removing clearance plugin. adding clearance 0.7.0 gem.

Dan Croak
1 parent 44e775fe
Showing 175 changed files with 2119 additions and 11336 deletions Show diff stats
vendor/gems/thoughtbot-clearance-0.7.0/.specification
vendor/gems/thoughtbot-clearance-0.7.0/CHANGELOG.textile
vendor/gems/thoughtbot-clearance-0.7.0/LICENSE
vendor/gems/thoughtbot-clearance-0.7.0/README.textile
vendor/gems/thoughtbot-clearance-0.7.0/Rakefile
vendor/gems/thoughtbot-clearance-0.7.0/TODO.textile
vendor/gems/thoughtbot-clearance-0.7.0/app/controllers/clearance/confirmations_controller.rb
vendor/gems/thoughtbot-clearance-0.7.0/app/controllers/clearance/passwords_controller.rb
vendor/gems/thoughtbot-clearance-0.7.0/app/controllers/clearance/sessions_controller.rb
vendor/gems/thoughtbot-clearance-0.7.0/app/controllers/clearance/users_controller.rb
vendor/gems/thoughtbot-clearance-0.7.0/app/models/clearance_mailer.rb
vendor/gems/thoughtbot-clearance-0.7.0/app/views/clearance_mailer/change_password.html.erb
vendor/gems/thoughtbot-clearance-0.7.0/app/views/clearance_mailer/confirmation.html.erb
vendor/gems/thoughtbot-clearance-0.7.0/app/views/passwords/edit.html.erb
vendor/gems/thoughtbot-clearance-0.7.0/app/views/passwords/new.html.erb
vendor/gems/thoughtbot-clearance-0.7.0/app/views/sessions/new.html.erb
vendor/gems/thoughtbot-clearance-0.7.0/app/views/users/_form.html.erb
vendor/gems/thoughtbot-clearance-0.7.0/app/views/users/new.html.erb
vendor/gems/thoughtbot-clearance-0.7.0/config/clearance_routes.rb
vendor/gems/thoughtbot-clearance-0.7.0/generators/clearance/USAGE
@@ -0,0 +1,145 @@
+--- !ruby/object:Gem::Specification 
+name: thoughtbot-clearance
+version: !ruby/object:Gem::Version 
+  version: 0.7.0
+platform: ruby
+authors: 
+- Dan Croak
+- Mike Burns
+- Jason Morrison
+- Joe Ferris
+- Eugene Bolshakov
+- Nick Quaranto
+- Josh Nichols
+- Mike Breen
+- "Marcel G\xC3\xB6rner"
+- Bence Nagy
+- Ben Mabey
+- Eloy Duran
+- Tim Pope
+- Mihai Anca
+- Mark Cornick
+- Shay Arnett
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2009-08-04 00:00:00 -04:00
+default_executable: 
+dependencies: []
+
+description: Rails authentication with email & password.
+email: support@thoughtbot.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- CHANGELOG.textile
+- LICENSE
+- Rakefile
+- README.textile
+- TODO.textile
+- app/controllers
+- app/controllers/clearance
+- app/controllers/clearance/confirmations_controller.rb
+- app/controllers/clearance/passwords_controller.rb
+- app/controllers/clearance/sessions_controller.rb
+- app/controllers/clearance/users_controller.rb
+- app/models
+- app/models/clearance_mailer.rb
+- app/views
+- app/views/clearance_mailer
+- app/views/clearance_mailer/change_password.html.erb
+- app/views/clearance_mailer/confirmation.html.erb
+- app/views/passwords
+- app/views/passwords/edit.html.erb
+- app/views/passwords/new.html.erb
+- app/views/sessions
+- app/views/sessions/new.html.erb
+- app/views/users
+- app/views/users/_form.html.erb
+- app/views/users/new.html.erb
+- config/clearance_routes.rb
+- generators/clearance
+- generators/clearance/clearance_generator.rb
+- generators/clearance/lib
+- generators/clearance/lib/insert_commands.rb
+- generators/clearance/lib/rake_commands.rb
+- generators/clearance/templates
+- generators/clearance/templates/factories.rb
+- generators/clearance/templates/migrations
+- generators/clearance/templates/migrations/create_users.rb
+- generators/clearance/templates/migrations/update_users.rb
+- generators/clearance/templates/README
+- generators/clearance/templates/user.rb
+- generators/clearance/USAGE
+- generators/clearance_features
+- generators/clearance_features/clearance_features_generator.rb
+- generators/clearance_features/templates
+- generators/clearance_features/templates/features
+- generators/clearance_features/templates/features/password_reset.feature
+- generators/clearance_features/templates/features/sign_in.feature
+- generators/clearance_features/templates/features/sign_out.feature
+- generators/clearance_features/templates/features/sign_up.feature
+- generators/clearance_features/templates/features/step_definitions
+- generators/clearance_features/templates/features/step_definitions/clearance_steps.rb
+- generators/clearance_features/templates/features/step_definitions/factory_girl_steps.rb
+- generators/clearance_features/templates/features/support
+- generators/clearance_features/templates/features/support/paths.rb
+- generators/clearance_features/USAGE
+- generators/clearance_views
+- generators/clearance_views/clearance_views_generator.rb
+- generators/clearance_views/templates
+- generators/clearance_views/templates/formtastic
+- generators/clearance_views/templates/formtastic/passwords
+- generators/clearance_views/templates/formtastic/passwords/edit.html.erb
+- generators/clearance_views/templates/formtastic/passwords/new.html.erb
+- generators/clearance_views/templates/formtastic/sessions
+- generators/clearance_views/templates/formtastic/sessions/new.html.erb
+- generators/clearance_views/templates/formtastic/users
+- generators/clearance_views/templates/formtastic/users/_inputs.html.erb
+- generators/clearance_views/templates/formtastic/users/new.html.erb
+- generators/clearance_views/USAGE
+- lib/clearance
+- lib/clearance/authentication.rb
+- lib/clearance/extensions
+- lib/clearance/extensions/errors.rb
+- lib/clearance/extensions/rescue.rb
+- lib/clearance/extensions/routes.rb
+- lib/clearance/user.rb
+- lib/clearance.rb
+- shoulda_macros/clearance.rb
+- rails/init.rb
+has_rdoc: true
+homepage: http://github.com/thoughtbot/clearance
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.4
+signing_key: 
+specification_version: 3
+summary: Rails authentication with email & password.
+test_files: []
+
@@ -0,0 +1,176 @@
+h2. 0.7.0 (08/04/2009)
+
+* Redirect signed in user who clicks confirmation link again. (Dan Croak)
+* Redirect signed out user who clicks confirmation link again. (Dan Croak)
+* Added signed_out? convenience method for controllers, helpers, views. (Dan
+Croak)
+* Added clearance_views generator. By default, creates formtastic views which
+pass all tests and features. (Dan Croak)
+
+h2. 0.6.9 (07/04/2009)
+
+* Added timestamps to create users migration. (Dan Croak)
+* Ready for Ruby 1.9. (Jason Morrison, Nick Quaranto)
+
+h2. 0.6.8 (06/24/2009)
+
+* Added defined? checks for various Rails constants such as ActionController
+for easier unit testing of Clearance extensions... particularly ActiveRecord
+extensions... particularly strong_password. (Dan Croak)
+
+h2. 0.6.7 (06/13/2009)
+
+* [#30] Added sign_up, sign_in, sign_out named routes. (Dan Croak)
+* [#22] Minimizing Reek smell: Duplication in redirect_back_or. (Dan Croak)
+* Deprecated sign_user_in. Told developers to use sign_in instead. (Dan
+Croak)
+* [#16] flash_success_after_create, flash_notice_after_create, flash_failure_after_create, flash_sucess_after_update, flash_success_after_destroy, etc. (Dan Croak)
+* [#17] bug. added #create to forbidden before_filters on confirmations controller. (Dan Croak)
+* [#24] should_be_signed_in_as shouldn't look in the session. (Dan Croak)
+* README improvements. (Dan Croak)
+* Move routes loading to separate file. (Joshua Clayton)
+
+h2. 0.6.6 (05/18/2009)
+
+* [#14] replaced class_eval in Clearance::User with modules. This was needed
+in a thoughtbot client app so we could write our own validations. (Dan Croak)
+
+h2. 0.6.5 (05/17/2009)
+
+* [#6] Make Clearance i18n aware. (Timur Vafin, Marcel Goerner, Eugene Bolshakov, Dan Croak)
+
+h2. 0.6.4 (05/12/2009)
+
+* Moved issue tracking to Github from Lighthouse. (Dan Croak)
+* [#7] asking higher-level questions of controllers in webrat steps, such as signed_in? instead of what's in the session. same for accessors. (Dan Croak)
+* [#11] replacing sign_in_as & sign_out shoulda macros with a stubbing (requires no dependency) approach. this will avoid dealing with the internals of current_user, such as session & cookies. added sign_in macro which signs in an email confirmed user from clearance's factories. (Dan Croak)
+* [#13] move private methods on sessions controller into Clearance::Authentication module (Dan Croak)
+* [#9] audited flash keys. (Dan Croak)
+
+h2. 0.6.3 (04/23/2009)
+
+* Scoping ClearanceMailer properly within controllers so it works in production environments. (Nick Quaranto)
+
+h2. 0.6.2 (04/22/2009)
+
+* Insert Clearance::User into User model if it exists. (Nick Quaranto)
+* World(NavigationHelpers) Cucumber 3.0 style. (Shay Arnett & Mark Cornick)
+
+h2. 0.6.1 (04/21/2009)
+* Scope operators are necessary to keep Rails happy. Reverting the original
+revert so they're back in the library now for constants referenced inside of
+the gem. (Nick Quaranto)
+
+h2. 0.6.0 (04/21/2009)
+
+* Converted Clearance to a Rails engine. (Dan Croak & Joe Ferris)
+* Include Clearance::User in User model in app. (Dan Croak & Joe Ferris)
+* Include Clearance::Authentication in ApplicationController. (Dan Croak & Joe Ferris)
+* Namespace controllers under Clearance. (Dan Croak & Joe Ferris)
+* Routes move to engine, use namespaced controllers but publicly the same. (Dan Croak & Joe Ferris)
+* If you want to override a controller, subclass it like SessionsController <
+Clearance::SessionsController. This gives you access to usual hooks such as
+url_after_create. (Dan Croak & Joe Ferris)
+* Controllers, mailer, model, routes all unit tested inside engine. Use
+script/generate clearance_features to test integration of Clearance with your
+Rails app. No longer including modules in your app's test files. (Dan Croak & Joe Ferris)
+* Moved views to engine. (Joe Ferris)
+* Converted generated test/factories/clearance.rb to use inheritence for
+email_confirmed_user. (Dan Croak)
+* Corrected some spelling errors with methods (Nick Quaranto)
+* Converted "I should see error messages" to use a regex in the features (Nick
+Quaranto)
+* Loading clearance routes after rails routes via some monkeypatching (Nick
+Quaranto)
+* Made the clearance controllers unloadable to stop constant loading errors in
+development mode (Nick Quaranto)
+
+h2. 0.5.6 (4/11/2009)
+
+* [#57] Step definition changed for "User should see error messages" so
+features won't fail for certain validations. (Nick Quaranto)
+
+h2. 0.5.5 (3/23/2009)
+
+* Removing duplicate test to get rid of warning. (Nick Quaranto)
+
+h2. 0.5.4 (3/21/2009)
+
+* When users fail logging in, redirect them instead of rendering. (Matt
+Jankowski)
+
+h2. 0.5.3 (3/5/2009)
+
+* Clearance now works with (and requires) Shoulda 2.10.0. (Mark Cornick, Joe
+Ferris, Dan Croak)
+* Prefer flat over nested contexts in sessions_controller_test. (Joe Ferris,
+Dan Croak)
+
+h2. 0.5.2 (3/2/2009)
+
+* Fixed last remaining errors in Rails 2.3 tests. Now fully compatible. (Joe
+Ferris, Dan Croak)
+
+h2. 0.5.1 (2/27/2009)
+
+* [#46] A user with unconfirmed email who resets password now confirms email.
+(Marcel Görner)
+* Refactored user_from_cookie, user_from_session, User#authenticate to use
+more direct return code instead of ugly, harder to read ternary. (Dan Croak)
+* Switch order of cookies and sessions to take advantage of Rails 2.3's "Rack-based lazy-loaded sessions":http://is.gd/i23E. (Dan Croak)
+* Altered generator to interact with application_controller.rb instead of
+application.rb in Rails 2.3 apps. (Dan Croak)
+* [#42] Bug fix. Rack-based session change altered how to test remember me
+cookie. (Mihai Anca)
+
+h2. 0.5.0 (2/27/2009)
+
+* Fixed problem with Cucumber features. (Dan Croak)
+* Fixed mising HTTP fluency use case. (Dan Croak)
+* Refactored User#update_password to take just parameters it needs. (Dan
+Croak)
+* Refactored User unit tests to be more readable. (Dan Croak)
+
+h2. 0.4.9 (2/20/2009)
+
+* Protect passwords & confirmations actions with forbidden filters. (Dan Croak)
+* Return 403 Forbidden status code in those cases. (Tim Pope)
+* Test 403 Forbidden status code in Cucumber feature. (Dan Croak, Joe Ferris)
+* Raise custom ActionController::Forbidden error internally. (Joe Ferris, Mike Burns, Jason Morrison)
+* Test ActionController::Forbidden error is raised in functional test. (Joe Ferris, Mike Burns, Dan Croak)
+* [#45] Fixed bug that allowed anyone to edit another user's password (Marcel Görner)
+* Required Factory Girl >= 1.2.0. (Dan Croak)
+
+h2. 0.4.8 (2/16/2009)
+
+* Added support paths for Cucumber. (Ben Mabey)
+* Added documentation for the flash. (Ben Mabey)
+* Generators require "test_helper" instead of File.join. for rr compatibility. (Joe Ferris)
+* Removed interpolated email address from flash message to make i18n easier. (Bence Nagy)
+* Standardized flash messages that refer to email delivery. (Dan Croak)
+
+h2. 0.4.7 (2/12/2009)
+
+* Removed Clearance::Test::TestHelper so there is one less setup step. (Dan Croak)
+* All test helpers now in shoulda_macros. (Dan Croak)
+
+h2. 0.4.6 (2/11/2009)
+
+* Made the modules behave like mixins again. (hat-tip Eloy Duran)
+* Created Actions and PrivateMethods modules on controllers for future RDoc reasons. (Dan Croak, Joe Ferris)
+
+h2. 0.4.5 (2/9/2009)
+
+* [#43] Removed email downcasing because local-part is case sensitive per RFC5321. (Dan Croak)
+* [#42] Removed dependency on Mocha. (Dan Croak)
+* Required Shoulda >= 2.9.1. (Dan Croak)
+* Added password reset feature to clearance_features generator. (Eugene Bolshakov, Dan Croak)
+* Removed unnecessary session[:salt]. (Dan Croak)
+* [#41] Only store location for session[:return_to] for GET requests. (Dan Croak)
+* Audited "sign up" naming convention. "Register" had slipped in a few places. (Dan Croak)
+* Switched to SHA1 encryption. Cypher doesn't matter much for email confirmation, password reset. Better to have shorter hashes in the emails for clients who line break on 72 chars. (Dan Croak)
+
+h2. 0.4.4 (2/2/2009)
+
+* Added a generator for Cucumber features. (Joe Ferris, Dan Croak)
+* Standarized naming for "Sign up," "Sign in," and "Sign out". (Dan Croak) 
@@ -0,0 +1,21 @@
+The MIT License
+
+Copyright (c) 2008 thoughtbot, inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
@@ -0,0 +1,123 @@
+h1. Clearance
+
+Rails authentication with email & password.
+
+"We have clearance, Clarence.":http://www.youtube.com/v/mNRXJEE3Nz8
+
+h2. Wiki
+
+Most information regarding Clearance is on the "Github Wiki":http://wiki.github.com/thoughtbot/clearance.
+
+h2. Installation
+
+Clearance is a Rails engine. It works with versions of Rails greater than 2.3.
+
+In config/environment.rb:
+
+<pre>
+config.gem "thoughtbot-clearance", 
+  :lib     => 'clearance', 
+  :source  => 'http://gems.github.com', 
+  :version => '0.6.9'
+</pre>
+
+Vendor the gem:
+
+<pre>
+rake gems:install
+rake gems:unpack
+</pre>
+
+Make sure the development database exists and run the generator:
+
+@script/generate clearance@
+
+A number of files will be created and instructions will be printed.
+
+You may already have some of these files. Don't worry. You'll be asked if you want to overwrite them.
+
+Run the migration:
+
+@rake db:migrate@
+
+Define a HOST constant in your environment files.
+In config/environments/test.rb and config/environments/development.rb it can be:
+
+@HOST = "localhost"@
+
+In production.rb it must be the actual host your application is deployed to.
+The constant is used by mailers to generate URLs in emails.
+
+In config/environment.rb:
+
+@DO_NOT_REPLY = "donotreply@example.com"@
+
+Define root_url to *something* in your config/routes.rb:
+
+@map.root :controller => 'home'@
+
+h2. Cucumber Features
+
+As your app evolves, you want to know that authentication still works. Clearance's opinion is that you should test its integration with your app using "Cucumber":http://cukes.info/.
+
+In config/environments/test.rb:
+
+<pre>
+config.gem 'webrat',
+  :version => '= 0.4.4'
+config.gem 'cucumber',
+  :version => '= 0.3.0'
+config.gem 'thoughtbot-factory_girl',
+  :lib     => 'factory_girl',
+  :source  => "http://gems.github.com", 
+  :version => '1.2.1'
+</pre>
+
+Vendor the gems:
+
+<pre>
+rake gems:install RAILS_ENV=test
+rake gems:unpack  RAILS_ENV=test
+</pre>
+
+We don't vendor nokogiri due to its native extensions, so install it normally on your machine:
+
+@sudo gem install nokogiri@
+
+Run the Cucumber generator (if you haven't already) and Clearance's feature generator:
+
+<pre>
+script/generate cucumber
+script/generate clearance_features
+</pre>
+
+All of the files generated should be new with the exception of the features/support/paths.rb file. If you have not modified your paths.rb then you will be okay to replace it with this one. If you need to keep your paths.rb file then add these locations in your paths.rb manually:
+
+<pre>
+def path_to(page_name)
+  case page_name
+   ...
+  when /the sign up page/i
+   new_user_path
+  when /the sign in page/i
+   new_session_path
+  when /the password reset request page/i
+   new_password_path
+  ...
+end
+</pre>
+
+h2. Authors
+
+Clearance was extracted out of "Hoptoad":http://hoptoadapp.com. We merged the authentication code from two of thoughtbot's clients' Rails apps and have since used it each time we need authentication. The following people have improved the library. Thank you!
+
+Dan Croak, Mike Burns, Jason Morrison, Joe Ferris, Eugene Bolshakov, Nick Quaranto, Josh Nichols, Mike Breen, Marcel Görner, Bence Nagy, Ben Mabey, Eloy Duran, Tim Pope, Mihai Anca, Mark Cornick, Shay Arnett, Joshua Clayton & Mustafa Ekim.
+
+h2. Questions?
+
+Ask the "mailing list":http://groups.google.com/group/thoughtbot-clearance
+
+h2. Suggestions, Bugs, Refactoring?
+
+Fork away and create a "Github Issue":http://github.com/thoughtbot/clearance/issues. Please don't send pull requests.
+
@@ -0,0 +1,103 @@
+# encoding: utf-8
+
+require 'rake'
+require 'rake/testtask'
+require 'cucumber/rake/task'
+
+namespace :test do
+  Rake::TestTask.new(:basic => ["generator:cleanup",
+                                "generator:clearance",
+                                "generator:clearance_features"]) do |task|
+    task.libs << "lib"
+    task.libs << "test"
+    task.pattern = "test/**/*_test.rb"
+    task.verbose = false
+  end
+
+  Rake::TestTask.new(:views => ["generator:clearance_views"]) do |task|
+    task.libs << "lib"
+    task.libs << "test"
+    task.pattern = "test/**/*_test.rb"
+    task.verbose = false
+  end
+
+  Cucumber::Rake::Task.new(:features) do |t|
+    t.cucumber_opts   = "--format progress"
+    t.feature_pattern = "test/rails_root/features/*.feature"
+  end
+
+  Cucumber::Rake::Task.new(:features_for_views) do |t|
+    t.cucumber_opts   = "--format progress"
+    t.feature_pattern = "test/rails_root/features/*.feature"
+  end
+end
+
+generators = %w(clearance clearance_features clearance_views)
+
+namespace :generator do
+  desc "Cleans up the test app before running the generator"
+  task :cleanup do
+    generators.each do |generator|
+      FileList["generators/#{generator}/templates/**/*.*"].each do |each|
+        file = "test/rails_root/#{each.gsub("generators/#{generator}/templates/",'')}"
+        File.delete(file) if File.exists?(file)
+      end
+    end
+
+    FileList["test/rails_root/db/**/*"].each do |each| 
+      FileUtils.rm_rf(each)
+    end
+
+    FileUtils.rm_rf("test/rails_root/vendor/plugins/clearance")
+    FileUtils.mkdir_p("test/rails_root/vendor/plugins")
+    clearance_root = File.expand_path(File.dirname(__FILE__))
+    system("ln -s #{clearance_root} test/rails_root/vendor/plugins/clearance")
+
+    FileUtils.rm_rf("test/rails_root/app/views/passwords")
+    FileUtils.rm_rf("test/rails_root/app/views/sessions")
+    FileUtils.rm_rf("test/rails_root/app/views/users")
+  end
+
+  desc "Run the clearance generator"
+  task :clearance do
+    system "cd test/rails_root && ./script/generate clearance && rake db:migrate db:test:prepare"
+  end
+
+  desc "Run the clearance features generator"
+  task :clearance_features do
+    system "cd test/rails_root && ./script/generate clearance_features"
+  end
+
+  desc "Run the clearance views generator"
+  task :clearance_views do
+    system "cd test/rails_root && ./script/generate clearance_views"
+  end
+end
+
+desc "Run the test suite"
+task :default => ['test:basic', 'test:features',
+                  'test:views', 'test:features_for_views']
+
+gem_spec = Gem::Specification.new do |gem_spec|
+  gem_spec.name        = "clearance"
+  gem_spec.version     = "0.7.0"
+  gem_spec.summary     = "Rails authentication with email & password."
