted out of "Hoptoad":http://hoptoadapp.com. We merged the authentication code from two of thoughtbot's clients' Rails apps and have since used it each time we need authentication. The following people have improved the library. Thank you!
+
+Dan Croak, Mike Burns, Jason Morrison, Joe Ferris, Eugene Bolshakov, Nick Quaranto, Josh Nichols, Mike Breen, Marcel Görner, Bence Nagy, Ben Mabey, Eloy Duran, Tim Pope, Mihai Anca, Mark Cornick, Shay Arnett, Joshua Clayton, Mustafa Ekim, & Jon Yurek.
+
+h2. Questions?
+
+Ask the "mailing list":http://groups.google.com/group/thoughtbot-clearance
+
+h2. Suggestions, Bugs, Refactoring?
+
+Fork away and create a "Github Issue":http://github.com/thoughtbot/clearance/issues. Please don't send pull requests.
+
@@ -0,0 +1,103 @@
+# encoding: utf-8
+
+require 'rake'
+require 'rake/testtask'
+require 'cucumber/rake/task'
+
+namespace :test do
+  Rake::TestTask.new(:basic => ["generator:cleanup",
+                                "generator:clearance",
+                                "generator:clearance_features"]) do |task|
+    task.libs << "lib"
+    task.libs << "test"
+    task.pattern = "test/**/*_test.rb"
+    task.verbose = false
+  end
+
+  Rake::TestTask.new(:views => ["generator:clearance_views"]) do |task|
+    task.libs << "lib"
+    task.libs << "test"
+    task.pattern = "test/**/*_test.rb"
+    task.verbose = false
+  end
+
+  Cucumber::Rake::Task.new(:features) do |t|
+    t.cucumber_opts   = "--format progress"
+    t.feature_pattern = "test/rails_root/features/*.feature"
+  end
+
+  Cucumber::Rake::Task.new(:features_for_views) do |t|
+    t.cucumber_opts   = "--format progress"
+    t.feature_pattern = "test/rails_root/features/*.feature"
+  end
+end
+
+generators = %w(clearance clearance_features clearance_views)
+
+namespace :generator do
+  desc "Cleans up the test app before running the generator"
+  task :cleanup do
+    generators.each do |generator|
+      FileList["generators/#{generator}/templates/**/*.*"].each do |each|
+        file = "test/rails_root/#{each.gsub("generators/#{generator}/templates/",'')}"
+        File.delete(file) if File.exists?(file)
+      end
+    end
+
+    FileList["test/rails_root/db/**/*"].each do |each| 
+      FileUtils.rm_rf(each)
+    end
+
+    FileUtils.rm_rf("test/rails_root/vendor/plugins/clearance")
+    FileUtils.mkdir_p("test/rails_root/vendor/plugins")
+    clearance_root = File.expand_path(File.dirname(__FILE__))
+    system("ln -s #{clearance_root} test/rails_root/vendor/plugins/clearance")
+
+    FileUtils.rm_rf("test/rails_root/app/views/passwords")
+    FileUtils.rm_rf("test/rails_root/app/views/sessions")
+    FileUtils.rm_rf("test/rails_root/app/views/users")
+  end
+
+  desc "Run the clearance generator"
+  task :clearance do
+    system "cd test/rails_root && ./script/generate clearance && rake db:migrate db:test:prepare"
+  end
+
+  desc "Run the clearance features generator"
+  task :clearance_features do
+    system "cd test/rails_root && ./script/generate clearance_features"
+  end
+
+  desc "Run the clearance views generator"
+  task :clearance_views do
+    system "cd test/rails_root && ./script/generate clearance_views"
+  end
+end
+
+desc "Run the test suite"
+task :default => ['test:basic', 'test:features',
+                  'test:views', 'test:features_for_views']
+
+gem_spec = Gem::Specification.new do |gem_spec|
+  gem_spec.name        = "clearance"
+  gem_spec.version     = "0.8.2"
+  gem_spec.summary     = "Rails authentication with email & password."
+  gem_spec.email       = "support@thoughtbot.com"
+  gem_spec.homepage    = "http://github.com/thoughtbot/clearance"
+  gem_spec.description = "Rails authentication with email & password."
+  gem_spec.authors     = ["Dan Croak", "Mike Burns", "Jason Morrison",
+                          "Joe Ferris", "Eugene Bolshakov", "Nick Quaranto",
+                          "Josh Nichols", "Mike Breen", "Marcel Görner",
+                          "Bence Nagy", "Ben Mabey", "Eloy Duran",
+                          "Tim Pope", "Mihai Anca", "Mark Cornick",
+                          "Shay Arnett", "Jon Yurek"]
+  gem_spec.files       = FileList["[A-Z]*", "{app,config,generators,lib,shoulda_macros,rails}/**/*"]
+end
+
+desc "Generate a gemspec file"
+task :gemspec do
+  File.open("#{gem_spec.name}.gemspec", 'w') do |f|
+    f.write gem_spec.to_yaml
+  end
+end
+
@@ -0,0 +1,6 @@
+h1. To-do
+
+* Make insertion of Clearance::User into User model automatic from the generator.
+* Change generated README to include instruction about running the migration.
+* DO_NOT_REPLY, HOST refactoring.
+
@@ -0,0 +1,75 @@
+class Clearance::ConfirmationsController < ApplicationController
+  unloadable
+
+  before_filter :redirect_signed_in_confirmed_user,  :only => [:new, :create]
+  before_filter :redirect_signed_out_confirmed_user, :only => [:new, :create]
+  before_filter :forbid_missing_token,               :only => [:new, :create]
+  before_filter :forbid_non_existent_user,           :only => [:new, :create]
+
+  filter_parameter_logging :token
+
+  def new
+    create
+  end
+
+  def create
+    @user = ::User.find_by_id_and_confirmation_token(
+                   params[:user_id], params[:token])
+    @user.confirm_email!
+
+    sign_in(@user)
+    flash_success_after_create
+    redirect_to(url_after_create)
+  end
+
+  private
+
+  def redirect_signed_in_confirmed_user
+    user = ::User.find_by_id(params[:user_id])
+    if user && user.email_confirmed? && current_user == user
+      flash_success_after_create
+      redirect_to(url_after_create)
+    end
+  end
+
+  def redirect_signed_out_confirmed_user
+    user = ::User.find_by_id(params[:user_id])
+    if user && user.email_confirmed? && signed_out?
+      flash_already_confirmed
+      redirect_to(url_already_confirmed)
+    end
+  end
+
+  def forbid_missing_token
+    if params[:token].blank?
+      raise ActionController::Forbidden, "missing token"
+    end
+  end
+
+  def forbid_non_existent_user
+    unless ::User.find_by_id_and_confirmation_token(
+                  params[:user_id], params[:token])
+      raise ActionController::Forbidden, "non-existent user"
+    end
+  end
+
+  def flash_success_after_create
+    flash[:success] = translate(:confirmed_email,
+      :scope   => [:clearance, :controllers, :confirmations],
+      :default => "Confirmed email and signed in.")
+  end
+
+  def flash_already_confirmed
+    flash[:success] = translate(:already_confirmed_email,
+      :scope   => [:clearance, :controllers, :confirmations],
+      :default => "Already confirmed email. Please sign in.")
+  end
+
+  def url_after_create
+    root_url
+  end
+
+  def url_already_confirmed
+    sign_in_url
+  end
+end
@@ -0,0 +1,84 @@
+class Clearance::PasswordsController < ApplicationController
+  unloadable
+
+  before_filter :forbid_missing_token,     :only => [:edit, :update]
+  before_filter :forbid_non_existent_user, :only => [:edit, :update]
+  filter_parameter_logging :password, :password_confirmation
+
+  def new
+    render :template => 'passwords/new'
+  end
+
+  def create
+    if user = ::User.find_by_email(params[:password][:email])
+      user.forgot_password!
+      ::ClearanceMailer.deliver_change_password user
+      flash_notice_after_create
+      redirect_to(url_after_create)
+    else
+      flash_failure_after_create
+      render :template => 'passwords/new'
+    end
+  end
+
+  def edit
+    @user = ::User.find_by_id_and_confirmation_token(
+                   params[:user_id], params[:token])
+    render :template => 'passwords/edit'
+  end
+
+  def update
+    @user = ::User.find_by_id_and_confirmation_token(
+                   params[:user_id], params[:token])
+
+    if @user.update_password(params[:user][:password],
+                             params[:user][:password_confirmation])
+      @user.confirm_email!
+      sign_in(@user)
+      flash_success_after_update
+      redirect_to(url_after_update)
+    else
+      render :template => 'passwords/edit'
+    end
+  end
+
+  private
+
+  def forbid_missing_token
+    if params[:token].blank?
+      raise ActionController::Forbidden, "missing token"
+    end
+  end
+
+  def forbid_non_existent_user
+    unless ::User.find_by_id_and_confirmation_token(
+                  params[:user_id], params[:token])
+      raise ActionController::Forbidden, "non-existent user"
+    end
+  end
+
+  def flash_notice_after_create
+    flash[:notice] = translate(:deliver_change_password,
+      :scope   => [:clearance, :controllers, :passwords],
+      :default => "You will receive an email within the next few minutes. " <<
+                  "It contains instructions for changing your password.")
+  end
+
+  def flash_failure_after_create
+    flash.now[:failure] = translate(:unknown_email,
+      :scope   => [:clearance, :controllers, :passwords],
+      :default => "Unknown email.")
+  end
+
+  def url_after_create
+    new_session_url
+  end
+
+  def flash_success_after_update
+    flash[:success] = translate(:signed_in, :default => "Signed in.")
+  end
+
+  def url_after_update
+    root_url
+  end
+end
@@ -0,0 +1,66 @@
+class Clearance::SessionsController < ApplicationController
+  unloadable
+
+  protect_from_forgery :except => :create
+  filter_parameter_logging :password
+
+  def new
+    render :template => 'sessions/new'
+  end
+
+  def create
+    @user = ::User.authenticate(params[:session][:email],
+                                params[:session][:password])
+    if @user.nil?
+      flash_failure_after_create
+      render :template => 'sessions/new', :status => :unauthorized
+    else
+      if @user.email_confirmed?
+        sign_in(@user)
+        flash_success_after_create
+        redirect_back_or(url_after_create)
+      else
+        ::ClearanceMailer.deliver_confirmation(@user)
+        flash_notice_after_create
+        redirect_to(new_session_url)
+      end
+    end
+  end
+
+  def destroy
+    sign_out
+    flash_success_after_destroy
+    redirect_to(url_after_destroy)
+  end
+
+  private
+
+  def flash_failure_after_create
+    flash.now[:failure] = translate(:bad_email_or_password,
+      :scope   => [:clearance, :controllers, :sessions],
+      :default => "Bad email or password.")
+  end
+
+  def flash_success_after_create
+    flash[:success] = translate(:signed_in, :default =>  "Signed in.")