+  gem_spec.email       = "support@thoughtbot.com"
+  gem_spec.homepage    = "http://github.com/thoughtbot/clearance"
+  gem_spec.description = "Rails authentication with email & password."
+  gem_spec.authors     = ["Dan Croak", "Mike Burns", "Jason Morrison",
+                          "Joe Ferris", "Eugene Bolshakov", "Nick Quaranto",
+                          "Josh Nichols", "Mike Breen", "Marcel Görner",
+                          "Bence Nagy", "Ben Mabey", "Eloy Duran",
+                          "Tim Pope", "Mihai Anca", "Mark Cornick",
+                          "Shay Arnett"]
+  gem_spec.files       = FileList["[A-Z]*", "{app,config,generators,lib,shoulda_macros,rails}/**/*"]
+end
+
+desc "Generate a gemspec file"
+task :gemspec do
+  File.open("#{gem_spec.name}.gemspec", 'w') do |f|
+    f.write gem_spec.to_yaml
+  end
+end
+
@@ -0,0 +1,6 @@
+h1. To-do
+
+* Make insertion of Clearance::User into User model automatic from the generator.
+* Change generated README to include instruction about running the migration.
+* DO_NOT_REPLY, HOST refactoring.
+
@@ -0,0 +1,73 @@
+class Clearance::ConfirmationsController < ApplicationController
+  unloadable
+
+  before_filter :redirect_signed_in_confirmed_user,  :only => [:new, :create]
+  before_filter :redirect_signed_out_confirmed_user, :only => [:new, :create]
+  before_filter :forbid_missing_token,               :only => [:new, :create]
+  before_filter :forbid_non_existent_user,           :only => [:new, :create]
+
+  filter_parameter_logging :token
+
+  def new
+    create
+  end
+
+  def create
+    @user = ::User.find_by_id_and_token(params[:user_id], params[:token])
+    @user.confirm_email!
+
+    sign_in(@user)
+    flash_success_after_create
+    redirect_to(url_after_create)
+  end
+
+  private
+
+  def redirect_signed_in_confirmed_user
+    user = ::User.find_by_id(params[:user_id])
+    if user && user.email_confirmed? && current_user == user
+      flash_success_after_create
+      redirect_to(url_after_create)
+    end
+  end
+
+  def redirect_signed_out_confirmed_user
+    user = ::User.find_by_id(params[:user_id])
+    if user && user.email_confirmed? && signed_out?
+      flash_already_confirmed
+      redirect_to(url_already_confirmed)
+    end
+  end
+
+  def forbid_missing_token
+    if params[:token].blank?
+      raise ActionController::Forbidden, "missing token"
+    end
+  end
+
+  def forbid_non_existent_user
+    unless ::User.find_by_id_and_token(params[:user_id], params[:token])
+      raise ActionController::Forbidden, "non-existent user"
+    end
+  end
+
+  def flash_success_after_create
+    flash[:success] = translate(:confirmed_email,
+      :scope   => [:clearance, :controllers, :confirmations],
+      :default => "Confirmed email and signed in.")
+  end
+
+  def flash_already_confirmed
+    flash[:success] = translate(:already_confirmed_email,
+      :scope   => [:clearance, :controllers, :confirmations],
+      :default => "Already confirmed email. Please sign in.")
+  end
+
+  def url_after_create
+    root_url
+  end
+
+  def url_already_confirmed
+    sign_in_url
+  end
+end
@@ -0,0 +1,81 @@
+class Clearance::PasswordsController < ApplicationController
+  unloadable
+
+  before_filter :forbid_missing_token,     :only => [:edit, :update]
+  before_filter :forbid_non_existent_user, :only => [:edit, :update]
+  filter_parameter_logging :password, :password_confirmation
+
+  def new
+    render :template => 'passwords/new'
+  end
+
+  def create
+    if user = ::User.find_by_email(params[:password][:email])
+      user.forgot_password!
+      ::ClearanceMailer.deliver_change_password user
+      flash_notice_after_create
+      redirect_to(url_after_create)
+    else
+      flash_failure_after_create
+      render :template => 'passwords/new'
+    end
+  end
+
+  def edit
+    @user = ::User.find_by_id_and_token(params[:user_id], params[:token])
+    render :template => 'passwords/edit'
+  end
+
+  def update
+    @user = ::User.find_by_id_and_token(params[:user_id], params[:token])
+
+    if @user.update_password(params[:user][:password],
+                             params[:user][:password_confirmation])
+      @user.confirm_email!
+      sign_in(@user)
+      flash_success_after_update
+      redirect_to(url_after_update)
+    else
+      render :template => 'passwords/edit'
+    end
+  end
+
+  private
+
+  def forbid_missing_token
+    if params[:token].blank?
+      raise ActionController::Forbidden, "missing token"
+    end
+  end
+
+  def forbid_non_existent_user
+    unless ::User.find_by_id_and_token(params[:user_id], params[:token])
+      raise ActionController::Forbidden, "non-existent user"
+    end
+  end
+
+  def flash_notice_after_create
+    flash[:notice] = translate(:deliver_change_password,
+      :scope   => [:clearance, :controllers, :passwords],
+      :default => "You will receive an email within the next few minutes. " <<
+                  "It contains instructions for changing your password.")
+  end
+
+  def flash_failure_after_create
+    flash.now[:failure] = translate(:unknown_email,
+      :scope   => [:clearance, :controllers, :passwords],
+      :default => "Unknown email.")
+  end
+
+  def url_after_create
+    new_session_url
+  end
+
+  def flash_success_after_update
+    flash[:success] = translate(:signed_in, :default => "Signed in.")
+  end
+
+  def url_after_update
+    root_url
+  end
+end
@@ -0,0 +1,67 @@
+class Clearance::SessionsController < ApplicationController
+  unloadable
+
+  protect_from_forgery :except => :create
+  filter_parameter_logging :password
+
+  def new
+    render :template => 'sessions/new'
+  end
+
+  def create
+    @user = ::User.authenticate(params[:session][:email],
+                                params[:session][:password])
+    if @user.nil?
+      flash_failure_after_create
+      render :template => 'sessions/new', :status => :unauthorized
+    else
+      if @user.email_confirmed?
+        sign_in(@user)
+        remember(@user) if remember?
+        flash_success_after_create
+        redirect_back_or(url_after_create)
+      else
+        ::ClearanceMailer.deliver_confirmation(@user)
+        flash_notice_after_create
+        redirect_to(new_session_url)
+      end
+    end
+  end
+
+  def destroy
+    forget(current_user)
+    flash_success_after_destroy
+    redirect_to(url_after_destroy)
+  end
+
+  private
+
+  def flash_failure_after_create
+    flash.now[:failure] = translate(:bad_email_or_password,
+      :scope   => [:clearance, :controllers, :sessions],
+      :default => "Bad email or password.")
+  end
+
+  def flash_success_after_create
+    flash[:success] = translate(:signed_in, :default =>  "Signed in.")
+  end
+
+  def flash_notice_after_create
+    flash[:notice] = translate(:unconfirmed_email,
+      :scope   => [:clearance, :controllers, :sessions],
+      :default => "User has not confirmed email. " <<
+                  "Confirmation email will be resent.")
+  end
+
+  def url_after_create
+    root_url
+  end
+
+  def flash_success_after_destroy
+    flash[:success] = translate(:signed_out, :default =>  "Signed out.")
+  end
+
+  def url_after_destroy
+    new_session_url
+  end
+end
@@ -0,0 +1,35 @@
+class Clearance::UsersController < ApplicationController
+  unloadable
+
+  before_filter :redirect_to_root, :only => [:new, :create], :if => :signed_in?
+  filter_parameter_logging :password
+
+  def new
+    @user = ::User.new(params[:user])
+    render :template => 'users/new'
+  end
+
+  def create
+    @user = ::User.new params[:user]
+    if @user.save
+      ::ClearanceMailer.deliver_confirmation @user
+      flash_notice_after_create
+      redirect_to(url_after_create)
+    else
+      render :template => 'users/new'
+    end
+  end
+
+  private
+
+  def flash_notice_after_create
+    flash[:notice] = translate(:deliver_confirmation,
+      :scope   => [:clearance, :controllers, :users],
+      :default => "You will receive an email within the next few minutes. " <<
+                  "It contains instructions for confirming your account.")
+  end
+
+  def url_after_create
+    new_session_url
+  end
+end
@@ -0,0 +1,23 @@
+class ClearanceMailer < ActionMailer::Base
+
+  default_url_options[:host] = HOST
+
+  def change_password(user)
+    from       DO_NOT_REPLY
+    recipients user.email
+    subject    I18n.t(:change_password,
+                      :scope   => [:clearance, :models, :clearance_mailer],
+                      :default => "Change your password")
+    body       :user => user
+  end
+
+  def confirmation(user)
+    from       DO_NOT_REPLY
+    recipients user.email
+    subject    I18n.t(:confirmation,
+                      :scope   => [:clearance, :models, :clearance_mailer],
+                      :default => "Account confirmation")
+    body      :user => user
+  end
+
+end
@@ -0,0 +1,7 @@
+Someone, hopefully you, has requested that we send you a link to change your password.
+
+Here's the link:
+
+<%= edit_user_password_url(@user, :token => @user.token, :escape => false) %>
+
+If you didn't request this, ignore this email. Don't worry. Your password hasn't been changed.
@@ -0,0 +1,2 @@
+
+<%= new_user_confirmation_url :user_id => @user, :token => @user.token, :encode => false %>
@@ -0,0 +1,23 @@
+<h2>Change your password</h2>
+
+<p>
+  Your password has been reset. Choose a new password below.
+</p>
+
+<%= error_messages_for :user %>
+
+<% form_for(:user,
+            :url => user_password_path(@user, :token    => @user.token),
+            :html => { :method => :put }) do |form| %>
+  <div class="password_field">
+    <%= form.label :password, "Choose password" %>
+    <%= form.password_field :password %>
+  </div>
+  <div class="password_field">
+    <%= form.label :password_confirmation, "Confirm password" %>
+    <%= form.password_field :password_confirmation %>
+  </div>
+  <div class="submit_field">
+    <%= form.submit "Save this password", :disable_with => "Please wait..." %>
+  </div>
+<% end %>
@@ -0,0 +1,15 @@
+<h2>Change your password</h2>
+
+<p>
+  We will email you a link to change your password.
+</p>
+
+<% form_for :password, :url => passwords_path do |form| %>
+  <div class="text_field">
+    <%= form.label :email, "Email address" %>
+    <%= form.text_field :email %>
+  </div>
+  <div class="submit_field">
+    <%= form.submit "Reset password", :disable_with => "Please wait..." %>
+  </div>
+<% end %>
 \ No newline at end of file
@@ -0,0 +1,28 @@
+<h2>Sign in</h2>
+
+<% form_for :session, :url => session_path do |form| %>
+  <div class="text_field">
+    <%= form.label :email %>
+    <%= form.text_field :email %>  
+  </div>
+  <div class="text_field">
+    <%= form.label :password %>
+    <%= form.password_field :password %>
+  </div>
+  <div class="text_field">
+    <%= form.check_box :remember_me %>
+    <%= form.label :remember_me %>
+  </div>
+  <div class="submit_field">
+    <%= form.submit "Sign in", :disable_with => "Please wait..." %>
+  </div>
+<% end %>
+
+<ul>
+  <li>
+    <%= link_to "Sign up", new_user_path %>
+  </li>
+  <li>
+    <%= link_to "Forgot password?", new_password_path %>
+  </li>
+</ul>
 \ No newline at end of file
@@ -0,0 +1,13 @@
+<%= form.error_messages %>
+<div class="text_field">
+  <%= form.label :email %>
+  <%= form.text_field :email %>
+</div>
+<div class="password_field">
+  <%= form.label :password %>
+  <%= form.password_field :password %>
+</div>
+<div class="password_field">
+  <%= form.label :password_confirmation, "Confirm password" %>
+  <%= form.password_field :password_confirmation %>
+</div>
 \ No newline at end of file
@@ -0,0 +1,6 @@
+<h2>Sign up</h2>
+
+<% form_for @user do |form| %>
+  <%= render :partial => '/users/form', :object => form %>
+  <%= form.submit 'Sign up', :disable_with => 'Please wait...' %>
+<% end %>
@@ -0,0 +1,30 @@
+ActionController::Routing::Routes.draw do |map|
+  map.resources :passwords,
+    :controller => 'clearance/passwords',
+    :only       => [:new, :create]
+
+  map.resource  :session,
+    :controller => 'clearance/sessions',
+    :only       => [:new, :create, :destroy]
+
+  map.resources :users, :controller => 'clearance/users' do |users|
+    users.resource :password,
+      :controller => 'clearance/passwords',
+      :only       => [:create, :edit, :update]
+
+    users.resource :confirmation,
+      :controller => 'clearance/confirmations',
+      :only       => [:new, :create]
+  end
+
+  map.sign_up  'sign_up',
+    :controller => 'clearance/users',
+    :action     => 'new'
+  map.sign_in  'sign_in',
+    :controller => 'clearance/sessions',
+    :action     => 'new'
+  map.sign_out 'sign_out',
+    :controller => 'clearance/sessions',
+    :action     => 'destroy',
+    :method     => :delete
+end
@@ -0,0 +1 @@
+script/generate clearance
 \ No newline at end of file
@@ -0,0 +1,41 @@
+require File.expand_path(File.dirname(__FILE__) + "/lib/insert_commands.rb")
+require File.expand_path(File.dirname(__FILE__) + "/lib/rake_commands.rb")
+require 'factory_girl'
+
+class ClearanceGenerator < Rails::Generator::Base
+
+  def manifest
+    record do |m|
+      m.insert_into "app/controllers/application_controller.rb",
+                    "include Clearance::Authentication"
+
+      user_model = "app/models/user.rb"
+      if File.exists?(user_model)
+        m.insert_into user_model, "include Clearance::User"
+      else
+        m.directory File.join("app", "models")
+        m.file "user.rb", user_model
+      end
+
+      m.directory File.join("test", "factories")
+      m.file "factories.rb", "test/factories/clearance.rb"
+
+      m.migration_template "migrations/#{migration_name}.rb",
+                           'db/migrate',
+                           :migration_file_name => "clearance_#{migration_name}"
+
+      m.readme "README"
+    end
+  end
+
+  private
+
+  def migration_name
+    if ActiveRecord::Base.connection.table_exists?(:users)
+      'update_users'
+    else
+      'create_users'
+    end
+  end
+
+end
@@ -0,0 +1,33 @@
+# Mostly pinched from http://github.com/ryanb/nifty-generators/tree/master
+
+Rails::Generator::Commands::Base.class_eval do
+  def file_contains?(relative_destination, line)
+    File.read(destination_path(relative_destination)).include?(line)
+  end
+end
+
+Rails::Generator::Commands::Create.class_eval do
+  def insert_into(file, line)
+    logger.insert "#{line} into #{file}"
+    unless options[:pretend] || file_contains?(file, line)
+      gsub_file file, /^(class|module) .+$/ do |match|
+        "#{match}\n  #{line}"
+      end
+    end
+  end
+end
+
+Rails::Generator::Commands::Destroy.class_eval do
+  def insert_into(file, line)
+    logger.remove "#{line} from #{file}"
+    unless options[:pretend]
+      gsub_file file, "\n  #{line}", ''
+    end
+  end
+end
+
+Rails::Generator::Commands::List.class_eval do
+  def insert_into(file, line)
+    logger.insert "#{line} into #{file}"
+  end
+end
@@ -0,0 +1,22 @@
+Rails::Generator::Commands::Create.class_eval do
+  def rake_db_migrate
+    logger.rake "db:migrate"
+    unless system("rake db:migrate")
+      logger.rake "db:migrate failed. Rolling back"      
+      command(:destroy).invoke!
+    end
+  end
+end
+
+Rails::Generator::Commands::Destroy.class_eval do
+  def rake_db_migrate
+    logger.rake "db:rollback"  
+    system "rake db:rollback"  
+  end
+end
+
+Rails::Generator::Commands::List.class_eval do
+  def rake_db_migrate
+    logger.rake "db:migrate"    
+  end
+end
@@ -0,0 +1,22 @@
+
+*******************************************************************************
+
+Ok, enough fancy automatic stuff. Time for some old school monkey copy-pasting.
+
+1. Define a HOST constant in your environments files.
+In config/environments/test.rb and config/environments/development.rb it can be:
+
+    HOST = "localhost"
+
+In production.rb it must be the actual host your application is deployed to.
+The constant is used by mailers to generate URLs in emails.
+
+2. In config/environment.rb:
+
+    DO_NOT_REPLY = "donotreply@example.com"
+
+3. Define root_url to *something* in your config/routes.rb:
+
+    map.root :controller => 'home'
+
+*******************************************************************************
@@ -0,0 +1,13 @@
+Factory.sequence :email do |n|
+  "user#{n}@example.com"
+end
+
+Factory.define :user do |user|
+  user.email                 { Factory.next :email }
+  user.password              { "password" }
+  user.password_confirmation { "password" }
+end
+
+Factory.define :email_confirmed_user, :parent => :user do |user|
+  user.email_confirmed { true }
+end
@@ -0,0 +1,21 @@
+class ClearanceCreateUsers < ActiveRecord::Migration
+  def self.up
+    create_table(:users) do |t|
+      t.string   :email
+      t.string   :encrypted_password, :limit => 128
+      t.string   :salt,               :limit => 128
+      t.string   :token,              :limit => 128
+      t.datetime :token_expires_at
+      t.boolean  :email_confirmed, :default => false, :null => false
+      t.timestamps
+    end
+
+    add_index :users, [:id, :token]
+    add_index :users, :email
+    add_index :users, :token
+  end
+
+  def self.down
+    drop_table :users
+  end
+end
@@ -0,0 +1,41 @@
+class ClearanceUpdateUsers < ActiveRecord::Migration
+  def self.up
+<% 
+      existing_columns = ActiveRecord::Base.connection.columns(:users).collect { |each| each.name }
+      columns = [
+        [:email,              't.string :email'],
+        [:encrypted_password, 't.string :encrypted_password, :limit => 128'],
+        [:salt,               't.string :salt, :limit => 128'],
+        [:token,              't.string :token, :limit => 128'],
+        [:token_expires_at,   't.datetime :token_expires_at'],
+        [:email_confirmed,    't.boolean :email_confirmed, :default => false, :null => false']
+      ].delete_if {|c| existing_columns.include?(c.first.to_s)} 
+-%>
+    change_table(:users) do |t|
+<% columns.each do |c| -%>
+      <%= c.last %>
+<% end -%>
+    end
+    
+<%
+    existing_indexes = ActiveRecord::Base.connection.indexes(:users)
+    index_names = existing_indexes.collect { |each| each.name }
+    new_indexes = [
+      [:index_users_on_id_and_token, 'add_index :users, [:id, :token]'],
+      [:index_users_on_email,        'add_index :users, :email'],
+      [:index_users_on_token,        'add_index :users, :token']
+    ].delete_if { |each| index_names.include?(each.first.to_s) }
+-%>
+<% new_indexes.each do |each| -%>
+    <%= each.last %>
+<% end -%>
+  end
+  
+  def self.down
+    change_table(:users) do |t|
+<% unless columns.empty? -%>
+      t.remove <%= columns.collect { |each| ":#{each.first}" }.join(',') %>
+<% end -%>
+    end
+  end
+end
@@ -0,0 +1,3 @@
+class User < ActiveRecord::Base
+  include Clearance::User
+end
@@ -0,0 +1 @@
+script/generate clearance_features
@@ -0,0 +1,20 @@
+class ClearanceFeaturesGenerator < Rails::Generator::Base
+
+  def manifest
+    record do |m|
+      m.directory File.join("features", "step_definitions")
+      m.directory File.join("features", "support")
+
+      ["features/step_definitions/clearance_steps.rb",
+       "features/step_definitions/factory_girl_steps.rb",
+       "features/support/paths.rb",
+       "features/sign_in.feature",
+       "features/sign_out.feature",       
+       "features/sign_up.feature",
+       "features/password_reset.feature"].each do |file|
+        m.file file, file
+       end
+    end
+  end
+
+end
@@ -0,0 +1,33 @@
+Feature: Password reset
+  In order to sign in even if user forgot their password
+  A user
+  Should be able to reset it
+
+    Scenario: User is not signed up
+      Given no user exists with an email of "email@person.com"
+      When I request password reset link to be sent to "email@person.com"
+      Then I should see "Unknown email"
+
+    Scenario: User is signed up and requests password reset
+      Given I signed up with "email@person.com/password"
+      When I request password reset link to be sent to "email@person.com"
+      Then I should see "instructions for changing your password"
+      And a password reset message should be sent to "email@person.com"
+
+    Scenario: User is signed up updated his password and types wrong confirmation
+      Given I signed up with "email@person.com/password"
+      When I follow the password reset link sent to "email@person.com"
+      And I update my password with "newpassword/wrongconfirmation"
+      Then I should see error messages
+      And I should be signed out
+
+    Scenario: User is signed up and updates his password
+      Given I signed up with "email@person.com/password"
+      When I follow the password reset link sent to "email@person.com"
+      And I update my password with "newpassword/newpassword"
+      Then I should be signed in
+      When I sign out
+      Then I should be signed out
+      And I sign in as "email@person.com/newpassword"
+      Then I should be signed in
+
@@ -0,0 +1,42 @@
+Feature: Sign in
+  In order to get access to protected sections of the site
+  A user
+  Should be able to sign in
+
+    Scenario: User is not signed up
+      Given no user exists with an email of "email@person.com"
+      When I go to the sign in page
+      And I sign in as "email@person.com/password"
+      Then I should see "Bad email or password"
+      And I should be signed out
+
+    Scenario: User is not confirmed
+      Given I signed up with "email@person.com/password"
+      When I go to the sign in page
+      And I sign in as "email@person.com/password"
+      Then I should see "User has not confirmed email"
+      And I should be signed out
+
+   Scenario: User enters wrong password
+      Given I am signed up and confirmed as "email@person.com/password"
+      When I go to the sign in page
+      And I sign in as "email@person.com/wrongpassword"
+      Then I should see "Bad email or password"
+      And I should be signed out
+
+   Scenario: User signs in successfully
+      Given I am signed up and confirmed as "email@person.com/password"
+      When I go to the sign in page
+      And I sign in as "email@person.com/password"
+      Then I should see "Signed in"
+      And I should be signed in
+
+   Scenario: User signs in and checks "remember me"
+      Given I am signed up and confirmed as "email@person.com/password"
+      When I go to the sign in page
+      And I sign in with "remember me" as "email@person.com/password"
+      Then I should see "Signed in"
+      And I should be signed in
+      When I return next time
+      Then I should be signed in
+
@@ -0,0 +1,23 @@
+Feature: Sign out
+  To protect my account from unauthorized access
+  A signed in user
+  Should be able to sign out
+
+    Scenario: User signs out
+      Given I am signed up and confirmed as "email@person.com/password"
+      When I sign in as "email@person.com/password"
+      Then I should be signed in
+      And I sign out
+      Then I should see "Signed out"
+      And I should be signed out
+
+    Scenario: User who was remembered signs out
+      Given I am signed up and confirmed as "email@person.com/password"
+      When I sign in with "remember me" as "email@person.com/password"
+      Then I should be signed in
+      And I sign out
+      Then I should see "Signed out"
+      And I should be signed out
+      When I return next time
+      Then I should be signed out
+
@@ -0,0 +1,45 @@
+Feature: Sign up
+  In order to get access to protected sections of the site
+  A user
+  Should be able to sign up
+
+    Scenario: User signs up with invalid data
+      When I go to the sign up page
+      And I fill in "Email" with "invalidemail"
+      And I fill in "Password" with "password"
+      And I fill in "Confirm password" with ""
+      And I press "Sign Up"
+      Then I should see error messages
+
+    Scenario: User signs up with valid data
+      When I go to the sign up page
+      And I fill in "Email" with "email@person.com"
+      And I fill in "Password" with "password"
+      And I fill in "Confirm password" with "password"
+      And I press "Sign Up"
+      Then I should see "instructions for confirming"
+      And a confirmation message should be sent to "email@person.com"
+
+    Scenario: User confirms his account
+      Given I signed up with "email@person.com/password"
+      When I follow the confirmation link sent to "email@person.com"
+      Then I should see "Confirmed email and signed in"
+      And I should be signed in
+
+    Scenario: Signed in user clicks confirmation link again
+      Given I signed up with "email@person.com/password"
+      When I follow the confirmation link sent to "email@person.com"
+      Then I should be signed in
+      When I follow the confirmation link sent to "email@person.com"
+      Then I should see "Confirmed email and signed in"
+      And I should be signed in
+
+    Scenario: Signed out user clicks confirmation link again
+      Given I signed up with "email@person.com/password"
+      When I follow the confirmation link sent to "email@person.com"
+      Then I should be signed in
+      When I sign out
+      And I follow the confirmation link sent to "email@person.com"
+      Then I should see "Already confirmed email. Please sign in."
+      And I should be signed out
+
@@ -0,0 +1,110 @@
+# General
+
+Then /^I should see error messages$/ do
+  assert_match /error(s)? prohibited/m, response.body
+end
+
+# Database
+
+Given /^no user exists with an email of "(.*)"$/ do |email|
+  assert_nil User.find_by_email(email)
+end
+
+Given /^I signed up with "(.*)\/(.*)"$/ do |email, password|
+  user = Factory :user,
+    :email                 => email,
+    :password              => password,
+    :password_confirmation => password
+end 
+
+Given /^I am signed up and confirmed as "(.*)\/(.*)"$/ do |email, password|
+  user = Factory :email_confirmed_user,
+    :email                 => email,
+    :password              => password,
+    :password_confirmation => password
+end
+
+# Session
+
+Then /^I should be signed in$/ do
+  assert controller.signed_in?
+end
+
+Then /^I should be signed out$/ do
+  assert ! controller.signed_in?
+end
+
+When /^session is cleared$/ do
+  request.reset_session
+  controller.instance_variable_set(:@_current_user, nil)
+end
+
+# Emails
+
+Then /^a confirmation message should be sent to "(.*)"$/ do |email|
+  user = User.find_by_email(email)
+  sent = ActionMailer::Base.deliveries.first
+  assert_equal [user.email], sent.to
+  assert_match /confirm/i, sent.subject
+  assert !user.token.blank?
+  assert_match /#{user.token}/, sent.body
+end
+
+When /^I follow the confirmation link sent to "(.*)"$/ do |email|
+  user = User.find_by_email(email)
+  visit new_user_confirmation_path(:user_id => user, :token => user.token)
+end
+
+Then /^a password reset message should be sent to "(.*)"$/ do |email|
+  user = User.find_by_email(email)
+  sent = ActionMailer::Base.deliveries.first
+  assert_equal [user.email], sent.to
+  assert_match /password/i, sent.subject
+  assert !user.token.blank?
+  assert_match /#{user.token}/, sent.body
+end
+
+When /^I follow the password reset link sent to "(.*)"$/ do |email|
+  user = User.find_by_email(email)
+  visit edit_user_password_path(:user_id => user, :token => user.token)
+end
+
+When /^I try to change the password of "(.*)" without token$/ do |email|
+  user = User.find_by_email(email)
+  visit edit_user_password_path(:user_id => user)
+end
+
+Then /^I should be forbidden$/ do
+  assert_response :forbidden
+end
+
+# Actions
+
+When /^I sign in( with "remember me")? as "(.*)\/(.*)"$/ do |remember, email, password|
+  When %{I go to the sign in page}
+  And %{I fill in "Email" with "#{email}"}
+  And %{I fill in "Password" with "#{password}"}
+  And %{I check "Remember me"} if remember
+  And %{I press "Sign In"}
+end
+
+When /^I sign out$/ do
+  visit '/session', :delete
+end
+
+When /^I request password reset link to be sent to "(.*)"$/ do |email|
+  When %{I go to the password reset request page}
+  And %{I fill in "Email address" with "#{email}"}
+  And %{I press "Reset password"}
+end
+
+When /^I update my password with "(.*)\/(.*)"$/ do |password, confirmation|
+  And %{I fill in "Choose password" with "#{password}"}
+  And %{I fill in "Confirm password" with "#{confirmation}"}
+  And %{I press "Save this password"}
+end
+
+When /^I return next time$/ do
+  When %{session is cleared}
+  And %{I go to the homepage}
+end
@@ -0,0 +1,5 @@
+Factory.factories.each do |name, factory|
+  Given /^an? #{name} exists with an? (.*) of "([^"]*)"$/ do |attr, value|
+    Factory(name, attr.gsub(' ', '_') => value)
+  end
+end
@@ -0,0 +1,22 @@
+module NavigationHelpers
+  def path_to(page_name)
+    case page_name
+    
+    when /the homepage/i
+      root_path
+    when /the sign up page/i
+      new_user_path
+    when /the sign in page/i
+      new_session_path
+    when /the password reset request page/i
+      new_password_path
+    
+    # Add more page name => path mappings here
+    
+    else
+      raise "Can't find mapping from \"#{page_name}\" to a path."
+    end
+  end
+end
+ 
+World(NavigationHelpers)
@@ -0,0 +1,27 @@
+class ClearanceViewsGenerator < Rails::Generator::Base
+
+  def manifest
+    record do |m|
+      strategy          = "formtastic"
+      template_strategy = "erb"
+
+      m.directory File.join("app", "views", "users")
+      m.file "#{strategy}/users/new.html.#{template_strategy}",
+        "app/views/users/new.html.#{template_strategy}"
+      m.file "#{strategy}/users/_inputs.html.#{template_strategy}",
+        "app/views/users/_inputs.html.#{template_strategy}"
+
+      m.directory File.join("app", "views", "sessions")
+      m.file "#{strategy}/sessions/new.html.#{template_strategy}",
+        "app/views/sessions/new.html.#{template_strategy}"
+
+      m.directory File.join("app", "views", "passwords")
+      m.file "#{strategy}/passwords/new.html.#{template_strategy}",
+        "app/views/passwords/new.html.#{template_strategy}"
+      m.file "#{strategy}/passwords/edit.html.#{template_strategy}",
+        "app/views/passwords/edit.html.#{template_strategy}"
+    end
+  end
+
+end
+
@@ -0,0 +1,21 @@
+<h2>Change your password</h2>
+
+<p>
+  Your password has been reset. Choose a new password below.
+</p>
+
+<% semantic_form_for(:user,
+            :url  => user_password_path(@user, :token => @user.token),
+            :html => { :method => :put }) do |form| %>
+  <%= form.error_messages %>
+  <% form.inputs do -%>
+    <%= form.input :password, :as => :password,
+                   :label => "Choose password" %>
+    <%= form.input :password_confirmation, :as => :password,
+                   :label => "Confirm password" %>
+  <% end -%>
+  <% form.buttons do -%>
+    <%= form.commit_button "Save this password" %>
+  <% end -%>
+<% end %>
+
@@ -0,0 +1,15 @@
+<h2>Reset your password</h2>
+
+<p>
+  We will email you a link to reset your password.
+</p>
+
+<% semantic_form_for :password, :url => passwords_path do |form| -%>
+  <% form.inputs do -%>
+    <%= form.input :email, :label => "Email address" %>
+  <% end -%>
+  <% form.buttons do -%>
+    <%= form.commit_button "Reset password" %>
+  <% end -%>
+<% end -%>
+
@@ -0,0 +1,22 @@
+<h2>Sign in</h2>
+
+<% semantic_form_for :session, :url => session_path do |form| %>
+  <% form.inputs do %>
+    <%= form.input :email %>
+    <%= form.input :password, :as => :password %>
+    <%= form.input :remember_me, :as => :boolean, :required => false %>
+  <% end %>
+  <% form.buttons do %>
+    <%= form.commit_button "Sign in" %>
+  <% end %>
+<% end %>
+
+<ul>
+  <li>
+    <%= link_to "Sign up", new_user_path %>
+  </li>
+  <li>
+    <%= link_to "Forgot password?", new_password_path %>
+  </li>
+</ul>
+
@@ -0,0 +1,6 @@
+<% form.inputs do %>
+  <%= form.input :email %>
+  <%= form.input :password %>
+  <%= form.input :password_confirmation, :label => "Confirm password" %>
+<% end %>
+
@@ -0,0 +1,10 @@
+<h2>Sign up</h2>
+
+<% semantic_form_for @user do |form| %>
+  <%= form.error_messages %>
+  <%= render :partial => "/users/inputs", :locals => { :form => form } %>
+  <% form.buttons do %>
+    <%= form.commit_button "Sign up" %>
+  <% end %>
+<% end %>
+
@@ -0,0 +1,6 @@
+require 'clearance/extensions/errors'
+require 'clearance/extensions/rescue'
+require 'clearance/extensions/routes'
+
+require 'clearance/authentication'
+require 'clearance/user'
@@ -0,0 +1,102 @@
+module Clearance
+  module Authentication
+
+    def self.included(controller)
+      controller.send(:include, InstanceMethods)
+
+      controller.class_eval do
+        helper_method :current_user, :signed_in?, :signed_out?
+        hide_action   :current_user, :signed_in?, :signed_out?
+      end
+    end
+
+    module InstanceMethods
+      def current_user
+        @_current_user ||= (user_from_cookie || user_from_session)
+      end
+
+      def signed_in?
+        ! current_user.nil?
+      end
+
+      def signed_out?
+        current_user.nil?
+      end
+
+      protected
+
+      def authenticate
+        deny_access unless signed_in?
+      end
+
+      def user_from_session
+        if session[:user_id]
+          return nil  unless user = ::User.find_by_id(session[:user_id])
+          return user if     user.email_confirmed?
+        end
+      end
+
+      def user_from_cookie
+        if token = cookies[:remember_token]
+          return nil  unless user = ::User.find_by_token(token)
+          return user if     user.remember?
+        end
+      end
+
+      def sign_user_in(user)
+        warn "[DEPRECATION] sign_user_in: unnecessary. use sign_in(user) instead."
+        sign_in(user)
+      end
+
+      def sign_in(user)
+        if user
+          session[:user_id] = user.id
+        end
+      end
+
+      def remember?
+        params[:session] && params[:session][:remember_me] == "1"
+      end
+
+      def remember(user)
+        user.remember_me!
+        cookies[:remember_token] = { :value   => user.token,
+                                     :expires => user.token_expires_at }
+      end
+
+      def forget(user)
+        user.forget_me! if user
+        cookies.delete(:remember_token)
+        reset_session
+      end
+
+      def redirect_back_or(default)
+        redirect_to(return_to || default)
+        clear_return_to
+      end
+
+      def return_to
+        session[:return_to] || params[:return_to]
+      end
+
+      def clear_return_to
+        session[:return_to] = nil
+      end
+
+      def redirect_to_root
+        redirect_to(root_url)
+      end
+
+      def store_location
+        session[:return_to] = request.request_uri if request.get?
+      end
+
+      def deny_access(flash_message = nil, opts = {})
+        store_location
+        flash[:failure] = flash_message if flash_message
+        redirect_to(new_session_url)
+      end
+    end
+
+  end
+end
@@ -0,0 +1,6 @@
+if defined?(ActionController)
+  module ActionController
+    class Forbidden < StandardError
+    end
+  end
+end
@@ -0,0 +1,3 @@
+if defined?(ActionController::Base)
+  ActionController::Base.rescue_responses.update('ActionController::Forbidden' => :forbidden)
+end
@@ -0,0 +1,14 @@
+if defined?(ActionController::Routing::RouteSet)
+  class ActionController::Routing::RouteSet
+    def load_routes_with_clearance!
+      lib_path = File.dirname(__FILE__)
+      clearance_routes = File.join(lib_path, *%w[.. .. .. config clearance_routes.rb])
+      unless configuration_files.include?(clearance_routes)
+        add_configuration_file(clearance_routes)
+      end
+      load_routes_without_clearance!
+    end
+
+    alias_method_chain :load_routes!, :clearance
+  end
+end
@@ -0,0 +1,143 @@
+require 'digest/sha1'
+
+module Clearance
+  module User
+
+    def self.included(model)
+      model.extend(ClassMethods)
+
+      model.send(:include, InstanceMethods)
+      model.send(:include, AttrAccessible)
+      model.send(:include, AttrAccessor)
+      model.send(:include, Validations)
+      model.send(:include, Callbacks)
+    end
+
+    module AttrAccessible
+      def self.included(model)
+        model.class_eval do
+          attr_accessible :email, :password, :password_confirmation
+        end
+      end
+    end
+
+    module AttrAccessor
+      def self.included(model)
+        model.class_eval do
+          attr_accessor :password, :password_confirmation
+        end
+      end
+    end
+
+    module Validations
+      def self.included(model)
+        model.class_eval do
+          validates_presence_of     :email
+          validates_uniqueness_of   :email, :case_sensitive => false
+          validates_format_of       :email, :with => %r{.+@.+\..+}
+
+          validates_presence_of     :password, :if => :password_required?
+          validates_confirmation_of :password, :if => :password_required?
+        end
+      end
+    end
+
+    module Callbacks
+      def self.included(model)
+        model.class_eval do
+          before_save :initialize_salt, :encrypt_password, :initialize_token
+        end
+      end
+    end
+
+    module InstanceMethods
+      def authenticated?(password)
+        encrypted_password == encrypt(password)
+      end
+
+      def encrypt(string)
+        generate_hash("--#{salt}--#{string}--")
+      end
+
+      def remember?
+        token_expires_at && Time.now.utc < token_expires_at
+      end
+
+      def remember_me!
+        remember_me_until! 2.weeks.from_now.utc
+      end
+
+      def forget_me!
+        clear_token
+        save(false)
+      end
+
+      def confirm_email!
+        self.email_confirmed  = true
+        self.token            = nil
+        save(false)
+      end
+
+      def forgot_password!
+        generate_token
+        save(false)
+      end
+
+      def update_password(new_password, new_password_confirmation)
+        self.password              = new_password
+        self.password_confirmation = new_password_confirmation
+        clear_token if valid?
+        save
+      end
+
+      protected
+
+      def generate_hash(string)
+        Digest::SHA1.hexdigest(string)
+      end
+
+      def initialize_salt
+        if new_record?
+          self.salt = generate_hash("--#{Time.now.utc.to_s}--#{password}--")
+        end
+      end
+
+      def encrypt_password
+        return if password.blank?
+        self.encrypted_password = encrypt(password)
+      end
+
+      def generate_token
+        self.token = encrypt("--#{Time.now.utc.to_s}--#{password}--")
+        self.token_expires_at = nil
+      end
+
+      def clear_token
+        self.token            = nil
+        self.token_expires_at = nil
+      end
+
+      def initialize_token
+        generate_token if new_record?
+      end
+
+      def password_required?
+        encrypted_password.blank? || !password.blank?
+      end
+
+      def remember_me_until!(time)
+        self.token_expires_at = time
+        self.token = encrypt("--#{token_expires_at}--#{password}--")
+        save(false)
+      end
+    end
+
+    module ClassMethods
+      def authenticate(email, password)
+        return nil  unless user = find_by_email(email)
+        return user if     user.authenticated?(password)
+      end
+    end
+
+  end
+end
@@ -0,0 +1 @@
+require 'clearance'
 \ No newline at end of file
@@ -0,0 +1,268 @@
+module Clearance
+  module Shoulda
+
+    # STATE OF AUTHENTICATION
+
+    def should_be_signed_in_as(&block)
+      should "be signed in as #{block.bind(self).call}" do
+        user = block.bind(self).call
+        assert_not_nil user,
+          "please pass a User. try: should_be_signed_in_as { @user }"
+        assert_equal user, @controller.send(:current_user),
+          "#{user.inspect} is not the current_user, " <<
+          "which is #{@controller.send(:current_user).inspect}"
+      end
+    end
+
+    def should_be_signed_in_and_email_confirmed_as(&block)
+      warn "[DEPRECATION] should_be_signed_in_and_email_confirmed_as: questionable usefulness"
+      should_be_signed_in_as &block
+
+      should "have confirmed email" do
+        user = block.bind(self).call
+
+        assert_not_nil user
+        assert_equal user, assigns(:user)
+        assert assigns(:user).email_confirmed?
+      end
+    end
+
+    def should_not_be_signed_in
+      should "not be signed in" do
+        assert_nil session[:user_id]
+      end
+    end
+
+    def should_deny_access_on(http_method, action, opts = {})
+      warn "[DEPRECATION] should_deny_access_on: use a setup & should_deny_access(:flash => ?)"
+      flash_message = opts.delete(:flash)
+      context "on #{http_method} to #{action}" do
+        setup do
+          send(http_method, action, opts)
+        end
+
+        should_deny_access(:flash => flash_message)
+      end
+    end
+
+    def should_deny_access(opts = {})
+      if opts[:flash]
+        should_set_the_flash_to opts[:flash]
+      else
+        should_not_set_the_flash
+      end
+
+      should_redirect_to('new_session_url') { new_session_url }
+    end
+
+    # HTTP FLUENCY
+
+    def should_forbid(description, &block)
+      should "forbid #{description}" do
+        assert_raises ActionController::Forbidden do
+          instance_eval(&block)
+        end
+      end
+    end
+
+    # CONTEXTS
+
+    def signed_in_user_context(&blk)
+      warn "[DEPRECATION] signed_in_user_context: creates a Mystery Guest, causes Obscure Test"
+      context "A signed in user" do
+        setup do
+          @user = Factory(:user)
+          @user.confirm_email!
+          sign_in_as @user
+        end
+        merge_block(&blk)
+      end
+    end
+
+    def public_context(&blk)
+      warn "[DEPRECATION] public_context: common case is no-op. call sign_out otherwise"
+      context "The public" do
+        setup { sign_out }
+        merge_block(&blk)
+      end
+    end
+
+    # CREATING USERS
+
+    def should_create_user_successfully
+      warn "[DEPRECATION] should_create_user_successfully: not meant to be public, no longer used internally"
+      should_assign_to :user
+      should_change 'User.count', :by => 1
+
+      should "send the confirmation email" do
+        assert_sent_email do |email|
+          email.subject =~ /account confirmation/i
+        end
+      end
+
+      should_set_the_flash_to /confirm/i
+      should_redirect_to_url_after_create
+    end
+
+    # RENDERING
+
+    def should_render_nothing
+      should "render nothing" do
+        assert @response.body.blank?