+  end
+
+  def flash_notice_after_create
+    flash[:notice] = translate(:unconfirmed_email,
+      :scope   => [:clearance, :controllers, :sessions],
+      :default => "User has not confirmed email. " <<
+                  "Confirmation email will be resent.")
+  end
+
+  def url_after_create
+    root_url
+  end
+
+  def flash_success_after_destroy
+    flash[:success] = translate(:signed_out, :default =>  "Signed out.")
+  end
+
+  def url_after_destroy
+    new_session_url
+  end
+end
@@ -0,0 +1,35 @@
+class Clearance::UsersController < ApplicationController
+  unloadable
+
+  before_filter :redirect_to_root, :only => [:new, :create], :if => :signed_in?
+  filter_parameter_logging :password
+
+  def new
+    @user = ::User.new(params[:user])
+    render :template => 'users/new'
+  end
+
+  def create
+    @user = ::User.new params[:user]
+    if @user.save
+      ::ClearanceMailer.deliver_confirmation @user
+      flash_notice_after_create
+      redirect_to(url_after_create)
+    else
+      render :template => 'users/new'
+    end
+  end
+
+  private
+
+  def flash_notice_after_create
+    flash[:notice] = translate(:deliver_confirmation,
+      :scope   => [:clearance, :controllers, :users],
+      :default => "You will receive an email within the next few minutes. " <<
+                  "It contains instructions for confirming your account.")
+  end
+
+  def url_after_create
+    new_session_url
+  end
+end
@@ -0,0 +1,23 @@
+class ClearanceMailer < ActionMailer::Base
+
+  default_url_options[:host] = HOST
+
+  def change_password(user)
+    from       DO_NOT_REPLY
+    recipients user.email
+    subject    I18n.t(:change_password,
+                      :scope   => [:clearance, :models, :clearance_mailer],
+                      :default => "Change your password")
+    body       :user => user
+  end
+
+  def confirmation(user)
+    from       DO_NOT_REPLY
+    recipients user.email
+    subject    I18n.t(:confirmation,
+                      :scope   => [:clearance, :models, :clearance_mailer],
+                      :default => "Account confirmation")
+    body      :user => user
+  end
+
+end
@@ -0,0 +1,9 @@
+Someone, hopefully you, has requested that we send you a link to change your password.
+
+Here's the link:
+
+<%= edit_user_password_url(@user,
+      :token  => @user.confirmation_token,
+      :escape => false) %>
+
+If you didn't request this, ignore this email. Don't worry. Your password hasn't been changed.
@@ -0,0 +1,5 @@
+
+<%= new_user_confirmation_url(
+      :user_id => @user,
+      :token   => @user.confirmation_token,
+      :encode  => false) %>
@@ -0,0 +1,23 @@
+<h2>Change your password</h2>
+
+<p>
+  Your password has been reset. Choose a new password below.
+</p>
+
+<%= error_messages_for :user %>
+
+<% form_for(:user,
+            :url => user_password_path(@user, :token => @user.confirmation_token),
+            :html => { :method => :put }) do |form| %>
+  <div class="password_field">
+    <%= form.label :password, "Choose password" %>
+    <%= form.password_field :password %>
+  </div>
+  <div class="password_field">
+    <%= form.label :password_confirmation, "Confirm password" %>
+    <%= form.password_field :password_confirmation %>
+  </div>
+  <div class="submit_field">
+    <%= form.submit "Save this password", :disable_with => "Please wait..." %>
+  </div>
+<% end %>
@@ -0,0 +1,15 @@
+<h2>Change your password</h2>
+
+<p>
+  We will email you a link to change your password.
+</p>
+
+<% form_for :password, :url => passwords_path do |form| %>
+  <div class="text_field">
+    <%= form.label :email, "Email address" %>
+    <%= form.text_field :email %>
+  </div>
+  <div class="submit_field">
+    <%= form.submit "Reset password", :disable_with => "Please wait..." %>
+  </div>
+<% end %>
 \ No newline at end of file
@@ -0,0 +1,24 @@
+<h2>Sign in</h2>
+
+<% form_for :session, :url => session_path do |form| %>
+  <div class="text_field">
+    <%= form.label :email %>
+    <%= form.text_field :email %>
+  </div>
+  <div class="text_field">
+    <%= form.label :password %>
+    <%= form.password_field :password %>
+  </div>
+  <div class="submit_field">
+    <%= form.submit "Sign in", :disable_with => "Please wait..." %>
+  </div>
+<% end %>
+
+<ul>
+  <li>
+    <%= link_to "Sign up", new_user_path %>
+  </li>
+  <li>
+    <%= link_to "Forgot password?", new_password_path %>
+  </li>
+</ul>
@@ -0,0 +1,13 @@
+<%= form.error_messages %>
+<div class="text_field">
+  <%= form.label :email %>
+  <%= form.text_field :email %>
+</div>
+<div class="password_field">
+  <%= form.label :password %>
+  <%= form.password_field :password %>
+</div>
+<div class="password_field">
+  <%= form.label :password_confirmation, "Confirm password" %>
+  <%= form.password_field :password_confirmation %>
+</div>
 \ No newline at end of file
@@ -0,0 +1,6 @@
+<h2>Sign up</h2>
+
+<% form_for @user do |form| %>
+  <%= render :partial => '/users/form', :object => form %>
+  <%= form.submit 'Sign up', :disable_with => 'Please wait...' %>
+<% end %>
@@ -0,0 +1,30 @@
+ActionController::Routing::Routes.draw do |map|
+  map.resources :passwords,
+    :controller => 'clearance/passwords',
+    :only       => [:new, :create]
+
+  map.resource  :session,
+    :controller => 'clearance/sessions',
+    :only       => [:new, :create, :destroy]
+
+  map.resources :users, :controller => 'clearance/users' do |users|
+    users.resource :password,
+      :controller => 'clearance/passwords',
+      :only       => [:create, :edit, :update]
+
+    users.resource :confirmation,
+      :controller => 'clearance/confirmations',
+      :only       => [:new, :create]
+  end
+
+  map.sign_up  'sign_up',
+    :controller => 'clearance/users',
+    :action     => 'new'
+  map.sign_in  'sign_in',
+    :controller => 'clearance/sessions',
+    :action     => 'new'
+  map.sign_out 'sign_out',
+    :controller => 'clearance/sessions',
+    :action     => 'destroy',
+    :method     => :delete
+end
@@ -0,0 +1 @@
+script/generate clearance
 \ No newline at end of file
@@ -0,0 +1,41 @@
+require File.expand_path(File.dirname(__FILE__) + "/lib/insert_commands.rb")
+require File.expand_path(File.dirname(__FILE__) + "/lib/rake_commands.rb")
+require 'factory_girl'
+
+class ClearanceGenerator < Rails::Generator::Base
+
+  def manifest
+    record do |m|
+      m.insert_into "app/controllers/application_controller.rb",
+                    "include Clearance::Authentication"
+
+      user_model = "app/models/user.rb"
+      if File.exists?(user_model)
+        m.insert_into user_model, "include Clearance::User"
+      else
+        m.directory File.join("app", "models")
+        m.file "user.rb", user_model
+      end
+
+      m.directory File.join("test", "factories")
+      m.file "factories.rb", "test/factories/clearance.rb"
+
+      m.migration_template "migrations/#{migration_name}.rb",
+                           'db/migrate',
+                           :migration_file_name => "clearance_#{migration_name}"
+
+      m.readme "README"
+    end
+  end
+
+  private
+
+  def migration_name
+    if ActiveRecord::Base.connection.table_exists?(:users)
+      'update_users'
+    else
+      'create_users'
+    end
+  end
+
+end
@@ -0,0 +1,33 @@
+# Mostly pinched from http://github.com/ryanb/nifty-generators/tree/master
+
+Rails::Generator::Commands::Base.class_eval do
+  def file_contains?(relative_destination, line)
+    File.read(destination_path(relative_destination)).include?(line)
+  end
+end
+
+Rails::Generator::Commands::Create.class_eval do
+  def insert_into(file, line)
+    logger.insert "#{line} into #{file}"
+    unless options[:pretend] || file_contains?(file, line)
+      gsub_file file, /^(class|module) .+$/ do |match|
+        "#{match}\n  #{line}"
+      end
+    end
+  end
+end
+
+Rails::Generator::Commands::Destroy.class_eval do
+  def insert_into(file, line)
+    logger.remove "#{line} from #{file}"
+    unless options[:pretend]
+      gsub_file file, "\n  #{line}", ''
+    end
+  end
+end
+
+Rails::Generator::Commands::List.class_eval do
+  def insert_into(file, line)
+    logger.insert "#{line} into #{file}"
+  end
+end
@@ -0,0 +1,22 @@
+Rails::Generator::Commands::Create.class_eval do
+  def rake_db_migrate
+    logger.rake "db:migrate"
+    unless system("rake db:migrate")
+      logger.rake "db:migrate failed. Rolling back"      
+      command(:destroy).invoke!
+    end
+  end
+end
+
+Rails::Generator::Commands::Destroy.class_eval do
+  def rake_db_migrate
+    logger.rake "db:rollback"  
+    system "rake db:rollback"  
+  end
+end
+
+Rails::Generator::Commands::List.class_eval do
+  def rake_db_migrate
+    logger.rake "db:migrate"    
+  end
+end
@@ -0,0 +1,22 @@
+
+*******************************************************************************
+
+Ok, enough fancy automatic stuff. Time for some old school monkey copy-pasting.
+
+1. Define a HOST constant in your environments files.
+In config/environments/test.rb and config/environments/development.rb it can be:
+
+    HOST = "localhost"
+
+In production.rb it must be the actual host your application is deployed to.
+The constant is used by mailers to generate URLs in emails.