+      end
+    end
+
+    # REDIRECTS
+
+    def should_redirect_to_url_after_create
+      should_redirect_to("the post-create url") do
+        @controller.send(:url_after_create)
+      end
+    end
+
+    def should_redirect_to_url_after_update
+      should_redirect_to("the post-update url") do
+        @controller.send(:url_after_update)
+      end
+    end
+
+    def should_redirect_to_url_after_destroy
+      should_redirect_to("the post-destroy url") do
+        @controller.send(:url_after_destroy)
+      end
+    end
+
+    def should_redirect_to_url_already_confirmed
+      should_redirect_to("the already confirmed url") do
+        @controller.send(:url_already_confirmed)
+      end
+    end
+
+    # VALIDATIONS
+
+    def should_validate_confirmation_of(attribute, opts = {})
+      warn "[DEPRECATION] should_validate_confirmation_of: not meant to be public, no longer used internally"
+      raise ArgumentError if opts[:factory].nil?
+
+      context "on save" do
+        should_validate_confirmation_is_not_blank opts[:factory], attribute
+        should_validate_confirmation_is_not_bad   opts[:factory], attribute
+      end
+    end
+
+    def should_validate_confirmation_is_not_blank(factory, attribute, opts = {})
+      warn "[DEPRECATION] should_validate_confirmation_is_not_blank: not meant to be public, no longer used internally"
+      should "validate #{attribute}_confirmation is not blank" do
+        model = Factory.build(factory, blank_confirmation_options(attribute))
+        model.save
+        assert_confirmation_error(model, attribute,
+          "#{attribute}_confirmation cannot be blank")
+      end
+    end
+
+    def should_validate_confirmation_is_not_bad(factory, attribute, opts = {})
+      warn "[DEPRECATION] should_validate_confirmation_is_not_bad: not meant to be public, no longer used internally"
+      should "validate #{attribute}_confirmation is different than #{attribute}" do
+        model = Factory.build(factory, bad_confirmation_options(attribute))
+        model.save
+        assert_confirmation_error(model, attribute, 
+          "#{attribute}_confirmation cannot be different than #{attribute}")
+      end
+    end
+
+    # FORMS
+
+    def should_display_a_password_update_form
+      warn "[DEPRECATION] should_display_a_password_update_form: not meant to be public, no longer used internally"
+      should "have a form for the user's token, password, and password confirm" do
+        update_path = ERB::Util.h(
+          user_password_path(@user, :token => @user.token)
+        )
+
+        assert_select 'form[action=?]', update_path do
+          assert_select 'input[name=_method][value=?]', 'put'
+          assert_select 'input[name=?]', 'user[password]'
+          assert_select 'input[name=?]', 'user[password_confirmation]'
+        end
+      end
+    end
+
+    def should_display_a_sign_up_form
+      warn "[DEPRECATION] should_display_a_sign_up_form: not meant to be public, no longer used internally"
+      should "display a form to sign up" do
+        assert_select "form[action=#{users_path}][method=post]",
+        true, "There must be a form to sign up" do
+          assert_select "input[type=text][name=?]",
+            "user[email]", true, "There must be an email field"
+          assert_select "input[type=password][name=?]",
+            "user[password]", true, "There must be a password field"
+          assert_select "input[type=password][name=?]",
+            "user[password_confirmation]", true, "There must be a password confirmation field"
+          assert_select "input[type=submit]", true,
+            "There must be a submit button"
+        end
+      end
+    end
+
+    def should_display_a_sign_in_form
+      warn "[DEPRECATION] should_display_a_sign_in_form: not meant to be public, no longer used internally"
+      should 'display a "sign in" form' do
+        assert_select "form[action=#{session_path}][method=post]",
+          true, "There must be a form to sign in" do
+            assert_select "input[type=text][name=?]",
+              "session[email]", true, "There must be an email field"
+            assert_select "input[type=password][name=?]",
+              "session[password]", true, "There must be a password field"
+            assert_select "input[type=checkbox][name=?]",
+              "session[remember_me]", true, "There must be a 'remember me' check box"
+            assert_select "input[type=submit]", true,
+              "There must be a submit button"
+        end
+      end
+    end
+  end
+end
+
+module Clearance
+  module Shoulda
+    module Helpers
+      def sign_in_as(user)
+        @controller.class_eval { attr_accessor :current_user }
+        @controller.current_user = user
+        return user
+      end
+
+      def sign_in
+        sign_in_as Factory(:email_confirmed_user)
+      end
+
+      def sign_out
+        @controller.class_eval { attr_accessor :current_user }
+        @controller.current_user = nil
+      end
+
+      def blank_confirmation_options(attribute)
+        warn "[DEPRECATION] blank_confirmation_options: not meant to be public, no longer used internally"
+        opts = { attribute => attribute.to_s }
+        opts.merge("#{attribute}_confirmation".to_sym => "")
+      end
+
+      def bad_confirmation_options(attribute)
+        warn "[DEPRECATION] bad_confirmation_options: not meant to be public, no longer used internally"
+        opts = { attribute => attribute.to_s }
+        opts.merge("#{attribute}_confirmation".to_sym => "not_#{attribute}")
+      end
+
+      def assert_confirmation_error(model, attribute, message = "confirmation error")
+        warn "[DEPRECATION] assert_confirmation_error: not meant to be public, no longer used internally"
+        assert model.errors.on(attribute).include?("doesn't match confirmation"),
+          message
+      end
+    end
+  end
+end
+
+class Test::Unit::TestCase
+  include Clearance::Shoulda::Helpers
+end
+Test::Unit::TestCase.extend(Clearance::Shoulda)
@@ -1,167 +0,0 @@
-h2. 0.6.9 (07/04/2009)
-
-* Added timestamps to create users migration. (Dan Croak)
-* Ready for Ruby 1.9. (Jason Morrison, Nick Quaranto)
-
-h2. 0.6.8 (06/24/2009)
-
-* Added defined? checks for various Rails constants such as ActionController
-for easier unit testing of Clearance extensions... particularly ActiveRecord
-extensions... particularly strong_password. (Dan Croak)
-
-h2. 0.6.7 (06/13/2009)
-
-* [#30] Added sign_up, sign_in, sign_out named routes. (Dan Croak)
-* [#22] Minimizing Reek smell: Duplication in redirect_back_or. (Dan Croak)
-* Deprecated sign_user_in. Told developers to use sign_in instead. (Dan
-Croak)
-* [#16] flash_success_after_create, flash_notice_after_create, flash_failure_after_create, flash_sucess_after_update, flash_success_after_destroy, etc. (Dan Croak)
-* [#17] bug. added #create to forbidden before_filters on confirmations controller. (Dan Croak)
-* [#24] should_be_signed_in_as shouldn't look in the session. (Dan Croak)
-* README improvements. (Dan Croak)
-* Move routes loading to separate file. (Joshua Clayton)
-
-h2. 0.6.6 (05/18/2009)
-
-* [#14] replaced class_eval in Clearance::User with modules. This was needed
-in a thoughtbot client app so we could write our own validations. (Dan Croak)
-
-h2. 0.6.5 (05/17/2009)
-
-* [#6] Make Clearance i18n aware. (Timur Vafin, Marcel Goerner, Eugene Bolshakov, Dan Croak)
-
-h2. 0.6.4 (05/12/2009)
-
-* Moved issue tracking to Github from Lighthouse. (Dan Croak)
-* [#7] asking higher-level questions of controllers in webrat steps, such as signed_in? instead of what's in the session. same for accessors. (Dan Croak)
-* [#11] replacing sign_in_as & sign_out shoulda macros with a stubbing (requires no dependency) approach. this will avoid dealing with the internals of current_user, such as session & cookies. added sign_in macro which signs in an email confirmed user from clearance's factories. (Dan Croak)
-* [#13] move private methods on sessions controller into Clearance::Authentication module (Dan Croak)
-* [#9] audited flash keys. (Dan Croak)
-
-h2. 0.6.3 (04/23/2009)
-
-* Scoping ClearanceMailer properly within controllers so it works in production environments. (Nick Quaranto)
-
-h2. 0.6.2 (04/22/2009)
-
-* Insert Clearance::User into User model if it exists. (Nick Quaranto)
-* World(NavigationHelpers) Cucumber 3.0 style. (Shay Arnett & Mark Cornick)
-
-h2. 0.6.1 (04/21/2009)
-* Scope operators are necessary to keep Rails happy. Reverting the original
-revert so they're back in the library now for constants referenced inside of
-the gem. (Nick Quaranto)
-
-h2. 0.6.0 (04/21/2009)
-
-* Converted Clearance to a Rails engine. (Dan Croak & Joe Ferris)
-* Include Clearance::User in User model in app. (Dan Croak & Joe Ferris)
-* Include Clearance::Authentication in ApplicationController. (Dan Croak & Joe Ferris)
-* Namespace controllers under Clearance. (Dan Croak & Joe Ferris)
-* Routes move to engine, use namespaced controllers but publicly the same. (Dan Croak & Joe Ferris)
-* If you want to override a controller, subclass it like SessionsController <
-Clearance::SessionsController. This gives you access to usual hooks such as
-url_after_create. (Dan Croak & Joe Ferris)
-* Controllers, mailer, model, routes all unit tested inside engine. Use
-script/generate clearance_features to test integration of Clearance with your
-Rails app. No longer including modules in your app's test files. (Dan Croak & Joe Ferris)
-* Moved views to engine. (Joe Ferris)
-* Converted generated test/factories/clearance.rb to use inheritence for
-email_confirmed_user. (Dan Croak)
-* Corrected some spelling errors with methods (Nick Quaranto)
-* Converted "I should see error messages" to use a regex in the features (Nick
-Quaranto)
-* Loading clearance routes after rails routes via some monkeypatching (Nick
-Quaranto)
-* Made the clearance controllers unloadable to stop constant loading errors in
-development mode (Nick Quaranto)
-
-h2. 0.5.6 (4/11/2009)
-
-* [#57] Step definition changed for "User should see error messages" so
-features won't fail for certain validations. (Nick Quaranto)
-
-h2. 0.5.5 (3/23/2009)
-
-* Removing duplicate test to get rid of warning. (Nick Quaranto)
-
-h2. 0.5.4 (3/21/2009)
-
-* When users fail logging in, redirect them instead of rendering. (Matt
-Jankowski)
-
-h2. 0.5.3 (3/5/2009)
-
-* Clearance now works with (and requires) Shoulda 2.10.0. (Mark Cornick, Joe
-Ferris, Dan Croak)
-* Prefer flat over nested contexts in sessions_controller_test. (Joe Ferris,
-Dan Croak)
-
-h2. 0.5.2 (3/2/2009)
-
-* Fixed last remaining errors in Rails 2.3 tests. Now fully compatible. (Joe
-Ferris, Dan Croak)
-
-h2. 0.5.1 (2/27/2009)
-
-* [#46] A user with unconfirmed email who resets password now confirms email.
-(Marcel Görner)
-* Refactored user_from_cookie, user_from_session, User#authenticate to use
-more direct return code instead of ugly, harder to read ternary. (Dan Croak)
-* Switch order of cookies and sessions to take advantage of Rails 2.3's "Rack-based lazy-loaded sessions":http://is.gd/i23E. (Dan Croak)
-* Altered generator to interact with application_controller.rb instead of
-application.rb in Rails 2.3 apps. (Dan Croak)
-* [#42] Bug fix. Rack-based session change altered how to test remember me
-cookie. (Mihai Anca)
-
-h2. 0.5.0 (2/27/2009)
-
-* Fixed problem with Cucumber features. (Dan Croak)
-* Fixed mising HTTP fluency use case. (Dan Croak)
-* Refactored User#update_password to take just parameters it needs. (Dan
-Croak)
-* Refactored User unit tests to be more readable. (Dan Croak)
-
-h2. 0.4.9 (2/20/2009)
-
-* Protect passwords & confirmations actions with forbidden filters. (Dan Croak)
-* Return 403 Forbidden status code in those cases. (Tim Pope)
-* Test 403 Forbidden status code in Cucumber feature. (Dan Croak, Joe Ferris)
-* Raise custom ActionController::Forbidden error internally. (Joe Ferris, Mike Burns, Jason Morrison)
-* Test ActionController::Forbidden error is raised in functional test. (Joe Ferris, Mike Burns, Dan Croak)
-* [#45] Fixed bug that allowed anyone to edit another user's password (Marcel Görner)
-* Required Factory Girl >= 1.2.0. (Dan Croak)
-
-h2. 0.4.8 (2/16/2009)
-
-* Added support paths for Cucumber. (Ben Mabey)
-* Added documentation for the flash. (Ben Mabey)
-* Generators require "test_helper" instead of File.join. for rr compatibility. (Joe Ferris)
-* Removed interpolated email address from flash message to make i18n easier. (Bence Nagy)
-* Standardized flash messages that refer to email delivery. (Dan Croak)
-
-h2. 0.4.7 (2/12/2009)
-
-* Removed Clearance::Test::TestHelper so there is one less setup step. (Dan Croak)
-* All test helpers now in shoulda_macros. (Dan Croak)
-
-h2. 0.4.6 (2/11/2009)
-
-* Made the modules behave like mixins again. (hat-tip Eloy Duran)
-* Created Actions and PrivateMethods modules on controllers for future RDoc reasons. (Dan Croak, Joe Ferris)
-
-h2. 0.4.5 (2/9/2009)
-
-* [#43] Removed email downcasing because local-part is case sensitive per RFC5321. (Dan Croak)
-* [#42] Removed dependency on Mocha. (Dan Croak)
-* Required Shoulda >= 2.9.1. (Dan Croak)
-* Added password reset feature to clearance_features generator. (Eugene Bolshakov, Dan Croak)
-* Removed unnecessary session[:salt]. (Dan Croak)
-* [#41] Only store location for session[:return_to] for GET requests. (Dan Croak)
-* Audited "sign up" naming convention. "Register" had slipped in a few places. (Dan Croak)
-* Switched to SHA1 encryption. Cypher doesn't matter much for email confirmation, password reset. Better to have shorter hashes in the emails for clients who line break on 72 chars. (Dan Croak)
-
-h2. 0.4.4 (2/2/2009)
-
-* Added a generator for Cucumber features. (Joe Ferris, Dan Croak)
-* Standarized naming for "Sign up," "Sign in," and "Sign out". (Dan Croak) 
@@ -1,21 +0,0 @@
-The MIT License
-
-Copyright (c) 2008 thoughtbot, inc.
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
@@ -1,123 +0,0 @@
-h1. Clearance
-
-Rails authentication with email & password.
-
-"We have clearance, Clarence.":http://www.youtube.com/v/mNRXJEE3Nz8
-
-h2. Wiki
-
-Most information regarding Clearance is on the "Github Wiki":http://wiki.github.com/thoughtbot/clearance.
-
-h2. Installation
-
-Clearance is a Rails engine. It works with versions of Rails greater than 2.3.
-
-In config/environment.rb:
-
-<pre>
-config.gem "thoughtbot-clearance", 
-  :lib     => 'clearance', 
-  :source  => 'http://gems.github.com', 
-  :version => '0.6.9'
-</pre>
-
-Vendor the gem:
-
-<pre>
-rake gems:install
-rake gems:unpack
-</pre>
-
-Make sure the development database exists and run the generator:
-
-@script/generate clearance@
-
-A number of files will be created and instructions will be printed.
-
-You may already have some of these files. Don't worry. You'll be asked if you want to overwrite them.
-
-Run the migration:
-
-@rake db:migrate@
-
-Define a HOST constant in your environment files.
-In config/environments/test.rb and config/environments/development.rb it can be:
-
-@HOST = "localhost"@
-
-In production.rb it must be the actual host your application is deployed to.
-The constant is used by mailers to generate URLs in emails.
-
-In config/environment.rb:
-
-@DO_NOT_REPLY = "donotreply@example.com"@
-
-Define root_url to *something* in your config/routes.rb:
-
-@map.root :controller => 'home'@
-
-h2. Cucumber Features
-
-As your app evolves, you want to know that authentication still works. Clearance's opinion is that you should test its integration with your app using "Cucumber":http://cukes.info/.
-
-In config/environments/test.rb:
-
-<pre>
-config.gem 'webrat',
-  :version => '= 0.4.4'
-config.gem 'cucumber',
-  :version => '= 0.3.0'
-config.gem 'thoughtbot-factory_girl',
-  :lib     => 'factory_girl',
-  :source  => "http://gems.github.com", 
-  :version => '1.2.1'
-</pre>
-
-Vendor the gems:
-
-<pre>
-rake gems:install RAILS_ENV=test
-rake gems:unpack  RAILS_ENV=test
-</pre>
-
-We don't vendor nokogiri due to its native extensions, so install it normally on your machine:
-
-@sudo gem install nokogiri@
-
-Run the Cucumber generator (if you haven't already) and Clearance's feature generator:
-
-<pre>
-script/generate cucumber
-script/generate clearance_features
-</pre>
-
-All of the files generated should be new with the exception of the features/support/paths.rb file. If you have not modified your paths.rb then you will be okay to replace it with this one. If you need to keep your paths.rb file then add these locations in your paths.rb manually:
-
-<pre>
-def path_to(page_name)
-  case page_name
-   ...
-  when /the sign up page/i
-   new_user_path
-  when /the sign in page/i
-   new_session_path
-  when /the password reset request page/i
-   new_password_path
-  ...
-end
-</pre>
-
-h2. Authors
-
-Clearance was extracted out of "Hoptoad":http://hoptoadapp.com. We merged the authentication code from two of thoughtbot's clients' Rails apps and have since used it each time we need authentication. The following people have improved the library. Thank you!
-
-Dan Croak, Mike Burns, Jason Morrison, Joe Ferris, Eugene Bolshakov, Nick Quaranto, Josh Nichols, Mike Breen, Marcel Görner, Bence Nagy, Ben Mabey, Eloy Duran, Tim Pope, Mihai Anca, Mark Cornick, Shay Arnett, Joshua Clayton & Mustafa Ekim.
-
-h2. Questions?
-
-Ask the "mailing list":http://groups.google.com/group/thoughtbot-clearance
-
-h2. Suggestions, Bugs, Refactoring?
-
-Fork away and create a "Github Issue":http://github.com/thoughtbot/clearance/issues. Please don't send pull requests.
-
@@ -1,76 +0,0 @@
-# encoding: utf-8
-
-require 'rake'
-require 'rake/testtask'
-require 'cucumber/rake/task'
-
-namespace :test do
-  Rake::TestTask.new(:all => ["generator:cleanup",
-                              "generator:generate"]) do |task|
-    task.libs << "lib"
-    task.libs << "test"
-    task.pattern = "test/**/*_test.rb"
-    task.verbose = false
-  end
-
-  Cucumber::Rake::Task.new(:features) do |t|
-    t.cucumber_opts   = "--format progress"
-    t.feature_pattern = "test/rails_root/features/*.feature"
-  end
-end
-
-generators = %w(clearance clearance_features)
-
-namespace :generator do
-  desc "Cleans up the test app before running the generator"
-  task :cleanup do
-    generators.each do |generator|
-      FileList["generators/#{generator}/templates/**/*.*"].each do |each|
-        file = "test/rails_root/#{each.gsub("generators/#{generator}/templates/",'')}"
-        File.delete(file) if File.exists?(file)
-      end
-    end
-
-    FileList["test/rails_root/db/**/*"].each do |each| 
-      FileUtils.rm_rf(each)
-    end
-    FileUtils.rm_rf("test/rails_root/vendor/plugins/clearance")
-    FileUtils.mkdir_p("test/rails_root/vendor/plugins")
-    clearance_root = File.expand_path(File.dirname(__FILE__))
-    system("ln -s #{clearance_root} test/rails_root/vendor/plugins/clearance")
-  end
-
-  desc "Run the generator on the tests"
-  task :generate do
-    generators.each do |generator|
-      system "cd test/rails_root && ./script/generate #{generator} && rake db:migrate db:test:prepare"
-    end
-  end
-end
-
-desc "Run the test suite"
-task :default => ['test:all', 'test:features']
-
-gem_spec = Gem::Specification.new do |gem_spec|
-  gem_spec.name        = "clearance"
-  gem_spec.version     = "0.6.9"
-  gem_spec.summary     = "Rails authentication with email & password."
-  gem_spec.email       = "support@thoughtbot.com"
-  gem_spec.homepage    = "http://github.com/thoughtbot/clearance"
-  gem_spec.description = "Rails authentication with email & password."
-  gem_spec.authors     = ["Dan Croak", "Mike Burns", "Jason Morrison",
-                          "Joe Ferris", "Eugene Bolshakov", "Nick Quaranto",
-                          "Josh Nichols", "Mike Breen", "Marcel Görner",
-                          "Bence Nagy", "Ben Mabey", "Eloy Duran",
-                          "Tim Pope", "Mihai Anca", "Mark Cornick",
-                          "Shay Arnett"]
-  gem_spec.files       = FileList["[A-Z]*", "{app,config,generators,lib,shoulda_macros,rails}/**/*"]
-end
-
-desc "Generate a gemspec file"
-task :gemspec do
-  File.open("#{gem_spec.name}.gemspec", 'w') do |f|
-    f.write gem_spec.to_yaml
-  end
-end
-
@@ -1,6 +0,0 @@
-h1. To-do
-
-* Make insertion of Clearance::User into User model automatic from the generator.
-* Change generated README to include instruction about running the migration.
-* DO_NOT_REPLY, HOST refactoring.