+
+2. In config/environment.rb:
+
+    DO_NOT_REPLY = "donotreply@example.com"
+
+3. Define root_url to *something* in your config/routes.rb:
+
+    map.root :controller => 'home'
+
+*******************************************************************************
@@ -0,0 +1,13 @@
+Factory.sequence :email do |n|
+  "user#{n}@example.com"
+end
+
+Factory.define :user do |user|
+  user.email                 { Factory.next :email }
+  user.password              { "password" }
+  user.password_confirmation { "password" }
+end
+
+Factory.define :email_confirmed_user, :parent => :user do |user|
+  user.email_confirmed { true }
+end
@@ -0,0 +1,21 @@
+class ClearanceCreateUsers < ActiveRecord::Migration
+  def self.up
+    create_table(:users) do |t|
+      t.string   :email
+      t.string   :encrypted_password, :limit => 128
+      t.string   :salt,               :limit => 128
+      t.string   :confirmation_token, :limit => 128
+      t.string   :remember_token,     :limit => 128
+      t.boolean  :email_confirmed, :default => false, :null => false
+      t.timestamps
+    end
+
+    add_index :users, [:id, :confirmation_token]
+    add_index :users, :email
+    add_index :users, :remember_token
+  end
+
+  def self.down
+    drop_table :users
+  end
+end
@@ -0,0 +1,41 @@
+class ClearanceUpdateUsers < ActiveRecord::Migration
+  def self.up
+<%
+      existing_columns = ActiveRecord::Base.connection.columns(:users).collect { |each| each.name }
+      columns = [
+        [:email,              't.string :email'],
+        [:encrypted_password, 't.string :encrypted_password, :limit => 128'],
+        [:salt, 't.string :salt, :limit => 128'],
+        [:confirmation_token, 't.string :confirmation_token, :limit => 128'],
+        [:remember_token, 't.string :remember_token, :limit => 128'],
+        [:email_confirmed, 't.boolean :email_confirmed, :default => false, :null => false']
+      ].delete_if {|c| existing_columns.include?(c.first.to_s)}
+-%>
+    change_table(:users) do |t|
+<% columns.each do |c| -%>
+      <%= c.last %>
+<% end -%>
+    end
+
+<%
+    existing_indexes = ActiveRecord::Base.connection.indexes(:users)
+    index_names = existing_indexes.collect { |each| each.name }
+    new_indexes = [
+      [:index_users_on_id_and_confirmation_token, 'add_index :users, [:id, :confirmation_token]'],
+      [:index_users_on_email,        'add_index :users, :email'],
+      [:index_users_on_remember_token,        'add_index :users, :remember_token']
+    ].delete_if { |each| index_names.include?(each.first.to_s) }
+-%>
+<% new_indexes.each do |each| -%>
+    <%= each.last %>
+<% end -%>
+  end
+
+  def self.down
+    change_table(:users) do |t|
+<% unless columns.empty? -%>
+      t.remove <%= columns.collect { |each| ":#{each.first}" }.join(',') %>
+<% end -%>
+    end
+  end
+end
@@ -0,0 +1,3 @@
+class User < ActiveRecord::Base
+  include Clearance::User
+end
@@ -0,0 +1 @@
+script/generate clearance_features
@@ -0,0 +1,20 @@
+class ClearanceFeaturesGenerator < Rails::Generator::Base
+
+  def manifest
+    record do |m|
+      m.directory File.join("features", "step_definitions")
+      m.directory File.join("features", "support")
+
+      ["features/step_definitions/clearance_steps.rb",
+       "features/step_definitions/factory_girl_steps.rb",
+       "features/support/paths.rb",
+       "features/sign_in.feature",
+       "features/sign_out.feature",
+       "features/sign_up.feature",
+       "features/password_reset.feature"].each do |file|
+        m.file file, file
+       end
+    end
+  end
+
+end
@@ -0,0 +1,33 @@
+Feature: Password reset
+  In order to sign in even if user forgot their password
+  A user
+  Should be able to reset it
+
+    Scenario: User is not signed up
+      Given no user exists with an email of "email@person.com"
+      When I request password reset link to be sent to "email@person.com"
+      Then I should see "Unknown email"
+
+    Scenario: User is signed up and requests password reset
+      Given I signed up with "email@person.com/password"
+      When I request password reset link to be sent to "email@person.com"
+      Then I should see "instructions for changing your password"
+      And a password reset message should be sent to "email@person.com"
+
+    Scenario: User is signed up updated his password and types wrong confirmation
+      Given I signed up with "email@person.com/password"
+      When I follow the password reset link sent to "email@person.com"
+      And I update my password with "newpassword/wrongconfirmation"
+      Then I should see error messages
+      And I should be signed out
+
+    Scenario: User is signed up and updates his password
+      Given I signed up with "email@person.com/password"
+      When I follow the password reset link sent to "email@person.com"
+      And I update my password with "newpassword/newpassword"
+      Then I should be signed in
+      When I sign out
+      Then I should be signed out
+      And I sign in as "email@person.com/newpassword"
+      Then I should be signed in
+
@@ -0,0 +1,35 @@
+Feature: Sign in
+  In order to get access to protected sections of the site
+  A user
+  Should be able to sign in
+
+    Scenario: User is not signed up
+      Given no user exists with an email of "email@person.com"
+      When I go to the sign in page
+      And I sign in as "email@person.com/password"
+      Then I should see "Bad email or password"
+      And I should be signed out
+
+    Scenario: User is not confirmed
+      Given I signed up with "email@person.com/password"
+      When I go to the sign in page
+      And I sign in as "email@person.com/password"
+      Then I should see "User has not confirmed email"
+      And I should be signed out
+
+   Scenario: User enters wrong password
+      Given I am signed up and confirmed as "email@person.com/password"
+      When I go to the sign in page
+      And I sign in as "email@person.com/wrongpassword"
+      Then I should see "Bad email or password"
+      And I should be signed out
+
+   Scenario: User signs in successfully
+      Given I am signed up and confirmed as "email@person.com/password"
+      When I go to the sign in page
+      And I sign in as "email@person.com/password"
+      Then I should see "Signed in"
+      And I should be signed in
+      When I return next time
+      Then I should be signed in
+
@@ -0,0 +1,15 @@
+Feature: Sign out
+  To protect my account from unauthorized access
+  A signed in user
+  Should be able to sign out
+
+    Scenario: User signs out
+      Given I am signed up and confirmed as "email@person.com/password"
+      When I sign in as "email@person.com/password"
+      Then I should be signed in
+      And I sign out
+      Then I should see "Signed out"
+      And I should be signed out
+      When I return next time
+      Then I should be signed out
+
@@ -0,0 +1,45 @@
+Feature: Sign up
+  In order to get access to protected sections of the site
+  A user
+  Should be able to sign up
+
+    Scenario: User signs up with invalid data
+      When I go to the sign up page
+      And I fill in "Email" with "invalidemail"
+      And I fill in "Password" with "password"
+      And I fill in "Confirm password" with ""
+      And I press "Sign Up"
+      Then I should see error messages
+
+    Scenario: User signs up with valid data
+      When I go to the sign up page
+      And I fill in "Email" with "email@person.com"
+      And I fill in "Password" with "password"
+      And I fill in "Confirm password" with "password"
+      And I press "Sign Up"
+      Then I should see "instructions for confirming"
+      And a confirmation message should be sent to "email@person.com"
+
+    Scenario: User confirms his account
+      Given I signed up with "email@person.com/password"
+      When I follow the confirmation link sent to "email@person.com"
+      Then I should see "Confirmed email and signed in"
+      And I should be signed in
+
+    Scenario: Signed in user clicks confirmation link again
+      Given I signed up with "email@person.com/password"
+      When I follow the confirmation link sent to "email@person.com"
+      Then I should be signed in
+      When I follow the confirmation link sent to "email@person.com"
+      Then I should see "Confirmed email and signed in"
+      And I should be signed in
+
+    Scenario: Signed out user clicks confirmation link again
+      Given I signed up with "email@person.com/password"
+      When I follow the confirmation link sent to "email@person.com"
+      Then I should be signed in
+      When I sign out
+      And I follow the confirmation link sent to "email@person.com"
+      Then I should see "Already confirmed email. Please sign in."
+      And I should be signed out
+
@@ -0,0 +1,116 @@
+# General
+
+Then /^I should see error messages$/ do
+  assert_match /error(s)? prohibited/m, response.body
+end
+
+# Database
+
+Given /^no user exists with an email of "(.*)"$/ do |email|
+  assert_nil User.find_by_email(email)
+end
+
+Given /^I signed up with "(.*)\/(.*)"$/ do |email, password|
+  user = Factory :user,
+    :email                 => email,
+    :password              => password,
+    :password_confirmation => password
+end 
+
+Given /^I am signed up and confirmed as "(.*)\/(.*)"$/ do |email, password|
+  user = Factory :email_confirmed_user,
+    :email                 => email,
+    :password              => password,
+    :password_confirmation => password
+end
+
+# Session
+
+Then /^I should be signed in$/ do
+  assert controller.signed_in?
+end
+
+Then /^I should be signed out$/ do
+  assert ! controller.signed_in?
+end
+
+When /^session is cleared$/ do
+  request.reset_session
+  controller.instance_variable_set(:@_current_user, nil)
+end
+
+Given /^I have signed in with "(.*)\/(.*)"$/ do |email, password|
+  Given %{I am signed up and confirmed as "#{email}/#{password}"}
+  And %{I sign in as "#{email}/#{password}"}
+end
+
+# Emails
+
+Then /^a confirmation message should be sent to "(.*)"$/ do |email|
+  user = User.find_by_email(email)
+  sent = ActionMailer::Base.deliveries.first
+  assert_equal [user.email], sent.to
+  assert_match /confirm/i, sent.subject
+  assert !user.confirmation_token.blank?
+  assert_match /#{user.confirmation_token}/, sent.body
+end
+
+When /^I follow the confirmation link sent to "(.*)"$/ do |email|
+  user = User.find_by_email(email)
+  visit new_user_confirmation_path(:user_id => user,
+                                   :token   => user.confirmation_token)
+end
+
+Then /^a password reset message should be sent to "(.*)"$/ do |email|
+  user = User.find_by_email(email)
+  sent = ActionMailer::Base.deliveries.first
+  assert_equal [user.email], sent.to
+  assert_match /password/i, sent.subject
+  assert !user.confirmation_token.blank?
+  assert_match /#{user.confirmation_token}/, sent.body
+end
+
+When /^I follow the password reset link sent to "(.*)"$/ do |email|
+  user = User.find_by_email(email)
+  visit edit_user_password_path(:user_id => user,
+                                :token   => user.confirmation_token)
+end
+
+When /^I try to change the password of "(.*)" without token$/ do |email|
+  user = User.find_by_email(email)
+  visit edit_user_password_path(:user_id => user)
+end
+
+Then /^I should be forbidden$/ do
+  assert_response :forbidden
+end
+
+# Actions
+
+When /^I sign in as "(.*)\/(.*)"$/ do |email, password|
+  When %{I go to the sign in page}
+  And %{I fill in "Email" with "#{email}"}
+  And %{I fill in "Password" with "#{password}"}
+  And %{I press "Sign In"}
+end
+
+When /^I sign out$/ do
+  visit '/session', :delete
+end
+
+When /^I request password reset link to be sent to "(.*)"$/ do |email|
+  When %{I go to the password reset request page}
+  And %{I fill in "Email address" with "#{email}"}
+  And %{I press "Reset password"}
+end
+
+When /^I update my password with "(.*)\/(.*)"$/ do |password, confirmation|
+  And %{I fill in "Choose password" with "#{password}"}
+  And %{I fill in "Confirm password" with "#{confirmation}"}
+  And %{I press "Save this password"}
+end
+
+When /^I return next time$/ do
+  When %{session is cleared}
+  And %{I go to the homepage}
+end
@@ -0,0 +1,5 @@
+Factory.factories.each do |name, factory|
+  Given /^an? #{name} exists with an? (.*) of "([^"]*)"$/ do |attr, value|
+    Factory(name, attr.gsub(' ', '_') => value)
+  end
+end
@@ -0,0 +1,22 @@
+module NavigationHelpers
+  def path_to(page_name)
+    case page_name
+    
+    when /the homepage/i
+      root_path
+    when /the sign up page/i
+      new_user_path
+    when /the sign in page/i
+      new_session_path
+    when /the password reset request page/i
+      new_password_path
+    
+    # Add more page name => path mappings here
+    
+    else
+      raise "Can't find mapping from \"#{page_name}\" to a path."