-
@@ -1,52 +0,0 @@
-class Clearance::ConfirmationsController < ApplicationController
-  unloadable
-
-  before_filter :forbid_confirmed_user,    :only => [:new, :create]
-  before_filter :forbid_missing_token,     :only => [:new, :create]
-  before_filter :forbid_non_existent_user, :only => [:new, :create]
-  filter_parameter_logging :token
-
-  def new
-    create
-  end
-
-  def create
-    @user = ::User.find_by_id_and_token(params[:user_id], params[:token])
-    @user.confirm_email!
-
-    sign_in(@user)
-    flash_success_after_create
-    redirect_to(url_after_create)
-  end
-
-  private
-
-  def forbid_confirmed_user
-    user = ::User.find_by_id(params[:user_id])
-    if user && user.email_confirmed?
-      raise ActionController::Forbidden, "confirmed user"
-    end
-  end
-
-  def forbid_missing_token
-    if params[:token].blank?
-      raise ActionController::Forbidden, "missing token"
-    end
-  end
-
-  def forbid_non_existent_user
-    unless ::User.find_by_id_and_token(params[:user_id], params[:token])
-      raise ActionController::Forbidden, "non-existent user"
-    end
-  end
-
-  def flash_success_after_create
-    flash[:success] = translate(:confirmed_email,
-      :scope   => [:clearance, :controllers, :confirmations],
-      :default => "Confirmed email and signed in.")
-  end
-
-  def url_after_create
-    root_url
-  end
-end
@@ -1,81 +0,0 @@
-class Clearance::PasswordsController < ApplicationController
-  unloadable
-
-  before_filter :forbid_missing_token,     :only => [:edit, :update]
-  before_filter :forbid_non_existent_user, :only => [:edit, :update]
-  filter_parameter_logging :password, :password_confirmation
-
-  def new
-    render :template => 'passwords/new'
-  end
-
-  def create
-    if user = ::User.find_by_email(params[:password][:email])
-      user.forgot_password!
-      ::ClearanceMailer.deliver_change_password user
-      flash_notice_after_create
-      redirect_to(url_after_create)
-    else
-      flash_failure_after_create
-      render :template => 'passwords/new'
-    end
-  end
-
-  def edit
-    @user = ::User.find_by_id_and_token(params[:user_id], params[:token])
-    render :template => 'passwords/edit'
-  end
-
-  def update
-    @user = ::User.find_by_id_and_token(params[:user_id], params[:token])
-
-    if @user.update_password(params[:user][:password],
-                             params[:user][:password_confirmation])
-      @user.confirm_email!
-      sign_in(@user)
-      flash_success_after_update
-      redirect_to(url_after_update)
-    else
-      render :template => 'passwords/edit'
-    end
-  end
-
-  private
-
-  def forbid_missing_token
-    if params[:token].blank?
-      raise ActionController::Forbidden, "missing token"
-    end
-  end
-
-  def forbid_non_existent_user
-    unless ::User.find_by_id_and_token(params[:user_id], params[:token])
-      raise ActionController::Forbidden, "non-existent user"
-    end
-  end
-
-  def flash_notice_after_create
-    flash[:notice] = translate(:deliver_change_password,
-      :scope   => [:clearance, :controllers, :passwords],
-      :default => "You will receive an email within the next few minutes. " <<
-                  "It contains instructions for changing your password.")
-  end
-
-  def flash_failure_after_create
-    flash.now[:failure] = translate(:unknown_email,
-      :scope   => [:clearance, :controllers, :passwords],
-      :default => "Unknown email.")
-  end
-
-  def url_after_create
-    new_session_url
-  end
-
-  def flash_success_after_update
-    flash[:success] = translate(:signed_in, :default => "Signed in.")
-  end
-
-  def url_after_update
-    root_url
-  end
-end
@@ -1,67 +0,0 @@
-class Clearance::SessionsController < ApplicationController
-  unloadable
-
-  protect_from_forgery :except => :create
-  filter_parameter_logging :password
-
-  def new
-    render :template => 'sessions/new'
-  end
-
-  def create
-    @user = ::User.authenticate(params[:session][:email],
-                                params[:session][:password])
-    if @user.nil?
-      flash_failure_after_create
-      render :template => 'sessions/new', :status => :unauthorized
-    else
-      if @user.email_confirmed?
-        sign_in(@user)
-        remember(@user) if remember?
-        flash_success_after_create
-        redirect_back_or(url_after_create)
-      else
-        ::ClearanceMailer.deliver_confirmation(@user)
-        flash_notice_after_create
-        redirect_to(new_session_url)
-      end
-    end
-  end
-
-  def destroy
-    forget(current_user)
-    flash_success_after_destroy
-    redirect_to(url_after_destroy)
-  end
-
-  private
-
-  def flash_failure_after_create
-    flash.now[:failure] = translate(:bad_email_or_password,
-      :scope   => [:clearance, :controllers, :sessions],
-      :default => "Bad email or password.")
-  end
-
-  def flash_success_after_create
-    flash[:success] = translate(:signed_in, :default =>  "Signed in.")
-  end
-
-  def flash_notice_after_create
-    flash[:notice] = translate(:unconfirmed_email,
-      :scope   => [:clearance, :controllers, :sessions],
-      :default => "User has not confirmed email. " <<
-                  "Confirmation email will be resent.")
-  end
-
-  def url_after_create
-    root_url
-  end
-
-  def flash_success_after_destroy
-    flash[:success] = translate(:signed_out, :default =>  "Signed out.")
-  end
-
-  def url_after_destroy
-    new_session_url
-  end
-end
@@ -1,35 +0,0 @@
-class Clearance::UsersController < ApplicationController
-  unloadable
-
-  before_filter :redirect_to_root, :only => [:new, :create], :if => :signed_in?
-  filter_parameter_logging :password
-
-  def new
-    @user = ::User.new(params[:user])
-    render :template => 'users/new'
-  end
-
-  def create
-    @user = ::User.new params[:user]
-    if @user.save
-      ::ClearanceMailer.deliver_confirmation @user
-      flash_notice_after_create
-      redirect_to(url_after_create)
-    else
-      render :template => 'users/new'
-    end
-  end
-
-  private
-
-  def flash_notice_after_create
-    flash[:notice] = translate(:deliver_confirmation,
-      :scope   => [:clearance, :controllers, :users],
-      :default => "You will receive an email within the next few minutes. " <<
-                  "It contains instructions for confirming your account.")
-  end
-
-  def url_after_create
-    new_session_url
-  end
-end
@@ -1,23 +0,0 @@
-class ClearanceMailer < ActionMailer::Base
-
-  default_url_options[:host] = HOST
-
-  def change_password(user)
-    from       DO_NOT_REPLY
-    recipients user.email
-    subject    I18n.t(:change_password,
-                      :scope   => [:clearance, :models, :clearance_mailer],
-                      :default => "Change your password")
-    body       :user => user
-  end
-
-  def confirmation(user)
-    from       DO_NOT_REPLY
-    recipients user.email
-    subject    I18n.t(:confirmation,
-                      :scope   => [:clearance, :models, :clearance_mailer],
-                      :default => "Account confirmation")
-    body      :user => user
-  end
-
-end
@@ -1,7 +0,0 @@
-Someone, hopefully you, has requested that we send you a link to change your password.
-
-Here's the link:
-
-<%= edit_user_password_url(@user, :token => @user.token, :escape => false) %>
-
-If you didn't request this, ignore this email. Don't worry. Your password hasn't been changed.
@@ -1,2 +0,0 @@
-
-<%= new_user_confirmation_url :user_id => @user, :token => @user.token, :encode => false %>
@@ -1,23 +0,0 @@
-<h2>Change your password</h2>
-
-<p>
-  Your password has been reset. Choose a new password below.
-</p>
-
-<%= error_messages_for :user %>
-
-<% form_for(:user,
-            :url => user_password_path(@user, :token    => @user.token),
-            :html => { :method => :put }) do |form| %>
-  <div class="password_field">
-    <%= form.label :password, "Choose password" %>
-    <%= form.password_field :password %>
-  </div>
-  <div class="password_field">
-    <%= form.label :password_confirmation, "Confirm password" %>
-    <%= form.password_field :password_confirmation %>
-  </div>
-  <div class="submit_field">
-    <%= form.submit "Save this password", :disable_with => "Please wait..." %>
-  </div>
-<% end %>
@@ -1,15 +0,0 @@
-<h2>Change your password</h2>
-
-<p>
-  We will email you a link to change your password.
-</p>
-
-<% form_for :password, :url => passwords_path do |form| %>
-  <div class="text_field">
-    <%= form.label :email, "Email address" %>
-    <%= form.text_field :email %>
-  </div>
-  <div class="submit_field">
-    <%= form.submit "Reset password", :disable_with => "Please wait..." %>
-  </div>
-<% end %>
 \ No newline at end of file
@@ -1,28 +0,0 @@
-<h2>Sign in</h2>
-
-<% form_for :session, :url => session_path do |form| %>
-  <div class="text_field">
-    <%= form.label :email %>
-    <%= form.text_field :email %>  
-  </div>
-  <div class="text_field">
-    <%= form.label :password %>
-    <%= form.password_field :password %>
-  </div>
-  <div class="text_field">
-    <%= form.check_box :remember_me %>
-    <%= form.label :remember_me %>
-  </div>
-  <div class="submit_field">
-    <%= form.submit "Sign in", :disable_with => "Please wait..." %>
-  </div>
-<% end %>
-
-<ul>
-  <li>
-    <%= link_to "Sign up", new_user_path %>
-  </li>
-  <li>
-    <%= link_to "Forgot password?", new_password_path %>
-  </li>
-</ul>
 \ No newline at end of file
@@ -1,13 +0,0 @@
-<%= form.error_messages %>
-<div class="text_field">
-  <%= form.label :email %>
-  <%= form.text_field :email %>
-</div>
-<div class="password_field">
-  <%= form.label :password %>
-  <%= form.password_field :password %>
-</div>
-<div class="password_field">
-  <%= form.label :password_confirmation, "Confirm password" %>
-  <%= form.password_field :password_confirmation %>
-</div>
 \ No newline at end of file
@@ -1,6 +0,0 @@
-<h2>Sign up</h2>
-
-<% form_for @user do |form| %>
-  <%= render :partial => '/users/form', :object => form %>
-  <%= form.submit 'Sign up', :disable_with => 'Please wait...' %>
-<% end %>
@@ -1,132 +0,0 @@
---- !ruby/object:Gem::Specification 
-name: clearance
-version: !ruby/object:Gem::Version 
-  version: 0.6.9
-platform: ruby
-authors: 
-- Dan Croak
-- Mike Burns
-- Jason Morrison
-- Joe Ferris
-- Eugene Bolshakov
-- Nick Quaranto
-- Josh Nichols
-- Mike Breen
-- "Marcel G\xC3\xB6rner"
-- Bence Nagy
-- Ben Mabey
-- Eloy Duran
-- Tim Pope
-- Mihai Anca
-- Mark Cornick
-- Shay Arnett
-autorequire: 
-bindir: bin
-cert_chain: []
-
-date: 2009-07-04 00:00:00 -04:00
-default_executable: 
-dependencies: []
-
-description: Rails authentication with email & password.
-email: support@thoughtbot.com
-executables: []
-
-extensions: []
-
-extra_rdoc_files: []
-
-files: 
-- CHANGELOG.textile
-- LICENSE
-- Rakefile
-- README.textile
-- TODO.textile
-- app/controllers
-- app/controllers/clearance
-- app/controllers/clearance/confirmations_controller.rb
-- app/controllers/clearance/passwords_controller.rb
-- app/controllers/clearance/sessions_controller.rb
-- app/controllers/clearance/users_controller.rb
-- app/models
-- app/models/clearance_mailer.rb
-- app/views
-- app/views/clearance_mailer
-- app/views/clearance_mailer/change_password.html.erb
-- app/views/clearance_mailer/confirmation.html.erb
-- app/views/passwords
-- app/views/passwords/edit.html.erb
-- app/views/passwords/new.html.erb
-- app/views/sessions
-- app/views/sessions/new.html.erb
-- app/views/users
-- app/views/users/_form.html.erb
-- app/views/users/new.html.erb
-- config/clearance_routes.rb
-- generators/clearance
-- generators/clearance/clearance_generator.rb
-- generators/clearance/lib
-- generators/clearance/lib/insert_commands.rb
-- generators/clearance/lib/rake_commands.rb
-- generators/clearance/templates
-- generators/clearance/templates/factories.rb
-- generators/clearance/templates/migrations
-- generators/clearance/templates/migrations/create_users.rb
-- generators/clearance/templates/migrations/update_users.rb
-- generators/clearance/templates/README
-- generators/clearance/templates/user.rb
-- generators/clearance/USAGE
-- generators/clearance_features
-- generators/clearance_features/clearance_features_generator.rb
-- generators/clearance_features/templates
-- generators/clearance_features/templates/features
-- generators/clearance_features/templates/features/password_reset.feature
-- generators/clearance_features/templates/features/sign_in.feature
-- generators/clearance_features/templates/features/sign_out.feature
-- generators/clearance_features/templates/features/sign_up.feature
-- generators/clearance_features/templates/features/step_definitions
-- generators/clearance_features/templates/features/step_definitions/clearance_steps.rb
-- generators/clearance_features/templates/features/step_definitions/factory_girl_steps.rb
-- generators/clearance_features/templates/features/support
-- generators/clearance_features/templates/features/support/paths.rb
-- generators/clearance_features/USAGE
-- lib/clearance
-- lib/clearance/authentication.rb
-- lib/clearance/extensions
-- lib/clearance/extensions/errors.rb
-- lib/clearance/extensions/rescue.rb
-- lib/clearance/extensions/routes.rb
-- lib/clearance/user.rb
-- lib/clearance.rb
-- shoulda_macros/clearance.rb
-- rails/init.rb
-has_rdoc: true
-homepage: http://github.com/thoughtbot/clearance
-licenses: []
-
-post_install_message: 
-rdoc_options: []
-
-require_paths: 
-- lib
-required_ruby_version: !ruby/object:Gem::Requirement 
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      version: "0"
-  version: 
-required_rubygems_version: !ruby/object:Gem::Requirement 
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      version: "0"
-  version: 
-requirements: []
-
-rubyforge_project: 
-rubygems_version: 1.3.4
-signing_key: 
-specification_version: 3
-summary: Rails authentication with email & password.
-test_files: []
-
@@ -1,30 +0,0 @@
-ActionController::Routing::Routes.draw do |map|
-  map.resources :passwords,
-    :controller => 'clearance/passwords',
-    :only       => [:new, :create]
-
-  map.resource  :session,
-    :controller => 'clearance/sessions',
-    :only       => [:new, :create, :destroy]
-
-  map.resources :users, :controller => 'clearance/users' do |users|
-    users.resource :password,
-      :controller => 'clearance/passwords',
-      :only       => [:create, :edit, :update]
-
-    users.resource :confirmation,
-      :controller => 'clearance/confirmations',
-      :only       => [:new, :create]
-  end
-
-  map.sign_up  'sign_up',
-    :controller => 'clearance/users',
-    :action     => 'new'
-  map.sign_in  'sign_in',
-    :controller => 'clearance/sessions',
-    :action     => 'new'
-  map.sign_out 'sign_out',
-    :controller => 'clearance/sessions',
-    :action     => 'destroy',
-    :method     => :delete
-end
@@ -1 +0,0 @@
-script/generate clearance
 \ No newline at end of file
@@ -1,41 +0,0 @@
-require File.expand_path(File.dirname(__FILE__) + "/lib/insert_commands.rb")
-require File.expand_path(File.dirname(__FILE__) + "/lib/rake_commands.rb")
-require 'factory_girl'
-
-class ClearanceGenerator < Rails::Generator::Base
-
-  def manifest
-    record do |m|
-      m.insert_into "app/controllers/application_controller.rb",
-                    "include Clearance::Authentication"
-
-      user_model = "app/models/user.rb"
-      if File.exists?(user_model)
-        m.insert_into user_model, "include Clearance::User"
-      else
-        m.directory File.join("app", "models")
-        m.file "user.rb", user_model
-      end
-
-      m.directory File.join("test", "factories")
-      m.file "factories.rb", "test/factories/clearance.rb"
-
-      m.migration_template "migrations/#{migration_name}.rb",
-                           'db/migrate',
-                           :migration_file_name => "clearance_#{migration_name}"
-
-      m.readme "README"
-    end
-  end
-
-  private
-
-  def migration_name
-    if ActiveRecord::Base.connection.table_exists?(:users)
-      'update_users'
-    else
-      'create_users'
-    end
-  end
-
-end
@@ -1,33 +0,0 @@
-# Mostly pinched from http://github.com/ryanb/nifty-generators/tree/master
-
-Rails::Generator::Commands::Base.class_eval do
-  def file_contains?(relative_destination, line)
-    File.read(destination_path(relative_destination)).include?(line)
-  end
-end
-
-Rails::Generator::Commands::Create.class_eval do
-  def insert_into(file, line)
-    logger.insert "#{line} into #{file}"
-    unless options[:pretend] || file_contains?(file, line)
-      gsub_file file, /^(class|module) .+$/ do |match|
-        "#{match}\n  #{line}"
-      end
-    end
-  end
-end
-
-Rails::Generator::Commands::Destroy.class_eval do
-  def insert_into(file, line)
-    logger.remove "#{line} from #{file}"
-    unless options[:pretend]
-      gsub_file file, "\n  #{line}", ''
-    end
-  end
-end
-
-Rails::Generator::Commands::List.class_eval do
-  def insert_into(file, line)
-    logger.insert "#{line} into #{file}"
-  end
-end
@@ -1,22 +0,0 @@
-Rails::Generator::Commands::Create.class_eval do
-  def rake_db_migrate
-    logger.rake "db:migrate"
-    unless system("rake db:migrate")
-      logger.rake "db:migrate failed. Rolling back"      
-      command(:destroy).invoke!
-    end
-  end
-end
-
-Rails::Generator::Commands::Destroy.class_eval do
-  def rake_db_migrate
-    logger.rake "db:rollback"  
-    system "rake db:rollback"  
-  end
-end
-
-Rails::Generator::Commands::List.class_eval do
-  def rake_db_migrate
-    logger.rake "db:migrate"    
-  end
-end
@@ -1,22 +0,0 @@
-
-*******************************************************************************
-
-Ok, enough fancy automatic stuff. Time for some old school monkey copy-pasting.
-
-1. Define a HOST constant in your environments files.
-In config/environments/test.rb and config/environments/development.rb it can be:
-
-    HOST = "localhost"
-
-In production.rb it must be the actual host your application is deployed to.
-The constant is used by mailers to generate URLs in emails.
-
-2. In config/environment.rb:
-
-    DO_NOT_REPLY = "donotreply@example.com"
-
-3. Define root_url to *something* in your config/routes.rb:
-
-    map.root :controller => 'home'
-
-*******************************************************************************
@@ -1,13 +0,0 @@
-Factory.sequence :email do |n|
-  "user#{n}@example.com"
-end
-
-Factory.define :user do |user|
-  user.email                 { Factory.next :email }
-  user.password              { "password" }
-  user.password_confirmation { "password" }
-end
-
-Factory.define :email_confirmed_user, :parent => :user do |user|
-  user.email_confirmed { true }
-end
@@ -1,21 +0,0 @@
-class ClearanceCreateUsers < ActiveRecord::Migration
-  def self.up
-    create_table(:users) do |t|
-      t.string   :email
-      t.string   :encrypted_password, :limit => 128
-      t.string   :salt,               :limit => 128
-      t.string   :token,              :limit => 128
-      t.datetime :token_expires_at
-      t.boolean  :email_confirmed, :default => false, :null => false
-      t.timestamps
-    end
-
-    add_index :users, [:id, :token]
-    add_index :users, :email
-    add_index :users, :token
-  end
-
-  def self.down
-    drop_table :users
-  end
-end
@@ -1,41 +0,0 @@
-class ClearanceUpdateUsers < ActiveRecord::Migration
-  def self.up
-<% 
-      existing_columns = ActiveRecord::Base.connection.columns(:users).collect { |each| each.name }
-      columns = [
-        [:email,              't.string :email'],
-        [:encrypted_password, 't.string :encrypted_password, :limit => 128'],
-        [:salt,               't.string :salt, :limit => 128'],
-        [:token,              't.string :token, :limit => 128'],
-        [:token_expires_at,   't.datetime :token_expires_at'],
-        [:email_confirmed,    't.boolean :email_confirmed, :default => false, :null => false']
-      ].delete_if {|c| existing_columns.include?(c.first.to_s)} 
--%>
-    change_table(:users) do |t|
-<% columns.each do |c| -%>
-      <%= c.last %>
-<% end -%>
-    end
-    
-<%
-    existing_indexes = ActiveRecord::Base.connection.indexes(:users)
-    index_names = existing_indexes.collect { |each| each.name }
-    new_indexes = [
-      [:index_users_on_id_and_token, 'add_index :users, [:id, :token]'],
-      [:index_users_on_email,        'add_index :users, :email'],
-      [:index_users_on_token,        'add_index :users, :token']
-    ].delete_if { |each| index_names.include?(each.first.to_s) }
--%>
-<% new_indexes.each do |each| -%>
-    <%= each.last %>
-<% end -%>
-  end
-  
-  def self.down
-    change_table(:users) do |t|
-<% unless columns.empty? -%>
-      t.remove <%= columns.collect { |each| ":#{each.first}" }.join(',') %>
-<% end -%>
-    end
-  end
-end
@@ -1,3 +0,0 @@
-class User < ActiveRecord::Base
-  include Clearance::User
-end
@@ -1 +0,0 @@
-script/generate clearance_features
@@ -1,20 +0,0 @@
-class ClearanceFeaturesGenerator < Rails::Generator::Base
-  
-  def manifest
-    record do |m|
-      m.directory File.join("features", "step_definitions")
-      m.directory File.join("features", "support")
-      
-      ["features/step_definitions/clearance_steps.rb",
-       "features/step_definitions/factory_girl_steps.rb",
-       "features/support/paths.rb",
-       "features/sign_in.feature",
-       "features/sign_out.feature",       
-       "features/sign_up.feature",
-       "features/password_reset.feature"].each do |file|
-        m.file file, file
-       end
-    end
-  end
-  
-end
@@ -1,33 +0,0 @@
-Feature: Password reset
-  In order to sign in even if user forgot their password
-  A user
-  Should be able to reset it
-
-    Scenario: User is not signed up
-      Given no user exists with an email of "email@person.com"
-      When I request password reset link to be sent to "email@person.com"
-      Then I should see "Unknown email"
-
-    Scenario: User is signed up and requests password reset
-      Given I signed up with "email@person.com/password"
-      When I request password reset link to be sent to "email@person.com"
-      Then I should see "instructions for changing your password"
-      And a password reset message should be sent to "email@person.com"
-
-    Scenario: User is signed up updated his password and types wrong confirmation
-      Given I signed up with "email@person.com/password"
-      When I follow the password reset link sent to "email@person.com"
-      And I update my password with "newpassword/wrongconfirmation"
-      Then I should see error messages
-      And I should be signed out
-
-    Scenario: User is signed up and updates his password
-      Given I signed up with "email@person.com/password"
-      When I follow the password reset link sent to "email@person.com"
-      And I update my password with "newpassword/newpassword"
-      Then I should be signed in
-      When I sign out
-      Then I should be signed out
-      And I sign in as "email@person.com/newpassword"
-      Then I should be signed in
-
@@ -1,42 +0,0 @@
-Feature: Sign in
-  In order to get access to protected sections of the site
-  A user
-  Should be able to sign in
-
-    Scenario: User is not signed up
-      Given no user exists with an email of "email@person.com"
-      When I go to the sign in page
-      And I sign in as "email@person.com/password"
-      Then I should see "Bad email or password"
-      And I should be signed out
-
-    Scenario: User is not confirmed
-      Given I signed up with "email@person.com/password"
-      When I go to the sign in page
-      And I sign in as "email@person.com/password"
-      Then I should see "User has not confirmed email"
-      And I should be signed out
-
-   Scenario: User enters wrong password
-      Given I am signed up and confirmed as "email@person.com/password"
-      When I go to the sign in page
-      And I sign in as "email@person.com/wrongpassword"
-      Then I should see "Bad email or password"
-      And I should be signed out
-
-   Scenario: User signs in successfully
-      Given I am signed up and confirmed as "email@person.com/password"
-      When I go to the sign in page
-      And I sign in as "email@person.com/password"
-      Then I should see "Signed in"
-      And I should be signed in
-
-   Scenario: User signs in and checks "remember me"
-      Given I am signed up and confirmed as "email@person.com/password"
-      When I go to the sign in page
-      And I sign in with "remember me" as "email@person.com/password"
-      Then I should see "Signed in"
-      And I should be signed in
-      When I return next time
-      Then I should be signed in
-
@@ -1,23 +0,0 @@
-Feature: Sign out
-  To protect my account from unauthorized access
-  A signed in user
-  Should be able to sign out
-
-    Scenario: User signs out
-      Given I am signed up and confirmed as "email@person.com/password"
-      When I sign in as "email@person.com/password"
-      Then I should be signed in
-      And I sign out
-      Then I should see "Signed out"
-      And I should be signed out
-
-    Scenario: User who was remembered signs out
-      Given I am signed up and confirmed as "email@person.com/password"
-      When I sign in with "remember me" as "email@person.com/password"
-      Then I should be signed in
-      And I sign out
-      Then I should see "Signed out"
-      And I should be signed out
-      When I return next time
-      Then I should be signed out
-
@@ -1,28 +0,0 @@
-Feature: Sign up
-  In order to get access to protected sections of the site
-  A user
-  Should be able to sign up
-
-    Scenario: User signs up with invalid data
-      When I go to the sign up page
-      And I fill in "Email" with "invalidemail"
-      And I fill in "Password" with "password"
-      And I fill in "Confirm password" with ""
-      And I press "Sign Up"
-      Then I should see error messages
-
-    Scenario: User signs up with valid data
-      When I go to the sign up page
-      And I fill in "Email" with "email@person.com"
-      And I fill in "Password" with "password"
-      And I fill in "Confirm password" with "password"
-      And I press "Sign Up"
-      Then I should see "instructions for confirming"
-      And a confirmation message should be sent to "email@person.com"
-
-    Scenario: User confirms his account
-      Given I signed up with "email@person.com/password"
-      When I follow the confirmation link sent to "email@person.com"
-      Then I should see "Confirmed email and signed in"
-      And I should be signed in
-
@@ -1,110 +0,0 @@
-# General
-
-Then /^I should see error messages$/ do
-  assert_match /error(s)? prohibited/m, response.body
-end
-
-# Database
-
-Given /^no user exists with an email of "(.*)"$/ do |email|
-  assert_nil User.find_by_email(email)
-end
-
-Given /^I signed up with "(.*)\/(.*)"$/ do |email, password|
-  user = Factory :user,
-    :email                 => email,
-    :password              => password,
-    :password_confirmation => password
-end 
-
-Given /^I am signed up and confirmed as "(.*)\/(.*)"$/ do |email, password|
-  user = Factory :email_confirmed_user,
-    :email                 => email,
-    :password              => password,
-    :password_confirmation => password
-end
-
-# Session
-
-Then /^I should be signed in$/ do
-  assert controller.signed_in?
-end
-
-Then /^I should be signed out$/ do
-  assert ! controller.signed_in?
-end
-
-When /^session is cleared$/ do
-  request.reset_session
-  controller.instance_variable_set(:@_current_user, nil)
-end
-
-# Emails
-
-Then /^a confirmation message should be sent to "(.*)"$/ do |email|
-  user = User.find_by_email(email)
-  sent = ActionMailer::Base.deliveries.first
-  assert_equal [user.email], sent.to
-  assert_match /confirm/i, sent.subject
-  assert !user.token.blank?
-  assert_match /#{user.token}/, sent.body
-end
-
-When /^I follow the confirmation link sent to "(.*)"$/ do |email|
-  user = User.find_by_email(email)
-  visit new_user_confirmation_path(:user_id => user, :token => user.token)
-end
-
-Then /^a password reset message should be sent to "(.*)"$/ do |email|
-  user = User.find_by_email(email)
-  sent = ActionMailer::Base.deliveries.first
-  assert_equal [user.email], sent.to
-  assert_match /password/i, sent.subject
-  assert !user.token.blank?
-  assert_match /#{user.token}/, sent.body
-end
-
-When /^I follow the password reset link sent to "(.*)"$/ do |email|
-  user = User.find_by_email(email)
-  visit edit_user_password_path(:user_id => user, :token => user.token)
-end
-
-When /^I try to change the password of "(.*)" without token$/ do |email|
-  user = User.find_by_email(email)
-  visit edit_user_password_path(:user_id => user)
-end
-
-Then /^I should be forbidden$/ do
-  assert_response :forbidden
-end
-
-# Actions
-
-When /^I sign in( with "remember me")? as "(.*)\/(.*)"$/ do |remember, email, password|
-  When %{I go to the sign in page}
-  And %{I fill in "Email" with "#{email}"}
-  And %{I fill in "Password" with "#{password}"}
-  And %{I check "Remember me"} if remember
-  And %{I press "Sign In"}
-end
-
-When /^I sign out$/ do
-  visit '/session', :delete
-end
-
-When /^I request password reset link to be sent to "(.*)"$/ do |email|
-  When %{I go to the password reset request page}
-  And %{I fill in "Email address" with "#{email}"}
-  And %{I press "Reset password"}
-end
-
-When /^I update my password with "(.*)\/(.*)"$/ do |password, confirmation|
-  And %{I fill in "Choose password" with "#{password}"}
-  And %{I fill in "Confirm password" with "#{confirmation}"}
-  And %{I press "Save this password"}
-end
-
-When /^I return next time$/ do
-  When %{session is cleared}
-  And %{I go to the homepage}
-end
@@ -1,5 +0,0 @@
-Factory.factories.each do |name, factory|
-  Given /^an? #{name} exists with an? (.*) of "([^"]*)"$/ do |attr, value|
-    Factory(name, attr.gsub(' ', '_') => value)
-  end
-end
@@ -1,22 +0,0 @@
-module NavigationHelpers
-  def path_to(page_name)
-    case page_name
-    
-    when /the homepage/i
-      root_path
-    when /the sign up page/i
-      new_user_path
-    when /the sign in page/i
-      new_session_path
-    when /the password reset request page/i
-      new_password_path
-    
-    # Add more page name => path mappings here
-    
-    else
-      raise "Can't find mapping from \"#{page_name}\" to a path."
-    end
-  end
-end
- 
-World(NavigationHelpers)
@@ -1,6 +0,0 @@
-require 'clearance/extensions/errors'
-require 'clearance/extensions/rescue'
-require 'clearance/extensions/routes'
-
-require 'clearance/authentication'
-require 'clearance/user'
@@ -1,100 +0,0 @@
-module Clearance
-  module Authentication
-
-    def self.included(controller)
-      controller.send(:include, InstanceMethods)
-
-      controller.class_eval do
-        helper_method :current_user
-        helper_method :signed_in?
-
-        hide_action :current_user, :signed_in?
-      end
-    end
-
-    module InstanceMethods
-      def current_user
-        @_current_user ||= (user_from_cookie || user_from_session)
-      end
-
-      def signed_in?
-        ! current_user.nil?
-      end
-
-      protected
-
-      def authenticate
-        deny_access unless signed_in?
-      end
-
-      def user_from_session
-        if session[:user_id]
-          return nil  unless user = ::User.find_by_id(session[:user_id])
-          return user if     user.email_confirmed?
-        end
-      end
-
-      def user_from_cookie
-        if token = cookies[:remember_token]
-          return nil  unless user = ::User.find_by_token(token)
-          return user if     user.remember?
-        end
-      end
-
-      def sign_user_in(user)
-        warn "[DEPRECATION] sign_user_in: unnecessary. use sign_in(user) instead."
-        sign_in(user)
-      end
-
-      def sign_in(user)
-        if user
-          session[:user_id] = user.id
-        end
-      end
-
-      def remember?
-        params[:session] && params[:session][:remember_me] == "1"
-      end
-
-      def remember(user)
-        user.remember_me!
-        cookies[:remember_token] = { :value   => user.token,
-                                     :expires => user.token_expires_at }
-      end
-
-      def forget(user)
-        user.forget_me! if user
-        cookies.delete(:remember_token)
-        reset_session
-      end
-
-      def redirect_back_or(default)
-        redirect_to(return_to || default)
-        clear_return_to
-      end
-
-      def return_to
-        session[:return_to] || params[:return_to]
-      end
-
-      def clear_return_to
-        session[:return_to] = nil
-      end
-
-      def redirect_to_root
-        redirect_to(root_url)
-      end
-
-      def store_location
-        session[:return_to] = request.request_uri if request.get?
-      end
-
-      def deny_access(flash_message = nil, opts = {})
-        store_location
-        flash[:failure] = flash_message if flash_message
-        redirect_to(new_session_url)
-      end
-    end
-
-  end
-end
@@ -1,6 +0,0 @@
-if defined?(ActionController)
-  module ActionController
-    class Forbidden < StandardError
-    end
-  end
-end
@@ -1,3 +0,0 @@
-if defined?(ActionController::Base)
-  ActionController::Base.rescue_responses.update('ActionController::Forbidden' => :forbidden)
-end
@@ -1,14 +0,0 @@
-if defined?(ActionController::Routing::RouteSet)
-  class ActionController::Routing::RouteSet
-    def load_routes_with_clearance!
-      lib_path = File.dirname(__FILE__)
-      clearance_routes = File.join(lib_path, *%w[.. .. .. config clearance_routes.rb])
-      unless configuration_files.include?(clearance_routes)
-        add_configuration_file(clearance_routes)
-      end
-      load_routes_without_clearance!
-    end
-
-    alias_method_chain :load_routes!, :clearance
-  end
-end
@@ -1,143 +0,0 @@
-require 'digest/sha1'
-
-module Clearance
-  module User
-
-    def self.included(model)
-      model.extend(ClassMethods)
-
-      model.send(:include, InstanceMethods)
-      model.send(:include, AttrAccessible)
-      model.send(:include, AttrAccessor)
-      model.send(:include, Validations)
-      model.send(:include, Callbacks)
-    end
-
-    module AttrAccessible
-      def self.included(model)
-        model.class_eval do
-          attr_accessible :email, :password, :password_confirmation
-        end
-      end
-    end
-
-    module AttrAccessor
-      def self.included(model)
-        model.class_eval do
-          attr_accessor :password, :password_confirmation
-        end
-      end
-    end
-
-    module Validations
-      def self.included(model)
-        model.class_eval do
-          validates_presence_of     :email
-          validates_uniqueness_of   :email, :case_sensitive => false
-          validates_format_of       :email, :with => %r{.+@.+\..+}
-
-          validates_presence_of     :password, :if => :password_required?
-          validates_confirmation_of :password, :if => :password_required?
-        end
-      end
-    end
-
-    module Callbacks
-      def self.included(model)
-        model.class_eval do
-          before_save :initialize_salt, :encrypt_password, :initialize_token
-        end
-      end
-    end
-
-    module InstanceMethods
-      def authenticated?(password)
-        encrypted_password == encrypt(password)
-      end
-
-      def encrypt(string)
-        generate_hash("--#{salt}--#{string}--")
-      end
-
-      def remember?
-        token_expires_at && Time.now.utc < token_expires_at
-      end
-
-      def remember_me!
-        remember_me_until! 2.weeks.from_now.utc
-      end
-
-      def forget_me!
-        clear_token
-        save(false)
-      end
-
-      def confirm_email!
-        self.email_confirmed  = true
-        self.token            = nil
-        save(false)
-      end
-
-      def forgot_password!
-        generate_token
-        save(false)
-      end
-
-      def update_password(new_password, new_password_confirmation)
-        self.password              = new_password
-        self.password_confirmation = new_password_confirmation
-        clear_token if valid?
-        save
-      end
-
-      protected
-
-      def generate_hash(string)
-        Digest::SHA1.hexdigest(string)
-      end
-
-      def initialize_salt
-        if new_record?
-          self.salt = generate_hash("--#{Time.now.utc.to_s}--#{password}--")
-        end
-      end
-
-      def encrypt_password
-        return if password.blank?
-        self.encrypted_password = encrypt(password)
-      end
-
-      def generate_token
-        self.token = encrypt("--#{Time.now.utc.to_s}--#{password}--")
-        self.token_expires_at = nil
-      end
-
-      def clear_token
-        self.token            = nil
-        self.token_expires_at = nil
-      end
-
-      def initialize_token
-        generate_token if new_record?
-      end
-
-      def password_required?
-        encrypted_password.blank? || !password.blank?
-      end
-
-      def remember_me_until!(time)
-        self.token_expires_at = time
-        self.token = encrypt("--#{token_expires_at}--#{password}--")
-        save(false)
-      end
-    end
-
-    module ClassMethods
-      def authenticate(email, password)
-        return nil  unless user = find_by_email(email)
-        return user if     user.authenticated?(password)
-      end
-    end
-
-  end
-end
@@ -1 +0,0 @@
-require 'clearance'
 \ No newline at end of file
@@ -1,262 +0,0 @@
-module Clearance
-  module Shoulda
-
-    # STATE OF AUTHENTICATION
-
-    def should_be_signed_in_as(&block)
-      should "be signed in as #{block.bind(self).call}" do
-        user = block.bind(self).call
-        assert_not_nil user,
-          "please pass a User. try: should_be_signed_in_as { @user }"
-        assert_equal user, @controller.send(:current_user),
-          "#{user.inspect} is not the current_user, " <<
-          "which is #{@controller.send(:current_user).inspect}"
-      end
-    end
-
-    def should_be_signed_in_and_email_confirmed_as(&block)
-      warn "[DEPRECATION] should_be_signed_in_and_email_confirmed_as: questionable usefulness"
-      should_be_signed_in_as &block
-
-      should "have confirmed email" do
-        user = block.bind(self).call
-
-        assert_not_nil user
-        assert_equal user, assigns(:user)
-        assert assigns(:user).email_confirmed?
-      end
-    end
-
-    def should_not_be_signed_in
-      should "not be signed in" do
-        assert_nil session[:user_id]
-      end
-    end
-
-    def should_deny_access_on(http_method, action, opts = {})
-      warn "[DEPRECATION] should_deny_access_on: use a setup & should_deny_access(:flash => ?)"
-      flash_message = opts.delete(:flash)
-      context "on #{http_method} to #{action}" do
-        setup do
-          send(http_method, action, opts)
-        end
-
-        should_deny_access(:flash => flash_message)
-      end
-    end
-
-    def should_deny_access(opts = {})
-      if opts[:flash]
-        should_set_the_flash_to opts[:flash]
-      else
-        should_not_set_the_flash
-      end
-
-      should_redirect_to('new_session_url') { new_session_url }
-    end
-
-    # HTTP FLUENCY
-
-    def should_forbid(description, &block)
-      should "forbid #{description}" do
-        assert_raises ActionController::Forbidden do
-          instance_eval(&block)
-        end
-      end
-    end
-
-    # CONTEXTS
-
-    def signed_in_user_context(&blk)
-      warn "[DEPRECATION] signed_in_user_context: creates a Mystery Guest, causes Obscure Test"
-      context "A signed in user" do
-        setup do
-          @user = Factory(:user)
-          @user.confirm_email!
-          sign_in_as @user
-        end
-        merge_block(&blk)
-      end
-    end
-
-    def public_context(&blk)
-      warn "[DEPRECATION] public_context: common case is no-op. call sign_out otherwise"
-      context "The public" do
-        setup { sign_out }
-        merge_block(&blk)
-      end
-    end
-
-    # CREATING USERS
-
-    def should_create_user_successfully
-      warn "[DEPRECATION] should_create_user_successfully: not meant to be public, no longer used internally"
-      should_assign_to :user
-      should_change 'User.count', :by => 1
-
-      should "send the confirmation email" do
-        assert_sent_email do |email|
-          email.subject =~ /account confirmation/i
-        end
-      end
-
-      should_set_the_flash_to /confirm/i
-      should_redirect_to_url_after_create
-    end
-
-    # RENDERING
-
-    def should_render_nothing
-      should "render nothing" do
-        assert @response.body.blank?
-      end
-    end
-
-    # REDIRECTS
-
-    def should_redirect_to_url_after_create
-      should_redirect_to("the post-create url") do
-        @controller.send(:url_after_create)
-      end
-    end
-
-    def should_redirect_to_url_after_update
-      should_redirect_to("the post-update url") do
-        @controller.send(:url_after_update)
-      end
-    end
-
-    def should_redirect_to_url_after_destroy
-      should_redirect_to("the post-destroy url") do
-        @controller.send(:url_after_destroy)
-      end
-    end
-
-    # VALIDATIONS
-
-    def should_validate_confirmation_of(attribute, opts = {})
-      warn "[DEPRECATION] should_validate_confirmation_of: not meant to be public, no longer used internally"
-      raise ArgumentError if opts[:factory].nil?