+    end
+  end
+end
+ 
+World(NavigationHelpers)
@@ -0,0 +1,27 @@
+class ClearanceViewsGenerator < Rails::Generator::Base
+
+  def manifest
+    record do |m|
+      strategy          = "formtastic"
+      template_strategy = "erb"
+
+      m.directory File.join("app", "views", "users")
+      m.file "#{strategy}/users/new.html.#{template_strategy}",
+        "app/views/users/new.html.#{template_strategy}"
+      m.file "#{strategy}/users/_inputs.html.#{template_strategy}",
+        "app/views/users/_inputs.html.#{template_strategy}"
+
+      m.directory File.join("app", "views", "sessions")
+      m.file "#{strategy}/sessions/new.html.#{template_strategy}",
+        "app/views/sessions/new.html.#{template_strategy}"
+
+      m.directory File.join("app", "views", "passwords")
+      m.file "#{strategy}/passwords/new.html.#{template_strategy}",
+        "app/views/passwords/new.html.#{template_strategy}"
+      m.file "#{strategy}/passwords/edit.html.#{template_strategy}",
+        "app/views/passwords/edit.html.#{template_strategy}"
+    end
+  end
+
+end
+
@@ -0,0 +1,21 @@
+<h2>Change your password</h2>
+
+<p>
+  Your password has been reset. Choose a new password below.
+</p>
+
+<% semantic_form_for(:user,
+            :url  => user_password_path(@user, :token => @user.confirmation_token),
+            :html => { :method => :put }) do |form| %>
+  <%= form.error_messages %>
+  <% form.inputs do -%>
+    <%= form.input :password, :as => :password,
+                   :label => "Choose password" %>
+    <%= form.input :password_confirmation, :as => :password,
+                   :label => "Confirm password" %>
+  <% end -%>
+  <% form.buttons do -%>
+    <%= form.commit_button "Save this password" %>
+  <% end -%>
+<% end %>
+
@@ -0,0 +1,15 @@
+<h2>Reset your password</h2>
+
+<p>
+  We will email you a link to reset your password.
+</p>
+
+<% semantic_form_for :password, :url => passwords_path do |form| -%>
+  <% form.inputs do -%>
+    <%= form.input :email, :label => "Email address" %>
+  <% end -%>
+  <% form.buttons do -%>
+    <%= form.commit_button "Reset password" %>
+  <% end -%>
+<% end -%>
+
@@ -0,0 +1,21 @@
+<h2>Sign in</h2>
+
+<% semantic_form_for :session, :url => session_path do |form| %>
+  <% form.inputs do %>
+    <%= form.input :email %>
+    <%= form.input :password, :as => :password %>
+  <% end %>
+  <% form.buttons do %>
+    <%= form.commit_button "Sign in" %>
+  <% end %>
+<% end %>
+
+<ul>
+  <li>
+    <%= link_to "Sign up", new_user_path %>
+  </li>
+  <li>
+    <%= link_to "Forgot password?", new_password_path %>
+  </li>
+</ul>
+
@@ -0,0 +1,6 @@
+<% form.inputs do %>
+  <%= form.input :email %>
+  <%= form.input :password %>
+  <%= form.input :password_confirmation, :label => "Confirm password" %>
+<% end %>
+
@@ -0,0 +1,10 @@
+<h2>Sign up</h2>
+
+<% semantic_form_for @user do |form| %>
+  <%= form.error_messages %>
+  <%= render :partial => "/users/inputs", :locals => { :form => form } %>
+  <% form.buttons do %>
+    <%= form.commit_button "Sign up" %>
+  <% end %>
+<% end %>
+
@@ -0,0 +1,6 @@
+require 'clearance/extensions/errors'
+require 'clearance/extensions/rescue'
+require 'clearance/extensions/routes'
+
+require 'clearance/authentication'
+require 'clearance/user'
@@ -0,0 +1,125 @@
+module Clearance
+  module Authentication
+
+    def self.included(controller) # :nodoc:
+      controller.send(:include, InstanceMethods)
+
+      controller.class_eval do
+        helper_method :current_user, :signed_in?, :signed_out?
+        hide_action   :current_user, :signed_in?, :signed_out?
+      end
+    end
+
+    module InstanceMethods
+      # User in the current cookie
+      #
+      # @return [User, nil]
+      def current_user
+        @_current_user ||= user_from_cookie
+      end
+
+      # Set the current user
+      #
+      # @param [User]
+      def current_user=(user)
+        @_current_user = user
+      end
+
+      # Is the current user signed in?
+      #
+      # @return [true, false]
+      def signed_in?
+        ! current_user.nil?
+      end
+
+      # Is the current user signed out?
+      #
+      # @return [true, false]
+      def signed_out?
+        current_user.nil?
+      end
+
+      # Deny the user access if they are signed out.
+      #
+      # @example
+      #   before_filter :authenticate
+      def authenticate
+        deny_access unless signed_in?
+      end
+
+      # Sign user in to cookie.
+      #
+      # @param [User]
+      #
+      # @example
+      #   sign_in(@user)
+      def sign_in(user)
+        if user
+          user.remember_me!
+          cookies[:remember_token] = {
+            :value   => user.remember_token,
+            :expires => 1.year.from_now.utc
+          }
+          current_user = user
+        end
+      end
+
+      # Sign user out of cookie.
+      #
+      # @example
+      #   sign_out
+      def sign_out
+        cookies.delete(:remember_token)
+        current_user = nil
+      end
+
+      # Store the current location.
+      # Display a flash message if included.
+      # Redirect to sign in.
+      #
+      # @param [String] optional flash message to display to denied user
+      def deny_access(flash_message = nil)
+        store_location
+        flash[:failure] = flash_message if flash_message
+        redirect_to(new_session_url)
+      end
+
+      protected
+
+      def user_from_cookie
+        if token = cookies[:remember_token]
+          ::User.find_by_remember_token(token)
+        end
+      end
+
+      def sign_user_in(user)
+        warn "[DEPRECATION] sign_user_in: unnecessary. use sign_in(user) instead."
+        sign_in(user)
+      end
+
+      def store_location
+        if request.get?
+          session[:return_to] = request.request_uri
+        end
+      end
+
+      def redirect_back_or(default)
+        redirect_to(return_to || default)
+        clear_return_to
+      end
+
+      def return_to
+        session[:return_to] || params[:return_to]
+      end
+
+      def clear_return_to
+        session[:return_to] = nil
+      end
+
+      def redirect_to_root
+        redirect_to(root_url)
+      end
+    end
+
+  end
+end
@@ -0,0 +1,6 @@
+if defined?(ActionController)
+  module ActionController
+    class Forbidden < StandardError
+    end
+  end
+end
@@ -0,0 +1,3 @@
+if defined?(ActionController::Base)
+  ActionController::Base.rescue_responses.update('ActionController::Forbidden' => :forbidden)
+end
@@ -0,0 +1,14 @@
+if defined?(ActionController::Routing::RouteSet)
+  class ActionController::Routing::RouteSet
+    def load_routes_with_clearance!
+      lib_path = File.dirname(__FILE__)
+      clearance_routes = File.join(lib_path, *%w[.. .. .. config clearance_routes.rb])
+      unless configuration_files.include?(clearance_routes)
+        add_configuration_file(clearance_routes)
+      end
+      load_routes_without_clearance!
+    end
+
+    alias_method_chain :load_routes!, :clearance
+  end
+end
@@ -0,0 +1,199 @@
+require 'digest/sha1'
+
+module Clearance
+  module User
+
+    # Hook for all Clearance::User modules.
+    #
+    # If you need to override parts of Clearance::User,
+    # extend and include à la carte.
+    #
+    # @example
+    #   extend ClassMethods
+    #   include InstanceMethods
+    #   include AttrAccessor
+    #   include Callbacks
+    #
+    # @see ClassMethods
+    # @see InstanceMethods
+    # @see AttrAccessible
+    # @see AttrAccessor
+    # @see Validations
+    # @see Callbacks
+    def self.included(model)
+      model.extend(ClassMethods)
+
+      model.send(:include, InstanceMethods)
+      model.send(:include, AttrAccessible)
+      model.send(:include, AttrAccessor)
+      model.send(:include, Validations)
+      model.send(:include, Callbacks)
+    end
+
+    module AttrAccessible
+      # Hook for attr_accessible white list.
+      #
+      # :email, :password, :password_confirmation
+      #
+      # Append other attributes that must be mass-assigned in your model.
+      #
+      # @example
+      #   include Clearance::User
+      #   attr_accessible :location, :gender
+      def self.included(model)
+        model.class_eval do
+          attr_accessible :email, :password, :password_confirmation
+        end
+      end
+    end
+
+    module AttrAccessor
+      # Hook for attr_accessor virtual attributes.
+      #
+      # :password, :password_confirmation
+      def self.included(model)
+        model.class_eval do
+          attr_accessor :password, :password_confirmation
+        end
+      end
+    end
+
+    module Validations
+      # Hook for validations.
+      #
+      # :email must be present, unique, formatted
+      #
+      # If password is required,
+      # :password must be present, confirmed
+      def self.included(model)
+        model.class_eval do
+          validates_presence_of     :email
+          validates_uniqueness_of   :email, :case_sensitive => false
+          validates_format_of       :email, :with => %r{.+@.+\..+}
+
+          validates_presence_of     :password, :if => :password_required?
+          validates_confirmation_of :password, :if => :password_required?
+        end
+      end
+    end
+
+    module Callbacks
+      # Hook for callbacks.
+      #
+      # salt, token, password encryption are handled before_save.
+      def self.included(model)
+        model.class_eval do
+          before_save :initialize_salt,
+                      :encrypt_password,
+                      :initialize_confirmation_token
+        end
+      end
+    end
+
+    module InstanceMethods
+      # Am I authenticated with given password?
+      #
+      # @param [String] plain-text password
+      # @return [true, false]
+      # @example
+      #   user.authenticated?('password')
+      def authenticated?(password)
+        encrypted_password == encrypt(password)
+      end
+
+      # Remember me for a year.
+      #
+      # @example
+      #   user.remember_me!
+      #   cookies[:remember_token] = {
+      #     :value   => user.remember_token,
+      #     :expires => user.remember_token_expires_at
+      #   }
+      def remember_me!
+        self.remember_token = encrypt("--#{Time.now.utc}--#{password}--")
+        save(false)
+      end
+
+      # Confirm my email.
+      #
+      # @example
+      #   user.confirm_email!
+      def confirm_email!
+        self.email_confirmed    = true
+        self.confirmation_token = nil
+        save(false)
+      end
+
+      # Mark my account as forgotten password.
+      #
+      # @example
+      #   user.forgot_password!
+      def forgot_password!
+        generate_confirmation_token
+        save(false)
+      end
+
+      # Update my password.
+      #
+      # @param [String, String] password and password confirmation
+      # @return [true, false] password was updated or not
+      # @example
+      #   user.update_password('new-password', 'new-password')
+      def update_password(new_password, new_password_confirmation)
+        self.password              = new_password
+        self.password_confirmation = new_password_confirmation
+        if valid?
+          self.confirmation_token = nil
+        end
+        save
+      end
+
+      protected
+
+      def generate_hash(string)
+        Digest::SHA1.hexdigest(string)
+      end
+
+      def initialize_salt
+        if new_record?
+          self.salt = generate_hash("--#{Time.now.utc}--#{password}--")
+        end
+      end
+
+      def encrypt_password
+        return if password.blank?
+        self.encrypted_password = encrypt(password)
+      end
+
+      def encrypt(string)
+        generate_hash("--#{salt}--#{string}--")
+      end
+
+      def generate_confirmation_token
+        self.confirmation_token = encrypt("--#{Time.now.utc}--#{password}--")
+      end
+
+      def initialize_confirmation_token
+        generate_confirmation_token if new_record?
+      end
+
+      def password_required?
+        encrypted_password.blank? || !password.blank?
+      end
+    end
+
+    module ClassMethods
+      # Authenticate with email and password.
+      #
+      # @param [String, String] email and password
+      # @return [User, nil] authenticated user or nil
+      # @example
+      #   User.authenticate("email@example.com", "password")
+      def authenticate(email, password)
+        return nil  unless user = find_by_email(email)
+        return user if     user.authenticated?(password)
+      end
+    end
+
+  end
+end
@@ -0,0 +1 @@
+require 'clearance'
 \ No newline at end of file
@@ -0,0 +1,266 @@
+module Clearance
+  module Shoulda
+
+    # STATE OF AUTHENTICATION
+
+    def should_be_signed_in_as(&block)
+      warn "[DEPRECATION] should_be_signed_in_as cannot be used in functional tests anymore now that it depends on cookies, which are unavailable until the next request."
+      should "be signed in as #{block.bind(self).call}" do
+        user = block.bind(self).call
+        assert_not_nil user,
+          "please pass a User. try: should_be_signed_in_as { @user }"
+        assert_equal user, @controller.send(:current_user),
+          "#{user.inspect} is not the current_user, " <<
+          "which is #{@controller.send(:current_user).inspect}"
+      end
+    end
+
+    def should_be_signed_in_and_email_confirmed_as(&block)
+      warn "[DEPRECATION] should_be_signed_in_and_email_confirmed_as: questionable usefulness"
+      should_be_signed_in_as &block
+
+      should "have confirmed email" do
+        user = block.bind(self).call
+
+        assert_not_nil user
+        assert_equal user, assigns(:user)
+        assert assigns(:user).email_confirmed?
+      end
+    end
+
+    def should_not_be_signed_in
+      warn "[DEPRECATION] should_not_be_signed_in is no longer a valid test since we now store a remember_token in cookies, not user_id in session"
+      should "not be signed in" do
+        assert_nil session[:user_id]
+      end
+    end
+
+    def should_deny_access_on(http_method, action, opts = {})
+      warn "[DEPRECATION] should_deny_access_on: use a setup & should_deny_access(:flash => ?)"
+      flash_message = opts.delete(:flash)
+      context "on #{http_method} to #{action}" do
+        setup do
+          send(http_method, action, opts)
+        end
+
+        should_deny_access(:flash => flash_message)
+      end
+    end
+
+    def should_deny_access(opts = {})
+      if opts[:flash]
+        should_set_the_flash_to opts[:flash]
+      else
+        should_not_set_the_flash
+      end
+
+      should_redirect_to('new_session_url') { new_session_url }
+    end
+
+    # HTTP FLUENCY
+
+    def should_forbid(description, &block)
+      should "forbid #{description}" do
+        assert_raises ActionController::Forbidden do
+          instance_eval(&block)
+        end
+      end
+    end
+
+    # CONTEXTS
+
+    def signed_in_user_context(&blk)
+      warn "[DEPRECATION] signed_in_user_context: creates a Mystery Guest, causes Obscure Test"
+      context "A signed in user" do
+        setup do
+          @user = Factory(:user)
+          @user.confirm_email!
+          sign_in_as @user
+        end
+        merge_block(&blk)
+      end
+    end
+
+    def public_context(&blk)
+      warn "[DEPRECATION] public_context: common case is no-op. call sign_out otherwise"
+      context "The public" do
+        setup { sign_out }
+        merge_block(&blk)
+      end
+    end
+
+    # CREATING USERS
+
+    def should_create_user_successfully
+      warn "[DEPRECATION] should_create_user_successfully: not meant to be public, no longer used internally"
+      should_assign_to :user
+      should_change 'User.count', :by => 1
+
+      should "send the confirmation email" do
+        assert_sent_email do |email|
+          email.subject =~ /account confirmation/i
+        end
+      end
+
+      should_set_the_flash_to /confirm/i
+      should_redirect_to_url_after_create
+    end
+
+    # RENDERING
+
+    def should_render_nothing
+      should "render nothing" do
+        assert @response.body.blank?
+      end
+    end
+
+    # REDIRECTS
+
+    def should_redirect_to_url_after_create
+      should_redirect_to("the post-create url") do
+        @controller.send(:url_after_create)
+      end
+    end
+
+    def should_redirect_to_url_after_update
+      should_redirect_to("the post-update url") do
+        @controller.send(:url_after_update)
+      end
+    end
+
+    def should_redirect_to_url_after_destroy
+      should_redirect_to("the post-destroy url") do
+        @controller.send(:url_after_destroy)
+      end
+    end
+
+    def should_redirect_to_url_already_confirmed
+      should_redirect_to("the already confirmed url") do
+        @controller.send(:url_already_confirmed)
+      end
+    end
+
+    # VALIDATIONS
+
+    def should_validate_confirmation_of(attribute, opts = {})
+      warn "[DEPRECATION] should_validate_confirmation_of: not meant to be public, no longer used internally"
+      raise ArgumentError if opts[:factory].nil?
+
+      context "on save" do
+        should_validate_confirmation_is_not_blank opts[:factory], attribute
+        should_validate_confirmation_is_not_bad   opts[:factory], attribute
+      end
+    end
+
+    def should_validate_confirmation_is_not_blank(factory, attribute, opts = {})
+      warn "[DEPRECATION] should_validate_confirmation_is_not_blank: not meant to be public, no longer used internally"
+      should "validate #{attribute}_confirmation is not blank" do
+        model = Factory.build(factory, blank_confirmation_options(attribute))
+        model.save
+        assert_confirmation_error(model, attribute,
+          "#{attribute}_confirmation cannot be blank")
+      end
+    end
+
+    def should_validate_confirmation_is_not_bad(factory, attribute, opts = {})
+      warn "[DEPRECATION] should_validate_confirmation_is_not_bad: not meant to be public, no longer used internally"
+      should "validate #{attribute}_confirmation is different than #{attribute}" do
+        model = Factory.build(factory, bad_confirmation_options(attribute))
+        model.save
+        assert_confirmation_error(model, attribute, 
+          "#{attribute}_confirmation cannot be different than #{attribute}")
+      end
+    end
+
+    # FORMS
+
+    def should_display_a_password_update_form
+      warn "[DEPRECATION] should_display_a_password_update_form: not meant to be public, no longer used internally"
+      should "have a form for the user's token, password, and password confirm" do
+        update_path = ERB::Util.h(
+          user_password_path(@user, :token => @user.confirmation_token)
+        )
+
+        assert_select 'form[action=?]', update_path do
+          assert_select 'input[name=_method][value=?]', 'put'
+          assert_select 'input[name=?]', 'user[password]'
+          assert_select 'input[name=?]', 'user[password_confirmation]'
+        end
+      end
+    end
+
+    def should_display_a_sign_up_form
+      warn "[DEPRECATION] should_display_a_sign_up_form: not meant to be public, no longer used internally"
+      should "display a form to sign up" do
+        assert_select "form[action=#{users_path}][method=post]",
+        true, "There must be a form to sign up" do
+          assert_select "input[type=text][name=?]",
+            "user[email]", true, "There must be an email field"
+          assert_select "input[type=password][name=?]",
+            "user[password]", true, "There must be a password field"
+          assert_select "input[type=password][name=?]",
+            "user[password_confirmation]", true, "There must be a password confirmation field"
+          assert_select "input[type=submit]", true,
+            "There must be a submit button"
+        end
+      end
+    end
+
+    def should_display_a_sign_in_form
+      warn "[DEPRECATION] should_display_a_sign_in_form: not meant to be public, no longer used internally"
+      should 'display a "sign in" form' do
+        assert_select "form[action=#{session_path}][method=post]",
+          true, "There must be a form to sign in" do
+            assert_select "input[type=text][name=?]",
+              "session[email]", true, "There must be an email field"
+            assert_select "input[type=password][name=?]",
+              "session[password]", true, "There must be a password field"
+            assert_select "input[type=submit]", true,
+              "There must be a submit button"
+        end
+      end
+    end
+  end
+end
+
+module Clearance
+  module Shoulda
+    module Helpers
+      def sign_in_as(user)
+        @controller.current_user = user
+        return user
+      end
+
+      def sign_in
+        sign_in_as Factory(:email_confirmed_user)
+      end
+
+      def sign_out
+        @controller.current_user = nil
+      end
+
+      def blank_confirmation_options(attribute)
+        warn "[DEPRECATION] blank_confirmation_options: not meant to be public, no longer used internally"
+        opts = { attribute => attribute.to_s }
+        opts.merge("#{attribute}_confirmation".to_sym => "")
+      end
+
+      def bad_confirmation_options(attribute)
+        warn "[DEPRECATION] bad_confirmation_options: not meant to be public, no longer used internally"
+        opts = { attribute => attribute.to_s }
+        opts.merge("#{attribute}_confirmation".to_sym => "not_#{attribute}")
+      end
+
+      def assert_confirmation_error(model, attribute, message = "confirmation error")
+        warn "[DEPRECATION] assert_confirmation_error: not meant to be public, no longer used internally"
+        assert model.errors.on(attribute).include?("doesn't match confirmation"),
+          message
+      end
+    end
+  end
+end
+
+class Test::Unit::TestCase
+  include Clearance::Shoulda::Helpers
+end
+Test::Unit::TestCase.extend(Clearance::Shoulda)
...	...	@@ -49,7 +49,7 @@ Rails::Initializer.run do \|config\|
49	49	config.gem "thoughtbot-clearance",
50	50	:lib => 'clearance',
51	51	:source => 'http://gems.github.com',
52		- :version => '0.7.0'
	52	+ :version => '0.8.2'
53	53	config.gem "activemerchant",
54	54	:lib => 'active_merchant',
55	55	:version => '1.4.2'
...	...