-
-      context "on save" do
-        should_validate_confirmation_is_not_blank opts[:factory], attribute
-        should_validate_confirmation_is_not_bad   opts[:factory], attribute
-      end
-    end
-
-    def should_validate_confirmation_is_not_blank(factory, attribute, opts = {})
-      warn "[DEPRECATION] should_validate_confirmation_is_not_blank: not meant to be public, no longer used internally"
-      should "validate #{attribute}_confirmation is not blank" do
-        model = Factory.build(factory, blank_confirmation_options(attribute))
-        model.save
-        assert_confirmation_error(model, attribute,
-          "#{attribute}_confirmation cannot be blank")
-      end
-    end
-
-    def should_validate_confirmation_is_not_bad(factory, attribute, opts = {})
-      warn "[DEPRECATION] should_validate_confirmation_is_not_bad: not meant to be public, no longer used internally"
-      should "validate #{attribute}_confirmation is different than #{attribute}" do
-        model = Factory.build(factory, bad_confirmation_options(attribute))
-        model.save
-        assert_confirmation_error(model, attribute, 
-          "#{attribute}_confirmation cannot be different than #{attribute}")
-      end
-    end
-
-    # FORMS
-
-    def should_display_a_password_update_form
-      warn "[DEPRECATION] should_display_a_password_update_form: not meant to be public, no longer used internally"
-      should "have a form for the user's token, password, and password confirm" do
-        update_path = ERB::Util.h(
-          user_password_path(@user, :token => @user.token)
-        )
-
-        assert_select 'form[action=?]', update_path do
-          assert_select 'input[name=_method][value=?]', 'put'
-          assert_select 'input[name=?]', 'user[password]'
-          assert_select 'input[name=?]', 'user[password_confirmation]'
-        end
-      end
-    end
-
-    def should_display_a_sign_up_form
-      warn "[DEPRECATION] should_display_a_sign_up_form: not meant to be public, no longer used internally"
-      should "display a form to sign up" do
-        assert_select "form[action=#{users_path}][method=post]",
-        true, "There must be a form to sign up" do
-          assert_select "input[type=text][name=?]",
-            "user[email]", true, "There must be an email field"
-          assert_select "input[type=password][name=?]",
-            "user[password]", true, "There must be a password field"
-          assert_select "input[type=password][name=?]",
-            "user[password_confirmation]", true, "There must be a password confirmation field"
-          assert_select "input[type=submit]", true,
-            "There must be a submit button"
-        end
-      end
-    end
-
-    def should_display_a_sign_in_form
-      warn "[DEPRECATION] should_display_a_sign_in_form: not meant to be public, no longer used internally"
-      should 'display a "sign in" form' do
-        assert_select "form[action=#{session_path}][method=post]",
-          true, "There must be a form to sign in" do
-            assert_select "input[type=text][name=?]",
-              "session[email]", true, "There must be an email field"
-            assert_select "input[type=password][name=?]",
-              "session[password]", true, "There must be a password field"
-            assert_select "input[type=checkbox][name=?]",
-              "session[remember_me]", true, "There must be a 'remember me' check box"
-            assert_select "input[type=submit]", true,
-              "There must be a submit button"
-        end
-      end
-    end
-  end
-end
-
-module Clearance
-  module Shoulda
-    module Helpers
-      def sign_in_as(user)
-        @controller.class_eval { attr_accessor :current_user }
-        @controller.current_user = user
-        return user
-      end
-
-      def sign_in
-        sign_in_as Factory(:email_confirmed_user)
-      end
-
-      def sign_out
-        @controller.class_eval { attr_accessor :current_user }
-        @controller.current_user = nil
-      end
-
-      def blank_confirmation_options(attribute)
-        warn "[DEPRECATION] blank_confirmation_options: not meant to be public, no longer used internally"
-        opts = { attribute => attribute.to_s }
-        opts.merge("#{attribute}_confirmation".to_sym => "")
-      end
-
-      def bad_confirmation_options(attribute)
-        warn "[DEPRECATION] bad_confirmation_options: not meant to be public, no longer used internally"
-        opts = { attribute => attribute.to_s }
-        opts.merge("#{attribute}_confirmation".to_sym => "not_#{attribute}")
-      end
-
-      def assert_confirmation_error(model, attribute, message = "confirmation error")
-        warn "[DEPRECATION] assert_confirmation_error: not meant to be public, no longer used internally"
-        assert model.errors.on(attribute).include?("doesn't match confirmation"),
-          message
-      end
-    end
-  end
-end
-
-class Test::Unit::TestCase
-  include Clearance::Shoulda::Helpers
-end
-Test::Unit::TestCase.extend(Clearance::Shoulda)
@@ -1,64 +0,0 @@
-require 'test_helper'
-
-class ConfirmationsControllerTest < ActionController::TestCase
-
-  tests Clearance::ConfirmationsController
-
-  should_filter_params :token
-
-  context "a user whose email has not been confirmed" do
-    setup { @user = Factory(:user) }
-
-    should "have a token" do
-      assert_not_nil @user.token
-      assert_not_equal "", @user.token
-    end
-
-    context "on GET to #new with correct id and token" do
-      setup do
-        get :new, :user_id => @user.to_param, :token => @user.token
-      end
-
-      should_set_the_flash_to /confirmed email/i
-      should_set_the_flash_to /signed in/i
-      should_be_signed_in_and_email_confirmed_as { @user }
-      should_redirect_to_url_after_create
-    end
-
-    context "with an incorrect token" do
-      setup do
-        @bad_token = "bad token"
-        assert_not_equal @bad_token, @user.token
-      end
-
-      should_forbid "on GET to #new with incorrect token" do
-        get :new, :user_id => @user.to_param, :token => @bad_token
-      end
-    end
-
-    should_forbid "on GET to #new with blank token" do
-      get :new, :user_id => @user.to_param, :token => ""
-    end
-
-    should_forbid "on GET to #new with no token" do
-      get :new, :user_id => @user.to_param
-    end
-  end
-
-  context "a user with email confirmed" do
-    setup { @user = Factory(:email_confirmed_user) }
-
-    should_forbid "on GET to #new with correct id" do
-      get :new, :user_id => @user.to_param
-    end
-  end
-
-  context "no users" do
-    setup { assert_equal 0, ::User.count }
-
-    should_forbid "on GET to #new with nonexistent id and token" do
-      get :new, :user_id => '123', :token => '123'
-    end
-  end
-
-end
@@ -1,175 +0,0 @@
-require 'test_helper'
-
-class PasswordsControllerTest < ActionController::TestCase
-
-  tests Clearance::PasswordsController
-
-  should_route :get, '/users/1/password/edit',
-    :controller => 'clearance/passwords', :action  => 'edit', :user_id => '1'
-
-  context "a signed up user" do
-    setup do
-      @user = Factory(:user)
-    end
-
-    context "on GET to #new" do
-      setup { get :new, :user_id => @user.to_param }
-
-      should_respond_with :success
-      should_render_template "new"
-    end
-
-    context "on POST to #create" do
-      context "with correct email address" do
-        setup do
-          ActionMailer::Base.deliveries.clear
-          post :create, :password => { :email => @user.email }
-        end
-
-        should "generate a token for the change your password email" do
-          assert_not_nil @user.reload.token
-        end
-
-        should "send the change your password email" do
-          assert_sent_email do |email|
-            email.subject =~ /change your password/i
-          end
-        end
-
-        should_set_the_flash_to /password/i
-        should_redirect_to_url_after_create
-      end
-
-      context "with incorrect email address" do
-        setup do
-          email = "user1@example.com"
-          assert ! ::User.exists?(['email = ?', email])
-          ActionMailer::Base.deliveries.clear
-          assert_equal @user.token, @user.reload.token
-
-          post :create, :password => { :email => email }
-        end
-
-        should "not generate a token for the change your password email" do
-          assert_equal @user.token, @user.reload.token
-        end
-
-        should "not send a password reminder email" do
-          assert ActionMailer::Base.deliveries.empty?
-        end
-
-        should "set the failure flash to Unknown email" do
-          assert_match /unknown email/i, flash.now[:failure]
-        end
-
-        should_render_template :new
-      end
-    end
-  end
-
-  context "a signed up user and forgotten password" do
-    setup do
-      @user = Factory(:user)
-      @user.forgot_password!
-    end
-
-    context "on GET to #edit with correct id and token" do
-      setup do
-        get :edit, :user_id => @user.to_param, :token => @user.token
-      end
-
-      should "find the user" do
-        assert_equal @user, assigns(:user)
-      end
-
-      should_respond_with :success
-      should_render_template "edit"
-      should_display_a_password_update_form
-    end
-
-    should_forbid "on GET to #edit with correct id but blank token" do
-      get :edit, :user_id => @user.to_param, :token => ""
-    end
-
-    should_forbid "on GET to #edit with correct id but no token" do
-      get :edit, :user_id => @user.to_param
-    end
-
-    context "on PUT to #update with matching password and password confirmation" do
-      setup do
-        new_password = "new_password"
-        @encrypted_new_password = @user.encrypt(new_password)
-        assert_not_equal @encrypted_new_password, @user.encrypted_password
-
-        put(:update,
-            :user_id  => @user,
-            :token    => @user.token,
-            :user     => {
-              :password              => new_password,
-              :password_confirmation => new_password
-            })
-        @user.reload
-      end
-
-      should "update password" do
-        assert_equal @encrypted_new_password, @user.encrypted_password
-      end
-
-      should "clear token" do
-        assert_nil @user.token
-      end
-
-      should_be_signed_in_as { @user }
-      should_set_the_flash_to(/signed in/i)
-      should_redirect_to_url_after_update
-    end
-
-    context "on PUT to #update with password but blank password confirmation" do
-      setup do
-        new_password = "new_password"
-        @encrypted_new_password = @user.encrypt(new_password)
-
-        put(:update,
-            :user_id => @user.to_param,
-            :token   => @user.token,
-            :user    => {
-              :password => new_password,
-              :password_confirmation => ''
-            })
-        @user.reload
-      end
-
-      should "not update password" do
-        assert_not_equal @encrypted_new_password, @user.encrypted_password
-      end
-
-      should "not clear token" do
-        assert_not_nil @user.token
-      end
-
-      should_not_be_signed_in
-      should_not_set_the_flash
-      should_respond_with    :success
-      should_render_template :edit
-
-      should_display_a_password_update_form
-    end
-
-    should_forbid "on PUT to #update with id but no token" do
-      put :update, :user_id => @user.to_param, :token => ""
-    end
-  end
-
-  context "given two users and user one signs in" do
-    setup do
-      @user_one = Factory(:user)
-      @user_two = Factory(:user)
-      sign_in_as @user_one
-    end
-
-    should_forbid "when user one tries to change user two's password on GET with no token" do
-      get :edit, :user_id => @user_two.to_param
-    end
-  end
-
-end
@@ -1,178 +0,0 @@
-require 'test_helper'
-
-class SessionsControllerTest < ActionController::TestCase
-
-  tests Clearance::SessionsController
-
-  should_filter_params :password
-
-  context "on GET to /sessions/new" do
-    setup { get :new }
-
-    should_respond_with    :success
-    should_render_template :new
-    should_not_set_the_flash
-    should_display_a_sign_in_form
-  end
-
-  context "on POST to #create with unconfirmed credentials" do
-    setup do
-      @user = Factory(:user)
-      ActionMailer::Base.deliveries.clear
-      post :create, :session => {
-                      :email    => @user.email,
-                      :password => @user.password }
-    end
-
-    should_deny_access(:flash => /User has not confirmed email. Confirmation email will be resent./i)
-
-    should "send the confirmation email" do
-      assert_not_nil email = ActionMailer::Base.deliveries[0]
-      assert_match /account confirmation/i, email.subject
-    end
-  end
-
-  context "on POST to #create with good credentials" do
-    setup do
-      @user = Factory(:email_confirmed_user)
-      post :create, :session => {
-                      :email    => @user.email,
-                      :password => @user.password }
-    end
-
-    should_set_the_flash_to /signed in/i
-    should_redirect_to_url_after_create
-    should_be_signed_in_as { @user }
-  end
-
-  context "on POST to #create with good credentials and remember me" do
-    setup do
-      @user = Factory(:email_confirmed_user)
-      post :create, :session => {
-                      :email       => @user.email,
-                      :password    => @user.password,
-                      :remember_me => '1' }
-    end
-
-    should_set_the_flash_to /signed in/i
-    should_redirect_to_url_after_create
-    should_be_signed_in_as { @user }
-
-    should 'set the cookie' do
-      assert ! cookies['remember_token'].empty?
-    end
-
-    should 'set the token in users table' do
-      assert_not_nil @user.reload.token
-      assert_not_nil @user.reload.token_expires_at
-    end
-  end
-
-  context "on POST to #create with good credentials and a session return url" do
-    setup do
-      @user = Factory(:email_confirmed_user)
-      @return_url = '/url_in_the_session'
-      @request.session[:return_to] = @return_url
-      post :create, :session => {
-                      :email    => @user.email,
-                      :password => @user.password }
-    end
-
-    should_redirect_to("the return URL") { @return_url }
-  end
-
-  context "on POST to #create with good credentials and a request return url" do
-    setup do
-      @user = Factory(:email_confirmed_user)
-      @return_url = '/url_in_the_request'
-      post :create, :session => {
-                      :email     => @user.email,
-                      :password  => @user.password },
-                      :return_to => @return_url
-    end
-
-    should_redirect_to("the return URL") { @return_url }
-  end
-
-  context "on POST to #create with good credentials and a session return url and request return url" do
-    setup do
-      @user = Factory(:email_confirmed_user)
-      @return_url = '/url_in_the_session'
-      @request.session[:return_to] = @return_url
-      post :create, :session => {
-                      :email     => @user.email,
-                      :password  => @user.password },
-                      :return_to => '/url_in_the_request'
-    end
-
-    should_redirect_to("the return URL") { @return_url }
-  end
-
-  context "on POST to #create with bad credentials" do
-    setup do
-      post :create, :session => {
-                      :email    => 'bad.email@example.com',
-                      :password => "bad value" }
-    end
-
-    should_set_the_flash_to /bad/i
-    should_respond_with    :unauthorized
-    should_render_template :new
-    should_not_be_signed_in
-  end
-
-  context "on POST to #create with bad credentials and remember me" do
-    setup do
-      post :create, :session => {
-                      :email       => 'bad.email@example.com',
-                      :password    => "bad value",
-                      :remember_me => '1' }
-    end
-
-    should_set_the_flash_to /bad/i
-    should_respond_with    :unauthorized
-    should_render_template :new
-    should_not_be_signed_in
-
-    should 'not create the cookie' do
-      assert_nil cookies['remember_token']
-    end
-  end
-
-  context "on DELETE to #destroy given a signed out user" do
-    setup do
-      sign_out
-      delete :destroy
-    end
-    should_set_the_flash_to(/signed out/i)
-    should_redirect_to_url_after_destroy
-  end
-
-  context "on DELETE to #destroy without a cookie" do
-    setup do
-      sign_in
-      delete :destroy
-    end
-    should_set_the_flash_to(/signed out/i)
-    should_redirect_to_url_after_destroy
-  end
-
-  context "on DELETE to #destroy with a cookie" do
-    setup do
-      @user = Factory(:email_confirmed_user)
-      cookies['remember_token'] = CGI::Cookie.new('token', 'value')
-      sign_in_as @user
-      delete :destroy
-    end
-
-    should "delete the cookie token" do
-      assert_nil cookies['remember_token']
-    end
-
-    should "delete the database token" do
-      assert_nil @user.reload.token
-      assert_nil @user.reload.token_expires_at
-    end
-  end
-
-end
...	...	@@ -0,0 +1,145 @@
	1	+--- !ruby/object:Gem::Specification
	2	+name: thoughtbot-clearance
	3	+version: !ruby/object:Gem::Version
	4	+ version: 0.7.0
	5	+platform: ruby
	6	+authors:
	7	+- Dan Croak
	8	+- Mike Burns
	9	+- Jason Morrison
	10	+- Joe Ferris
	11	+- Eugene Bolshakov
	12	+- Nick Quaranto
	13	+- Josh Nichols
	14	+- Mike Breen
	15	+- "Marcel G\xC3\xB6rner"
	16	+- Bence Nagy
	17	+- Ben Mabey
	18	+- Eloy Duran
	19	+- Tim Pope
	20	+- Mihai Anca
	21	+- Mark Cornick
	22	+- Shay Arnett
	23	+autorequire:
	24	+bindir: bin
	25	+cert_chain: []
	26	+
	27	+date: 2009-08-04 00:00:00 -04:00
	28	+default_executable:
	29	+dependencies: []
	30	+
	31	+description: Rails authentication with email & password.
	32	+email: support@thoughtbot.com
	33	+executables: []
	34	+
	35	+extensions: []
	36	+
	37	+extra_rdoc_files: []
	38	+
	39	+files:
	40	+- CHANGELOG.textile
	41	+- LICENSE
	42	+- Rakefile
	43	+- README.textile
	44	+- TODO.textile
	45	+- app/controllers
	46	+- app/controllers/clearance
	47	+- app/controllers/clearance/confirmations_controller.rb
	48	+- app/controllers/clearance/passwords_controller.rb
	49	+- app/controllers/clearance/sessions_controller.rb
	50	+- app/controllers/clearance/users_controller.rb
	51	+- app/models
	52	+- app/models/clearance_mailer.rb
	53	+- app/views
	54	+- app/views/clearance_mailer
	55	+- app/views/clearance_mailer/change_password.html.erb
	56	+- app/views/clearance_mailer/confirmation.html.erb
	57	+- app/views/passwords
	58	+- app/views/passwords/edit.html.erb
	59	+- app/views/passwords/new.html.erb
	60	+- app/views/sessions
	61	+- app/views/sessions/new.html.erb
	62	+- app/views/users
	63	+- app/views/users/_form.html.erb
	64	+- app/views/users/new.html.erb
	65	+- config/clearance_routes.rb
	66	+- generators/clearance
	67	+- generators/clearance/clearance_generator.rb
	68	+- generators/clearance/lib
	69	+- generators/clearance/lib/insert_commands.rb
	70	+- generators/clearance/lib/rake_commands.rb
	71	+- generators/clearance/templates
	72	+- generators/clearance/templates/factories.rb
	73	+- generators/clearance/templates/migrations
	74	+- generators/clearance/templates/migrations/create_users.rb
	75	+- generators/clearance/templates/migrations/update_users.rb
	76	+- generators/clearance/templates/README
	77	+- generators/clearance/templates/user.rb
	78	+- generators/clearance/USAGE
	79	+- generators/clearance_features
	80	+- generators/clearance_features/clearance_features_generator.rb
	81	+- generators/clearance_features/templates
	82	+- generators/clearance_features/templates/features
	83	+- generators/clearance_features/templates/features/password_reset.feature
	84	+- generators/clearance_features/templates/features/sign_in.feature
	85	+- generators/clearance_features/templates/features/sign_out.feature
	86	+- generators/clearance_features/templates/features/sign_up.feature
	87	+- generators/clearance_features/templates/features/step_definitions
	88	+- generators/clearance_features/templates/features/step_definitions/clearance_steps.rb
	89	+- generators/clearance_features/templates/features/step_definitions/factory_girl_steps.rb
	90	+- generators/clearance_features/templates/features/support
	91	+- generators/clearance_features/templates/features/support/paths.rb
	92	+- generators/clearance_features/USAGE
	93	+- generators/clearance_views
	94	+- generators/clearance_views/clearance_views_generator.rb
	95	+- generators/clearance_views/templates
	96	+- generators/clearance_views/templates/formtastic
	97	+- generators/clearance_views/templates/formtastic/passwords
	98	+- generators/clearance_views/templates/formtastic/passwords/edit.html.erb
	99	+- generators/clearance_views/templates/formtastic/passwords/new.html.erb
	100	+- generators/clearance_views/templates/formtastic/sessions
	101	+- generators/clearance_views/templates/formtastic/sessions/new.html.erb
	102	+- generators/clearance_views/templates/formtastic/users
	103	+- generators/clearance_views/templates/formtastic/users/_inputs.html.erb
	104	+- generators/clearance_views/templates/formtastic/users/new.html.erb
	105	+- generators/clearance_views/USAGE
	106	+- lib/clearance
	107	+- lib/clearance/authentication.rb
	108	+- lib/clearance/extensions
	109	+- lib/clearance/extensions/errors.rb
	110	+- lib/clearance/extensions/rescue.rb
	111	+- lib/clearance/extensions/routes.rb
	112	+- lib/clearance/user.rb
	113	+- lib/clearance.rb
	114	+- shoulda_macros/clearance.rb
	115	+- rails/init.rb
	116	+has_rdoc: true
	117	+homepage: http://github.com/thoughtbot/clearance
	118	+licenses: []
	119	+
	120	+post_install_message:
	121	+rdoc_options: []
	122	+
	123	+require_paths:
	124	+- lib
	125	+required_ruby_version: !ruby/object:Gem::Requirement
	126	+ requirements:
	127	+ - - ">="
	128	+ - !ruby/object:Gem::Version
	129	+ version: "0"
	130	+ version:
	131	+required_rubygems_version: !ruby/object:Gem::Requirement
	132	+ requirements:
	133	+ - - ">="
	134	+ - !ruby/object:Gem::Version
	135	+ version: "0"
	136	+ version:
	137	+requirements: []
	138	+
	139	+rubyforge_project:
	140	+rubygems_version: 1.3.4
	141	+signing_key:
	142	+specification_version: 3
	143	+summary: Rails authentication with email & password.
	144	+test_files: []
	145	+
...	...