...	...	@@ -1,145 +0,0 @@
1		---- !ruby/object:Gem::Specification
2		-name: thoughtbot-clearance
3		-version: !ruby/object:Gem::Version
4		- version: 0.7.0
5		-platform: ruby
6		-authors:
7		-- Dan Croak
8		-- Mike Burns
9		-- Jason Morrison
10		-- Joe Ferris
11		-- Eugene Bolshakov
12		-- Nick Quaranto
13		-- Josh Nichols
14		-- Mike Breen
15		-- "Marcel G\xC3\xB6rner"
16		-- Bence Nagy
17		-- Ben Mabey
18		-- Eloy Duran
19		-- Tim Pope
20		-- Mihai Anca
21		-- Mark Cornick
22		-- Shay Arnett
23		-autorequire:
24		-bindir: bin
25		-cert_chain: []
26		-
27		-date: 2009-08-04 00:00:00 -04:00
28		-default_executable:
29		-dependencies: []
30		-
31		-description: Rails authentication with email & password.
32		-email: support@thoughtbot.com
33		-executables: []
34		-
35		-extensions: []
36		-
37		-extra_rdoc_files: []
38		-
39		-files:
40		-- CHANGELOG.textile
41		-- LICENSE
42		-- Rakefile
43		-- README.textile
44		-- TODO.textile
45		-- app/controllers
46		-- app/controllers/clearance
47		-- app/controllers/clearance/confirmations_controller.rb
48		-- app/controllers/clearance/passwords_controller.rb
49		-- app/controllers/clearance/sessions_controller.rb
50		-- app/controllers/clearance/users_controller.rb
51		-- app/models
52		-- app/models/clearance_mailer.rb
53		-- app/views
54		-- app/views/clearance_mailer
55		-- app/views/clearance_mailer/change_password.html.erb
56		-- app/views/clearance_mailer/confirmation.html.erb
57		-- app/views/passwords
58		-- app/views/passwords/edit.html.erb
59		-- app/views/passwords/new.html.erb
60		-- app/views/sessions
61		-- app/views/sessions/new.html.erb
62		-- app/views/users
63		-- app/views/users/_form.html.erb
64		-- app/views/users/new.html.erb
65		-- config/clearance_routes.rb
66		-- generators/clearance
67		-- generators/clearance/clearance_generator.rb
68		-- generators/clearance/lib
69		-- generators/clearance/lib/insert_commands.rb
70		-- generators/clearance/lib/rake_commands.rb
71		-- generators/clearance/templates
72		-- generators/clearance/templates/factories.rb
73		-- generators/clearance/templates/migrations
74		-- generators/clearance/templates/migrations/create_users.rb
75		-- generators/clearance/templates/migrations/update_users.rb
76		-- generators/clearance/templates/README
77		-- generators/clearance/templates/user.rb
78		-- generators/clearance/USAGE
79		-- generators/clearance_features
80		-- generators/clearance_features/clearance_features_generator.rb
81		-- generators/clearance_features/templates
82		-- generators/clearance_features/templates/features
83		-- generators/clearance_features/templates/features/password_reset.feature
84		-- generators/clearance_features/templates/features/sign_in.feature
85		-- generators/clearance_features/templates/features/sign_out.feature
86		-- generators/clearance_features/templates/features/sign_up.feature
87		-- generators/clearance_features/templates/features/step_definitions
88		-- generators/clearance_features/templates/features/step_definitions/clearance_steps.rb
89		-- generators/clearance_features/templates/features/step_definitions/factory_girl_steps.rb
90		-- generators/clearance_features/templates/features/support
91		-- generators/clearance_features/templates/features/support/paths.rb
92		-- generators/clearance_features/USAGE
93		-- generators/clearance_views
94		-- generators/clearance_views/clearance_views_generator.rb
95		-- generators/clearance_views/templates
96		-- generators/clearance_views/templates/formtastic
97		-- generators/clearance_views/templates/formtastic/passwords
98		-- generators/clearance_views/templates/formtastic/passwords/edit.html.erb
99		-- generators/clearance_views/templates/formtastic/passwords/new.html.erb
100		-- generators/clearance_views/templates/formtastic/sessions
101		-- generators/clearance_views/templates/formtastic/sessions/new.html.erb
102		-- generators/clearance_views/templates/formtastic/users
103		-- generators/clearance_views/templates/formtastic/users/_inputs.html.erb
104		-- generators/clearance_views/templates/formtastic/users/new.html.erb
105		-- generators/clearance_views/USAGE
106		-- lib/clearance
107		-- lib/clearance/authentication.rb
108		-- lib/clearance/extensions
109		-- lib/clearance/extensions/errors.rb
110		-- lib/clearance/extensions/rescue.rb
111		-- lib/clearance/extensions/routes.rb
112		-- lib/clearance/user.rb
113		-- lib/clearance.rb
114		-- shoulda_macros/clearance.rb
115		-- rails/init.rb
116		-has_rdoc: true
117		-homepage: http://github.com/thoughtbot/clearance
118		-licenses: []
119		-
120		-post_install_message:
121		-rdoc_options: []
122		-
123		-require_paths:
124		-- lib
125		-required_ruby_version: !ruby/object:Gem::Requirement
126		- requirements:
127		- - - ">="
128		- - !ruby/object:Gem::Version
129		- version: "0"
130		- version:
131		-required_rubygems_version: !ruby/object:Gem::Requirement
132		- requirements:
133		- - - ">="
134		- - !ruby/object:Gem::Version
135		- version: "0"
136		- version:
137		-requirements: []
138		-
139		-rubyforge_project:
140		-rubygems_version: 1.3.4
141		-signing_key:
142		-specification_version: 3
143		-summary: Rails authentication with email & password.
144		-test_files: []
145		-
...	...	@@ -1,176 +0,0 @@
1		-h2. 0.7.0 (08/04/2009)
2		-
3		-* Redirect signed in user who clicks confirmation link again. (Dan Croak)
4		-* Redirect signed out user who clicks confirmation link again. (Dan Croak)
5		-* Added signed_out? convenience method for controllers, helpers, views. (Dan
6		-Croak)
7		-* Added clearance_views generator. By default, creates formtastic views which
8		-pass all tests and features. (Dan Croak)
9		-
10		-h2. 0.6.9 (07/04/2009)
11		-
12		-* Added timestamps to create users migration. (Dan Croak)
13		-* Ready for Ruby 1.9. (Jason Morrison, Nick Quaranto)
14		-
15		-h2. 0.6.8 (06/24/2009)
16		-
17		-* Added defined? checks for various Rails constants such as ActionController
18		-for easier unit testing of Clearance extensions... particularly ActiveRecord
19		-extensions... particularly strong_password. (Dan Croak)
20		-
21		-h2. 0.6.7 (06/13/2009)
22		-
23		-* [#30] Added sign_up, sign_in, sign_out named routes. (Dan Croak)
24		-* [#22] Minimizing Reek smell: Duplication in redirect_back_or. (Dan Croak)
25		-* Deprecated sign_user_in. Told developers to use sign_in instead. (Dan
26		-Croak)
27		-* [#16] flash_success_after_create, flash_notice_after_create, flash_failure_after_create, flash_sucess_after_update, flash_success_after_destroy, etc. (Dan Croak)
28		-* [#17] bug. added #create to forbidden before_filters on confirmations controller. (Dan Croak)
29		-* [#24] should_be_signed_in_as shouldn't look in the session. (Dan Croak)
30		-* README improvements. (Dan Croak)
31		-* Move routes loading to separate file. (Joshua Clayton)
32		-
33		-h2. 0.6.6 (05/18/2009)
34		-
35		-* [#14] replaced class_eval in Clearance::User with modules. This was needed
36		-in a thoughtbot client app so we could write our own validations. (Dan Croak)
37		-
38		-h2. 0.6.5 (05/17/2009)
39		-
40		-* [#6] Make Clearance i18n aware. (Timur Vafin, Marcel Goerner, Eugene Bolshakov, Dan Croak)
41		-
42		-h2. 0.6.4 (05/12/2009)
43		-
44		-* Moved issue tracking to Github from Lighthouse. (Dan Croak)
45		-* [#7] asking higher-level questions of controllers in webrat steps, such as signed_in? instead of what's in the session. same for accessors. (Dan Croak)
46		-* [#11] replacing sign_in_as & sign_out shoulda macros with a stubbing (requires no dependency) approach. this will avoid dealing with the internals of current_user, such as session & cookies. added sign_in macro which signs in an email confirmed user from clearance's factories. (Dan Croak)
47		-* [#13] move private methods on sessions controller into Clearance::Authentication module (Dan Croak)
48		-* [#9] audited flash keys. (Dan Croak)
49		-
50		-h2. 0.6.3 (04/23/2009)
51		-
52		-* Scoping ClearanceMailer properly within controllers so it works in production environments. (Nick Quaranto)
53		-
54		-h2. 0.6.2 (04/22/2009)
55		-
56		-* Insert Clearance::User into User model if it exists. (Nick Quaranto)
57		-* World(NavigationHelpers) Cucumber 3.0 style. (Shay Arnett & Mark Cornick)
58		-
59		-h2. 0.6.1 (04/21/2009)
60		-* Scope operators are necessary to keep Rails happy. Reverting the original
61		-revert so they're back in the library now for constants referenced inside of
62		-the gem. (Nick Quaranto)
63		-
64		-h2. 0.6.0 (04/21/2009)
65		-
66		-* Converted Clearance to a Rails engine. (Dan Croak & Joe Ferris)
67		-* Include Clearance::User in User model in app. (Dan Croak & Joe Ferris)
68		-* Include Clearance::Authentication in ApplicationController. (Dan Croak & Joe Ferris)
69		-* Namespace controllers under Clearance. (Dan Croak & Joe Ferris)
70		-* Routes move to engine, use namespaced controllers but publicly the same. (Dan Croak & Joe Ferris)
71		-* If you want to override a controller, subclass it like SessionsController <
72		-Clearance::SessionsController. This gives you access to usual hooks such as
73		-url_after_create. (Dan Croak & Joe Ferris)
74		-* Controllers, mailer, model, routes all unit tested inside engine. Use
75		-script/generate clearance_features to test integration of Clearance with your
76		-Rails app. No longer including modules in your app's test files. (Dan Croak & Joe Ferris)
77		-* Moved views to engine. (Joe Ferris)
78		-* Converted generated test/factories/clearance.rb to use inheritence for
79		-email_confirmed_user. (Dan Croak)
80		-* Corrected some spelling errors with methods (Nick Quaranto)
81		-* Converted "I should see error messages" to use a regex in the features (Nick
82		-Quaranto)
83		-* Loading clearance routes after rails routes via some monkeypatching (Nick
84		-Quaranto)
85		-* Made the clearance controllers unloadable to stop constant loading errors in
86		-development mode (Nick Quaranto)
87		-
88		-h2. 0.5.6 (4/11/2009)
89		-
90		-* [#57] Step definition changed for "User should see error messages" so
91		-features won't fail for certain validations. (Nick Quaranto)
92		-
93		-h2. 0.5.5 (3/23/2009)
94		-
95		-* Removing duplicate test to get rid of warning. (Nick Quaranto)
96		-
97		-h2. 0.5.4 (3/21/2009)
98		-
99		-* When users fail logging in, redirect them instead of rendering. (Matt
100		-Jankowski)
101		-
102		-h2. 0.5.3 (3/5/2009)
103		-
104		-* Clearance now works with (and requires) Shoulda 2.10.0. (Mark Cornick, Joe
105		-Ferris, Dan Croak)
106		-* Prefer flat over nested contexts in sessions_controller_test. (Joe Ferris,
107		-Dan Croak)
108		-
109		-h2. 0.5.2 (3/2/2009)
110		-
111		-* Fixed last remaining errors in Rails 2.3 tests. Now fully compatible. (Joe
112		-Ferris, Dan Croak)
113		-
114		-h2. 0.5.1 (2/27/2009)
115		-
116		-* [#46] A user with unconfirmed email who resets password now confirms email.
117		-(Marcel Görner)
118		-* Refactored user_from_cookie, user_from_session, User#authenticate to use
119		-more direct return code instead of ugly, harder to read ternary. (Dan Croak)
120		-* Switch order of cookies and sessions to take advantage of Rails 2.3's "Rack-based lazy-loaded sessions":http://is.gd/i23E. (Dan Croak)
121		-* Altered generator to interact with application_controller.rb instead of
122		-application.rb in Rails 2.3 apps. (Dan Croak)
123		-* [#42] Bug fix. Rack-based session change altered how to test remember me
124		-cookie. (Mihai Anca)
125		-
126		-h2. 0.5.0 (2/27/2009)
127		-
128		-* Fixed problem with Cucumber features. (Dan Croak)
129		-* Fixed mising HTTP fluency use case. (Dan Croak)
130		-* Refactored User#update_password to take just parameters it needs. (Dan
131		-Croak)
132		-* Refactored User unit tests to be more readable. (Dan Croak)
133		-
134		-h2. 0.4.9 (2/20/2009)
135		-
136		-* Protect passwords & confirmations actions with forbidden filters. (Dan Croak)
137		-* Return 403 Forbidden status code in those cases. (Tim Pope)
138		-* Test 403 Forbidden status code in Cucumber feature. (Dan Croak, Joe Ferris)
139		-* Raise custom ActionController::Forbidden error internally. (Joe Ferris, Mike Burns, Jason Morrison)
140		-* Test ActionController::Forbidden error is raised in functional test. (Joe Ferris, Mike Burns, Dan Croak)
141		-* [#45] Fixed bug that allowed anyone to edit another user's password (Marcel Görner)
142		-* Required Factory Girl >= 1.2.0. (Dan Croak)
143		-
144		-h2. 0.4.8 (2/16/2009)
145		-
146		-* Added support paths for Cucumber. (Ben Mabey)
147		-* Added documentation for the flash. (Ben Mabey)
148		-* Generators require "test_helper" instead of File.join. for rr compatibility. (Joe Ferris)
149		-* Removed interpolated email address from flash message to make i18n easier. (Bence Nagy)
150		-* Standardized flash messages that refer to email delivery. (Dan Croak)
151		-
152		-h2. 0.4.7 (2/12/2009)
153		-
154		-* Removed Clearance::Test::TestHelper so there is one less setup step. (Dan Croak)
155		-* All test helpers now in shoulda_macros. (Dan Croak)
156		-
157		-h2. 0.4.6 (2/11/2009)
158		-
159		-* Made the modules behave like mixins again. (hat-tip Eloy Duran)
160		-* Created Actions and PrivateMethods modules on controllers for future RDoc reasons. (Dan Croak, Joe Ferris)
161		-
162		-h2. 0.4.5 (2/9/2009)
163		-
164		-* [#43] Removed email downcasing because local-part is case sensitive per RFC5321. (Dan Croak)
165		-* [#42] Removed dependency on Mocha. (Dan Croak)
166		-* Required Shoulda >= 2.9.1. (Dan Croak)
167		-* Added password reset feature to clearance_features generator. (Eugene Bolshakov, Dan Croak)
168		-* Removed unnecessary session[:salt]. (Dan Croak)
169		-* [#41] Only store location for session[:return_to] for GET requests. (Dan Croak)
170		-* Audited "sign up" naming convention. "Register" had slipped in a few places. (Dan Croak)
171		-* Switched to SHA1 encryption. Cypher doesn't matter much for email confirmation, password reset. Better to have shorter hashes in the emails for clients who line break on 72 chars. (Dan Croak)
172		-
173		-h2. 0.4.4 (2/2/2009)
174		-
175		-* Added a generator for Cucumber features. (Joe Ferris, Dan Croak)
176		-* Standarized naming for "Sign up," "Sign in," and "Sign out". (Dan Croak)
...	...	@@ -1,21 +0,0 @@
1		-The MIT License
2		-
3		-Copyright (c) 2008 thoughtbot, inc.
4		-
5		-Permission is hereby granted, free of charge, to any person obtaining a copy
6		-of this software and associated documentation files (the "Software"), to deal
7		-in the Software without restriction, including without limitation the rights
8		-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9		-copies of the Software, and to permit persons to whom the Software is
10		-furnished to do so, subject to the following conditions:
11		-
12		-The above copyright notice and this permission notice shall be included in
13		-all copies or substantial portions of the Software.
14		-
15		-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16		-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17		-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18		-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19		-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20		-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21		-THE SOFTWARE.
...	...	@@ -1,123 +0,0 @@
1		-h1. Clearance
2		-
3		-Rails authentication with email & password.
4		-
5		-"We have clearance, Clarence.":http://www.youtube.com/v/mNRXJEE3Nz8
6		-
7		-h2. Wiki
8		-
9		-Most information regarding Clearance is on the "Github Wiki":http://wiki.github.com/thoughtbot/clearance.
10		-
11		-h2. Installation
12		-
13		-Clearance is a Rails engine. It works with versions of Rails greater than 2.3.
14		-
15		-In config/environment.rb:
16		-
17		-<pre>
18		-config.gem "thoughtbot-clearance",
19		- :lib => 'clearance',
20		- :source => 'http://gems.github.com',
21		- :version => '0.6.9'
22		-</pre>
23		-
24		-Vendor the gem:
25		-
26		-<pre>
27		-rake gems:install
28		-rake gems:unpack
29		-</pre>
30		-
31		-Make sure the development database exists and run the generator:
32		-
33		-@script/generate clearance@
34		-
35		-A number of files will be created and instructions will be printed.
36		-
37		-You may already have some of these files. Don't worry. You'll be asked if you want to overwrite them.
38		-
39		-Run the migration:
40		-
41		-@rake db:migrate@
42		-
43		-Define a HOST constant in your environment files.
44		-In config/environments/test.rb and config/environments/development.rb it can be:
45		-
46		-@HOST = "localhost"@
47		-
48		-In production.rb it must be the actual host your application is deployed to.
49		-The constant is used by mailers to generate URLs in emails.
50		-
51		-In config/environment.rb:
52		-
53		-@DO_NOT_REPLY = "donotreply@example.com"@
54		-
55		-Define root_url to something in your config/routes.rb:
56		-
57		-@map.root :controller => 'home'@
58		-
59		-h2. Cucumber Features
60		-
61		-As your app evolves, you want to know that authentication still works. Clearance's opinion is that you should test its integration with your app using "Cucumber":http://cukes.info/.
62		-
63		-In config/environments/test.rb:
64		-
65		-<pre>
66		-config.gem 'webrat',
67		- :version => '= 0.4.4'
68		-config.gem 'cucumber',
69		- :version => '= 0.3.0'
70		-config.gem 'thoughtbot-factory_girl',
71		- :lib => 'factory_girl',
72		- :source => "http://gems.github.com",
73		- :version => '1.2.1'
74		-</pre>
75		-
76		-Vendor the gems:
77		-
78		-<pre>
79		-rake gems:install RAILS_ENV=test
80		-rake gems:unpack RAILS_ENV=test
81		-</pre>
82		-
83		-We don't vendor nokogiri due to its native extensions, so install it normally on your machine:
84		-
85		-@sudo gem install nokogiri@
86		-
87		-Run the Cucumber generator (if you haven't already) and Clearance's feature generator:
88		-
89		-<pre>
90		-script/generate cucumber
91		-script/generate clearance_features
92		-</pre>
93		-
94		-All of the files generated should be new with the exception of the features/support/paths.rb file. If you have not modified your paths.rb then you will be okay to replace it with this one. If you need to keep your paths.rb file then add these locations in your paths.rb manually:
95		-
96		-<pre>
97		-def path_to(page_name)
98		- case page_name
99		- ...
100		- when /the sign up page/i
101		- new_user_path
102		- when /the sign in page/i
103		- new_session_path
104		- when /the password reset request page/i
105		- new_password_path
106		- ...
107		-end
108		-</pre>
109		-
110		-h2. Authors
111		-
112		-Clearance was extracted out of "Hoptoad":http://hoptoadapp.com. We merged the authentication code from two of thoughtbot's clients' Rails apps and have since used it each time we need authentication. The following people have improved the library. Thank you!
113		-
114		-Dan Croak, Mike Burns, Jason Morrison, Joe Ferris, Eugene Bolshakov, Nick Quaranto, Josh Nichols, Mike Breen, Marcel Görner, Bence Nagy, Ben Mabey, Eloy Duran, Tim Pope, Mihai Anca, Mark Cornick, Shay Arnett, Joshua Clayton & Mustafa Ekim.
115		-
116		-h2. Questions?
117		-
118		-Ask the "mailing list":http://groups.google.com/group/thoughtbot-clearance
119		-
120		-h2. Suggestions, Bugs, Refactoring?
121		-
122		-Fork away and create a "Github Issue":http://github.com/thoughtbot/clearance/issues. Please don't send pull requests.
123		-
...	...	@@ -1,103 +0,0 @@
1		-# encoding: utf-8
2		-
3		-require 'rake'
4		-require 'rake/testtask'
5		-require 'cucumber/rake/task'
6		-
7		-namespace :test do
8		- Rake::TestTask.new(:basic => ["generator:cleanup",
9		- "generator:clearance",
10		- "generator:clearance_features"]) do \|task\|
11		- task.libs << "lib"
12		- task.libs << "test"
13		- task.pattern = "test/*/_test.rb"
14		- task.verbose = false
15		- end
16		-
17		- Rake::TestTask.new(:views => ["generator:clearance_views"]) do \|task\|
18		- task.libs << "lib"
19		- task.libs << "test"
20		- task.pattern = "test/*/_test.rb"
21		- task.verbose = false
22		- end
23		-
24		- Cucumber::Rake::Task.new(:features) do \|t\|
25		- t.cucumber_opts = "--format progress"
26		- t.feature_pattern = "test/rails_root/features/*.feature"
27		- end
28		-
29		- Cucumber::Rake::Task.new(:features_for_views) do \|t\|
30		- t.cucumber_opts = "--format progress"
31		- t.feature_pattern = "test/rails_root/features/*.feature"
32		- end
33		-end
34		-
35		-generators = %w(clearance clearance_features clearance_views)
36		-
37		-namespace :generator do
38		- desc "Cleans up the test app before running the generator"
39		- task :cleanup do
40		- generators.each do \|generator\|
41		- FileList["generators/#{generator}/templates/*/.*"].each do \|each\|
42		- file = "test/rails_root/#{each.gsub("generators/#{generator}/templates/",'')}"
43		- File.delete(file) if File.exists?(file)
44		- end
45		- end
46		-
47		- FileList["test/rails_root/db/*/"].each do \|each\|
48		- FileUtils.rm_rf(each)
49		- end
50		-
51		- FileUtils.rm_rf("test/rails_root/vendor/plugins/clearance")
52		- FileUtils.mkdir_p("test/rails_root/vendor/plugins")
53		- clearance_root = File.expand_path(File.dirname(__FILE__))
54		- system("ln -s #{clearance_root} test/rails_root/vendor/plugins/clearance")
55		-
56		- FileUtils.rm_rf("test/rails_root/app/views/passwords")
57		- FileUtils.rm_rf("test/rails_root/app/views/sessions")
58		- FileUtils.rm_rf("test/rails_root/app/views/users")
59		- end
60		-
61		- desc "Run the clearance generator"
62		- task :clearance do
63		- system "cd test/rails_root && ./script/generate clearance && rake db:migrate db:test:prepare"
64		- end
65		-
66		- desc "Run the clearance features generator"
67		- task :clearance_features do
68		- system "cd test/rails_root && ./script/generate clearance_features"
69		- end
70		-
71		- desc "Run the clearance views generator"
72		- task :clearance_views do
73		- system "cd test/rails_root && ./script/generate clearance_views"
74		- end
75		-end
76		-
77		-desc "Run the test suite"
78		-task :default => ['test:basic', 'test:features',
79		- 'test:views', 'test:features_for_views']
80		-
81		-gem_spec = Gem::Specification.new do \|gem_spec\|
82		- gem_spec.name = "clearance"
83		- gem_spec.version = "0.7.0"
84		- gem_spec.summary = "Rails authentication with email & password."
85		- gem_spec.email = "support@thoughtbot.com"
86		- gem_spec.homepage = "http://github.com/thoughtbot/clearance"
87		- gem_spec.description = "Rails authentication with email & password."
88		- gem_spec.authors = ["Dan Croak", "Mike Burns", "Jason Morrison",
89		- "Joe Ferris", "Eugene Bolshakov", "Nick Quaranto",
90		- "Josh Nichols", "Mike Breen", "Marcel Görner",
91		- "Bence Nagy", "Ben Mabey", "Eloy Duran",
92		- "Tim Pope", "Mihai Anca", "Mark Cornick",
93		- "Shay Arnett"]
94		- gem_spec.files = FileList["[A-Z]", "{app,config,generators,lib,shoulda_macros,rails}//"]
95		-end
96		-
97		-desc "Generate a gemspec file"
98		-task :gemspec do
99		- File.open("#{gem_spec.name}.gemspec", 'w') do \|f\|
100		- f.write gem_spec.to_yaml
101		- end
102		-end
103		-
...	...	@@ -1,6 +0,0 @@
1		-h1. To-do
2		-
3		-* Make insertion of Clearance::User into User model automatic from the generator.
4		-* Change generated README to include instruction about running the migration.
5		-* DO_NOT_REPLY, HOST refactoring.
6		-
...	...	@@ -1,73 +0,0 @@
1		-class Clearance::ConfirmationsController < ApplicationController
2		- unloadable
3		-
4		- before_filter :redirect_signed_in_confirmed_user, :only => [:new, :create]
5		- before_filter :redirect_signed_out_confirmed_user, :only => [:new, :create]
6		- before_filter :forbid_missing_token, :only => [:new, :create]
7		- before_filter :forbid_non_existent_user, :only => [:new, :create]
8		-
9		- filter_parameter_logging :token
10		-
11		- def new
12		- create
13		- end
14		-
15		- def create
16		- @user = ::User.find_by_id_and_token(params[:user_id], params[:token])
17		- @user.confirm_email!
18		-
19		- sign_in(@user)
20		- flash_success_after_create
21		- redirect_to(url_after_create)
22		- end
23		-
24		- private
25		-
26		- def redirect_signed_in_confirmed_user
27		- user = ::User.find_by_id(params[:user_id])
28		- if user && user.email_confirmed? && current_user == user
29		- flash_success_after_create
30		- redirect_to(url_after_create)
31		- end
32		- end
33		-
34		- def redirect_signed_out_confirmed_user
35		- user = ::User.find_by_id(params[:user_id])
36		- if user && user.email_confirmed? && signed_out?
37		- flash_already_confirmed
38		- redirect_to(url_already_confirmed)
39		- end
40		- end
41		-
42		- def forbid_missing_token
43		- if params[:token].blank?
44		- raise ActionController::Forbidden, "missing token"
45		- end
46		- end
47		-
48		- def forbid_non_existent_user
49		- unless ::User.find_by_id_and_token(params[:user_id], params[:token])
50		- raise ActionController::Forbidden, "non-existent user"
51		- end
52		- end
53		-
54		- def flash_success_after_create
55		- flash[:success] = translate(:confirmed_email,
56		- :scope => [:clearance, :controllers, :confirmations],
57		- :default => "Confirmed email and signed in.")
58		- end
59		-
60		- def flash_already_confirmed
61		- flash[:success] = translate(:already_confirmed_email,
62		- :scope => [:clearance, :controllers, :confirmations],
63		- :default => "Already confirmed email. Please sign in.")
64		- end
65		-
66		- def url_after_create
67		- root_url
68		- end
69		-
70		- def url_already_confirmed
71		- sign_in_url
72		- end
73		-end
...	...	@@ -1,81 +0,0 @@
1		-class Clearance::PasswordsController < ApplicationController
2		- unloadable
3		-
4		- before_filter :forbid_missing_token, :only => [:edit, :update]
5		- before_filter :forbid_non_existent_user, :only => [:edit, :update]
6		- filter_parameter_logging :password, :password_confirmation
7		-
8		- def new
9		- render :template => 'passwords/new'
10		- end
11		-
12		- def create
13		- if user = ::User.find_by_email(params[:password][:email])
14		- user.forgot_password!
15		- ::ClearanceMailer.deliver_change_password user
16		- flash_notice_after_create
17		- redirect_to(url_after_create)
18		- else
19		- flash_failure_after_create
20		- render :template => 'passwords/new'
21		- end
22		- end
23		-
24		- def edit
25		- @user = ::User.find_by_id_and_token(params[:user_id], params[:token])
26		- render :template => 'passwords/edit'
27		- end
28		-
29		- def update
30		- @user = ::User.find_by_id_and_token(params[:user_id], params[:token])
31		-
32		- if @user.update_password(params[:user][:password],
33		- params[:user][:password_confirmation])
34		- @user.confirm_email!
35		- sign_in(@user)
36		- flash_success_after_update
37		- redirect_to(url_after_update)
38		- else
39		- render :template => 'passwords/edit'
40		- end
41		- end
42		-
43		- private
44		-
45		- def forbid_missing_token
46		- if params[:token].blank?
47		- raise ActionController::Forbidden, "missing token"
48		- end
49		- end
50		-
51		- def forbid_non_existent_user
52		- unless ::User.find_by_id_and_token(params[:user_id], params[:token])
53		- raise ActionController::Forbidden, "non-existent user"
54		- end
55		- end
56		-
57		- def flash_notice_after_create
58		- flash[:notice] = translate(:deliver_change_password,
59		- :scope => [:clearance, :controllers, :passwords],
60		- :default => "You will receive an email within the next few minutes. " <<
61		- "It contains instructions for changing your password.")
62		- end
63		-
64		- def flash_failure_after_create
65		- flash.now[:failure] = translate(:unknown_email,
66		- :scope => [:clearance, :controllers, :passwords],
67		- :default => "Unknown email.")
68		- end
69		-
70		- def url_after_create
71		- new_session_url
72		- end
73		-
74		- def flash_success_after_update
75		- flash[:success] = translate(:signed_in, :default => "Signed in.")
76		- end
77		-
78		- def url_after_update
79		- root_url
80		- end
81		-end
...	...	@@ -1,67 +0,0 @@
1		-class Clearance::SessionsController < ApplicationController
2		- unloadable
3		-
4		- protect_from_forgery :except => :create
5		- filter_parameter_logging :password
6		-
7		- def new
8		- render :template => 'sessions/new'
9		- end
10		-
11		- def create
12		- @user = ::User.authenticate(params[:session][:email],
13		- params[:session][:password])
14		- if @user.nil?
15		- flash_failure_after_create
16		- render :template => 'sessions/new', :status => :unauthorized
17		- else
18		- if @user.email_confirmed?
19		- sign_in(@user)
20		- remember(@user) if remember?
21		- flash_success_after_create
22		- redirect_back_or(url_after_create)
23		- else
24		- ::ClearanceMailer.deliver_confirmation(@user)
25		- flash_notice_after_create
26		- redirect_to(new_session_url)
27		- end
28		- end
29		- end
30		-
31		- def destroy
32		- forget(current_user)
33		- flash_success_after_destroy
34		- redirect_to(url_after_destroy)
35		- end
36		-
37		- private
38		-
39		- def flash_failure_after_create
40		- flash.now[:failure] = translate(:bad_email_or_password,
41		- :scope => [:clearance, :controllers, :sessions],
42		- :default => "Bad email or password.")
43		- end
44		-
45		- def flash_success_after_create
46		- flash[:success] = translate(:signed_in, :default => "Signed in.")
47		- end
48		-
49		- def flash_notice_after_create
50		- flash[:notice] = translate(:unconfirmed_email,
51		- :scope => [:clearance, :controllers, :sessions],
52		- :default => "User has not confirmed email. " <<
53		- "Confirmation email will be resent.")
54		- end
55		-
56		- def url_after_create
57		- root_url
58		- end
59		-
60		- def flash_success_after_destroy
61		- flash[:success] = translate(:signed_out, :default => "Signed out.")
62		- end
63		-
64		- def url_after_destroy
65		- new_session_url
66		- end
67		-end