...	...	@@ -0,0 +1,176 @@
	1	+h2. 0.7.0 (08/04/2009)
	2	+
	3	+* Redirect signed in user who clicks confirmation link again. (Dan Croak)
	4	+* Redirect signed out user who clicks confirmation link again. (Dan Croak)
	5	+* Added signed_out? convenience method for controllers, helpers, views. (Dan
	6	+Croak)
	7	+* Added clearance_views generator. By default, creates formtastic views which
	8	+pass all tests and features. (Dan Croak)
	9	+
	10	+h2. 0.6.9 (07/04/2009)
	11	+
	12	+* Added timestamps to create users migration. (Dan Croak)
	13	+* Ready for Ruby 1.9. (Jason Morrison, Nick Quaranto)
	14	+
	15	+h2. 0.6.8 (06/24/2009)
	16	+
	17	+* Added defined? checks for various Rails constants such as ActionController
	18	+for easier unit testing of Clearance extensions... particularly ActiveRecord
	19	+extensions... particularly strong_password. (Dan Croak)
	20	+
	21	+h2. 0.6.7 (06/13/2009)
	22	+
	23	+* [#30] Added sign_up, sign_in, sign_out named routes. (Dan Croak)
	24	+* [#22] Minimizing Reek smell: Duplication in redirect_back_or. (Dan Croak)
	25	+* Deprecated sign_user_in. Told developers to use sign_in instead. (Dan
	26	+Croak)
	27	+* [#16] flash_success_after_create, flash_notice_after_create, flash_failure_after_create, flash_sucess_after_update, flash_success_after_destroy, etc. (Dan Croak)
	28	+* [#17] bug. added #create to forbidden before_filters on confirmations controller. (Dan Croak)
	29	+* [#24] should_be_signed_in_as shouldn't look in the session. (Dan Croak)
	30	+* README improvements. (Dan Croak)
	31	+* Move routes loading to separate file. (Joshua Clayton)
	32	+
	33	+h2. 0.6.6 (05/18/2009)
	34	+
	35	+* [#14] replaced class_eval in Clearance::User with modules. This was needed
	36	+in a thoughtbot client app so we could write our own validations. (Dan Croak)
	37	+
	38	+h2. 0.6.5 (05/17/2009)
	39	+
	40	+* [#6] Make Clearance i18n aware. (Timur Vafin, Marcel Goerner, Eugene Bolshakov, Dan Croak)
	41	+
	42	+h2. 0.6.4 (05/12/2009)
	43	+
	44	+* Moved issue tracking to Github from Lighthouse. (Dan Croak)
	45	+* [#7] asking higher-level questions of controllers in webrat steps, such as signed_in? instead of what's in the session. same for accessors. (Dan Croak)
	46	+* [#11] replacing sign_in_as & sign_out shoulda macros with a stubbing (requires no dependency) approach. this will avoid dealing with the internals of current_user, such as session & cookies. added sign_in macro which signs in an email confirmed user from clearance's factories. (Dan Croak)
	47	+* [#13] move private methods on sessions controller into Clearance::Authentication module (Dan Croak)
	48	+* [#9] audited flash keys. (Dan Croak)
	49	+
	50	+h2. 0.6.3 (04/23/2009)
	51	+
	52	+* Scoping ClearanceMailer properly within controllers so it works in production environments. (Nick Quaranto)
	53	+
	54	+h2. 0.6.2 (04/22/2009)
	55	+
	56	+* Insert Clearance::User into User model if it exists. (Nick Quaranto)
	57	+* World(NavigationHelpers) Cucumber 3.0 style. (Shay Arnett & Mark Cornick)
	58	+
	59	+h2. 0.6.1 (04/21/2009)
	60	+* Scope operators are necessary to keep Rails happy. Reverting the original
	61	+revert so they're back in the library now for constants referenced inside of
	62	+the gem. (Nick Quaranto)
	63	+
	64	+h2. 0.6.0 (04/21/2009)
	65	+
	66	+* Converted Clearance to a Rails engine. (Dan Croak & Joe Ferris)
	67	+* Include Clearance::User in User model in app. (Dan Croak & Joe Ferris)
	68	+* Include Clearance::Authentication in ApplicationController. (Dan Croak & Joe Ferris)
	69	+* Namespace controllers under Clearance. (Dan Croak & Joe Ferris)
	70	+* Routes move to engine, use namespaced controllers but publicly the same. (Dan Croak & Joe Ferris)
	71	+* If you want to override a controller, subclass it like SessionsController <
	72	+Clearance::SessionsController. This gives you access to usual hooks such as
	73	+url_after_create. (Dan Croak & Joe Ferris)
	74	+* Controllers, mailer, model, routes all unit tested inside engine. Use
	75	+script/generate clearance_features to test integration of Clearance with your
	76	+Rails app. No longer including modules in your app's test files. (Dan Croak & Joe Ferris)
	77	+* Moved views to engine. (Joe Ferris)
	78	+* Converted generated test/factories/clearance.rb to use inheritence for
	79	+email_confirmed_user. (Dan Croak)
	80	+* Corrected some spelling errors with methods (Nick Quaranto)
	81	+* Converted "I should see error messages" to use a regex in the features (Nick
	82	+Quaranto)
	83	+* Loading clearance routes after rails routes via some monkeypatching (Nick
	84	+Quaranto)
	85	+* Made the clearance controllers unloadable to stop constant loading errors in
	86	+development mode (Nick Quaranto)
	87	+
	88	+h2. 0.5.6 (4/11/2009)
	89	+
	90	+* [#57] Step definition changed for "User should see error messages" so
	91	+features won't fail for certain validations. (Nick Quaranto)
	92	+
	93	+h2. 0.5.5 (3/23/2009)
	94	+
	95	+* Removing duplicate test to get rid of warning. (Nick Quaranto)
	96	+
	97	+h2. 0.5.4 (3/21/2009)
	98	+
	99	+* When users fail logging in, redirect them instead of rendering. (Matt
	100	+Jankowski)
	101	+
	102	+h2. 0.5.3 (3/5/2009)
	103	+
	104	+* Clearance now works with (and requires) Shoulda 2.10.0. (Mark Cornick, Joe
	105	+Ferris, Dan Croak)
	106	+* Prefer flat over nested contexts in sessions_controller_test. (Joe Ferris,
	107	+Dan Croak)
	108	+
	109	+h2. 0.5.2 (3/2/2009)
	110	+
	111	+* Fixed last remaining errors in Rails 2.3 tests. Now fully compatible. (Joe
	112	+Ferris, Dan Croak)
	113	+
	114	+h2. 0.5.1 (2/27/2009)
	115	+
	116	+* [#46] A user with unconfirmed email who resets password now confirms email.
	117	+(Marcel Görner)
	118	+* Refactored user_from_cookie, user_from_session, User#authenticate to use
	119	+more direct return code instead of ugly, harder to read ternary. (Dan Croak)
	120	+* Switch order of cookies and sessions to take advantage of Rails 2.3's "Rack-based lazy-loaded sessions":http://is.gd/i23E. (Dan Croak)
	121	+* Altered generator to interact with application_controller.rb instead of
	122	+application.rb in Rails 2.3 apps. (Dan Croak)
	123	+* [#42] Bug fix. Rack-based session change altered how to test remember me
	124	+cookie. (Mihai Anca)
	125	+
	126	+h2. 0.5.0 (2/27/2009)
	127	+
	128	+* Fixed problem with Cucumber features. (Dan Croak)
	129	+* Fixed mising HTTP fluency use case. (Dan Croak)
	130	+* Refactored User#update_password to take just parameters it needs. (Dan
	131	+Croak)
	132	+* Refactored User unit tests to be more readable. (Dan Croak)
	133	+
	134	+h2. 0.4.9 (2/20/2009)
	135	+
	136	+* Protect passwords & confirmations actions with forbidden filters. (Dan Croak)
	137	+* Return 403 Forbidden status code in those cases. (Tim Pope)
	138	+* Test 403 Forbidden status code in Cucumber feature. (Dan Croak, Joe Ferris)
	139	+* Raise custom ActionController::Forbidden error internally. (Joe Ferris, Mike Burns, Jason Morrison)
	140	+* Test ActionController::Forbidden error is raised in functional test. (Joe Ferris, Mike Burns, Dan Croak)
	141	+* [#45] Fixed bug that allowed anyone to edit another user's password (Marcel Görner)
	142	+* Required Factory Girl >= 1.2.0. (Dan Croak)
	143	+
	144	+h2. 0.4.8 (2/16/2009)
	145	+
	146	+* Added support paths for Cucumber. (Ben Mabey)
	147	+* Added documentation for the flash. (Ben Mabey)
	148	+* Generators require "test_helper" instead of File.join. for rr compatibility. (Joe Ferris)
	149	+* Removed interpolated email address from flash message to make i18n easier. (Bence Nagy)
	150	+* Standardized flash messages that refer to email delivery. (Dan Croak)
	151	+
	152	+h2. 0.4.7 (2/12/2009)
	153	+
	154	+* Removed Clearance::Test::TestHelper so there is one less setup step. (Dan Croak)
	155	+* All test helpers now in shoulda_macros. (Dan Croak)
	156	+
	157	+h2. 0.4.6 (2/11/2009)
	158	+
	159	+* Made the modules behave like mixins again. (hat-tip Eloy Duran)
	160	+* Created Actions and PrivateMethods modules on controllers for future RDoc reasons. (Dan Croak, Joe Ferris)
	161	+
	162	+h2. 0.4.5 (2/9/2009)
	163	+
	164	+* [#43] Removed email downcasing because local-part is case sensitive per RFC5321. (Dan Croak)
	165	+* [#42] Removed dependency on Mocha. (Dan Croak)
	166	+* Required Shoulda >= 2.9.1. (Dan Croak)
	167	+* Added password reset feature to clearance_features generator. (Eugene Bolshakov, Dan Croak)
	168	+* Removed unnecessary session[:salt]. (Dan Croak)
	169	+* [#41] Only store location for session[:return_to] for GET requests. (Dan Croak)
	170	+* Audited "sign up" naming convention. "Register" had slipped in a few places. (Dan Croak)
	171	+* Switched to SHA1 encryption. Cypher doesn't matter much for email confirmation, password reset. Better to have shorter hashes in the emails for clients who line break on 72 chars. (Dan Croak)
	172	+
	173	+h2. 0.4.4 (2/2/2009)
	174	+
	175	+* Added a generator for Cucumber features. (Joe Ferris, Dan Croak)
	176	+* Standarized naming for "Sign up," "Sign in," and "Sign out". (Dan Croak)
...	...
...	...	@@ -0,0 +1,21 @@
	1	+The MIT License
	2	+
	3	+Copyright (c) 2008 thoughtbot, inc.
	4	+
	5	+Permission is hereby granted, free of charge, to any person obtaining a copy
	6	+of this software and associated documentation files (the "Software"), to deal
	7	+in the Software without restriction, including without limitation the rights
	8	+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
	9	+copies of the Software, and to permit persons to whom the Software is
	10	+furnished to do so, subject to the following conditions:
	11	+
	12	+The above copyright notice and this permission notice shall be included in
	13	+all copies or substantial portions of the Software.
	14	+
	15	+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
	16	+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
	17	+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
	18	+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
	19	+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
	20	+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
	21	+THE SOFTWARE.
...	...
...	...	@@ -0,0 +1,123 @@
	1	+h1. Clearance
	2	+
	3	+Rails authentication with email & password.
	4	+
	5	+"We have clearance, Clarence.":http://www.youtube.com/v/mNRXJEE3Nz8
	6	+
	7	+h2. Wiki
	8	+
	9	+Most information regarding Clearance is on the "Github Wiki":http://wiki.github.com/thoughtbot/clearance.
	10	+
	11	+h2. Installation
	12	+
	13	+Clearance is a Rails engine. It works with versions of Rails greater than 2.3.
	14	+
	15	+In config/environment.rb:
	16	+
	17	+<pre>
	18	+config.gem "thoughtbot-clearance",
	19	+ :lib => 'clearance',
	20	+ :source => 'http://gems.github.com',
	21	+ :version => '0.6.9'
	22	+</pre>
	23	+
	24	+Vendor the gem:
	25	+
	26	+<pre>
	27	+rake gems:install
	28	+rake gems:unpack
	29	+</pre>
	30	+
	31	+Make sure the development database exists and run the generator:
	32	+
	33	+@script/generate clearance@
	34	+
	35	+A number of files will be created and instructions will be printed.
	36	+
	37	+You may already have some of these files. Don't worry. You'll be asked if you want to overwrite them.
	38	+
	39	+Run the migration:
	40	+
	41	+@rake db:migrate@
	42	+
	43	+Define a HOST constant in your environment files.
	44	+In config/environments/test.rb and config/environments/development.rb it can be:
	45	+
	46	+@HOST = "localhost"@
	47	+
	48	+In production.rb it must be the actual host your application is deployed to.
	49	+The constant is used by mailers to generate URLs in emails.
	50	+
	51	+In config/environment.rb:
	52	+
	53	+@DO_NOT_REPLY = "donotreply@example.com"@
	54	+
	55	+Define root_url to something in your config/routes.rb:
	56	+
	57	+@map.root :controller => 'home'@
	58	+
	59	+h2. Cucumber Features
	60	+
	61	+As your app evolves, you want to know that authentication still works. Clearance's opinion is that you should test its integration with your app using "Cucumber":http://cukes.info/.
	62	+
	63	+In config/environments/test.rb:
	64	+
	65	+<pre>
	66	+config.gem 'webrat',
	67	+ :version => '= 0.4.4'
	68	+config.gem 'cucumber',
	69	+ :version => '= 0.3.0'
	70	+config.gem 'thoughtbot-factory_girl',
	71	+ :lib => 'factory_girl',
	72	+ :source => "http://gems.github.com",
	73	+ :version => '1.2.1'
	74	+</pre>
	75	+
	76	+Vendor the gems:
	77	+
	78	+<pre>
	79	+rake gems:install RAILS_ENV=test
	80	+rake gems:unpack RAILS_ENV=test
	81	+</pre>
	82	+
	83	+We don't vendor nokogiri due to its native extensions, so install it normally on your machine:
	84	+
	85	+@sudo gem install nokogiri@
	86	+
	87	+Run the Cucumber generator (if you haven't already) and Clearance's feature generator:
	88	+
	89	+<pre>
	90	+script/generate cucumber
	91	+script/generate clearance_features
	92	+</pre>
	93	+
	94	+All of the files generated should be new with the exception of the features/support/paths.rb file. If you have not modified your paths.rb then you will be okay to replace it with this one. If you need to keep your paths.rb file then add these locations in your paths.rb manually:
	95	+
	96	+<pre>
	97	+def path_to(page_name)
	98	+ case page_name
	99	+ ...
	100	+ when /the sign up page/i
	101	+ new_user_path
	102	+ when /the sign in page/i
	103	+ new_session_path
	104	+ when /the password reset request page/i
	105	+ new_password_path
	106	+ ...
	107	+end
	108	+</pre>
	109	+
	110	+h2. Authors
	111	+
	112	+Clearance was extracted out of "Hoptoad":http://hoptoadapp.com. We merged the authentication code from two of thoughtbot's clients' Rails apps and have since used it each time we need authentication. The following people have improved the library. Thank you!
	113	+
	114	+Dan Croak, Mike Burns, Jason Morrison, Joe Ferris, Eugene Bolshakov, Nick Quaranto, Josh Nichols, Mike Breen, Marcel Görner, Bence Nagy, Ben Mabey, Eloy Duran, Tim Pope, Mihai Anca, Mark Cornick, Shay Arnett, Joshua Clayton & Mustafa Ekim.
	115	+
	116	+h2. Questions?
	117	+
	118	+Ask the "mailing list":http://groups.google.com/group/thoughtbot-clearance
	119	+
	120	+h2. Suggestions, Bugs, Refactoring?
	121	+
	122	+Fork away and create a "Github Issue":http://github.com/thoughtbot/clearance/issues. Please don't send pull requests.
	123	+
...	...
...	...	@@ -0,0 +1,103 @@
	1	+# encoding: utf-8
	2	+
	3	+require 'rake'
	4	+require 'rake/testtask'
	5	+require 'cucumber/rake/task'
	6	+
	7	+namespace :test do
	8	+ Rake::TestTask.new(:basic => ["generator:cleanup",
	9	+ "generator:clearance",
	10	+ "generator:clearance_features"]) do \|task\|
	11	+ task.libs << "lib"
	12	+ task.libs << "test"
	13	+ task.pattern = "test/*/_test.rb"
	14	+ task.verbose = false
	15	+ end
	16	+
	17	+ Rake::TestTask.new(:views => ["generator:clearance_views"]) do \|task\|
	18	+ task.libs << "lib"
	19	+ task.libs << "test"
	20	+ task.pattern = "test/*/_test.rb"
	21	+ task.verbose = false
	22	+ end
	23	+
	24	+ Cucumber::Rake::Task.new(:features) do \|t\|
	25	+ t.cucumber_opts = "--format progress"
	26	+ t.feature_pattern = "test/rails_root/features/*.feature"
	27	+ end
	28	+
	29	+ Cucumber::Rake::Task.new(:features_for_views) do \|t\|
	30	+ t.cucumber_opts = "--format progress"
	31	+ t.feature_pattern = "test/rails_root/features/*.feature"
	32	+ end
	33	+end
	34	+
	35	+generators = %w(clearance clearance_features clearance_views)
	36	+
	37	+namespace :generator do
	38	+ desc "Cleans up the test app before running the generator"
	39	+ task :cleanup do
	40	+ generators.each do \|generator\|
	41	+ FileList["generators/#{generator}/templates/*/.*"].each do \|each\|
	42	+ file = "test/rails_root/#{each.gsub("generators/#{generator}/templates/",'')}"
	43	+ File.delete(file) if File.exists?(file)
	44	+ end
	45	+ end
	46	+
	47	+ FileList["test/rails_root/db/*/"].each do \|each\|
	48	+ FileUtils.rm_rf(each)
	49	+ end
	50	+
	51	+ FileUtils.rm_rf("test/rails_root/vendor/plugins/clearance")
	52	+ FileUtils.mkdir_p("test/rails_root/vendor/plugins")
	53	+ clearance_root = File.expand_path(File.dirname(__FILE__))
	54	+ system("ln -s #{clearance_root} test/rails_root/vendor/plugins/clearance")
	55	+
	56	+ FileUtils.rm_rf("test/rails_root/app/views/passwords")
	57	+ FileUtils.rm_rf("test/rails_root/app/views/sessions")
	58	+ FileUtils.rm_rf("test/rails_root/app/views/users")
	59	+ end
	60	+
	61	+ desc "Run the clearance generator"
	62	+ task :clearance do
	63	+ system "cd test/rails_root && ./script/generate clearance && rake db:migrate db:test:prepare"
	64	+ end
	65	+
	66	+ desc "Run the clearance features generator"
	67	+ task :clearance_features do
	68	+ system "cd test/rails_root && ./script/generate clearance_features"
	69	+ end
	70	+
	71	+ desc "Run the clearance views generator"
	72	+ task :clearance_views do
	73	+ system "cd test/rails_root && ./script/generate clearance_views"
	74	+ end
	75	+end
	76	+
	77	+desc "Run the test suite"
	78	+task :default => ['test:basic', 'test:features',
	79	+ 'test:views', 'test:features_for_views']
	80	+
	81	+gem_spec = Gem::Specification.new do \|gem_spec\|
	82	+ gem_spec.name = "clearance"
	83	+ gem_spec.version = "0.7.0"
	84	+ gem_spec.summary = "Rails authentication with email & password."
	85	+ gem_spec.email = "support@thoughtbot.com"
	86	+ gem_spec.homepage = "http://github.com/thoughtbot/clearance"
	87	+ gem_spec.description = "Rails authentication with email & password."
	88	+ gem_spec.authors = ["Dan Croak", "Mike Burns", "Jason Morrison",
	89	+ "Joe Ferris", "Eugene Bolshakov", "Nick Quaranto",
	90	+ "Josh Nichols", "Mike Breen", "Marcel Görner",
	91	+ "Bence Nagy", "Ben Mabey", "Eloy Duran",
	92	+ "Tim Pope", "Mihai Anca", "Mark Cornick",
	93	+ "Shay Arnett"]
	94	+ gem_spec.files = FileList["[A-Z]", "{app,config,generators,lib,shoulda_macros,rails}//"]
	95	+end
	96	+
	97	+desc "Generate a gemspec file"
	98	+task :gemspec do
	99	+ File.open("#{gem_spec.name}.gemspec", 'w') do \|f\|
	100	+ f.write gem_spec.to_yaml
	101	+ end
	102	+end
	103	+
...	...
...	...	@@ -0,0 +1,6 @@
	1	+h1. To-do
	2	+
	3	+* Make insertion of Clearance::User into User model automatic from the generator.
	4	+* Change generated README to include instruction about running the migration.
	5	+* DO_NOT_REPLY, HOST refactoring.
	6	+
...	...
...	...	@@ -0,0 +1,73 @@
	1	+class Clearance::ConfirmationsController < ApplicationController
	2	+ unloadable
	3	+
	4	+ before_filter :redirect_signed_in_confirmed_user, :only => [:new, :create]
	5	+ before_filter :redirect_signed_out_confirmed_user, :only => [:new, :create]
	6	+ before_filter :forbid_missing_token, :only => [:new, :create]
	7	+ before_filter :forbid_non_existent_user, :only => [:new, :create]
	8	+
	9	+ filter_parameter_logging :token
	10	+
	11	+ def new
	12	+ create
	13	+ end
	14	+
	15	+ def create
	16	+ @user = ::User.find_by_id_and_token(params[:user_id], params[:token])
	17	+ @user.confirm_email!
	18	+
	19	+ sign_in(@user)
	20	+ flash_success_after_create
	21	+ redirect_to(url_after_create)
	22	+ end
	23	+
	24	+ private
	25	+
	26	+ def redirect_signed_in_confirmed_user
	27	+ user = ::User.find_by_id(params[:user_id])
	28	+ if user && user.email_confirmed? && current_user == user
	29	+ flash_success_after_create
	30	+ redirect_to(url_after_create)
	31	+ end
	32	+ end
	33	+
	34	+ def redirect_signed_out_confirmed_user
	35	+ user = ::User.find_by_id(params[:user_id])
	36	+ if user && user.email_confirmed? && signed_out?
	37	+ flash_already_confirmed
	38	+ redirect_to(url_already_confirmed)
	39	+ end
	40	+ end
	41	+
	42	+ def forbid_missing_token
	43	+ if params[:token].blank?
	44	+ raise ActionController::Forbidden, "missing token"
	45	+ end
	46	+ end
	47	+
	48	+ def forbid_non_existent_user
	49	+ unless ::User.find_by_id_and_token(params[:user_id], params[:token])
	50	+ raise ActionController::Forbidden, "non-existent user"
	51	+ end
	52	+ end
	53	+
	54	+ def flash_success_after_create
	55	+ flash[:success] = translate(:confirmed_email,
	56	+ :scope => [:clearance, :controllers, :confirmations],
	57	+ :default => "Confirmed email and signed in.")
	58	+ end
	59	+
	60	+ def flash_already_confirmed
	61	+ flash[:success] = translate(:already_confirmed_email,
	62	+ :scope => [:clearance, :controllers, :confirmations],
	63	+ :default => "Already confirmed email. Please sign in.")
	64	+ end
	65	+
	66	+ def url_after_create
	67	+ root_url
	68	+ end
	69	+
	70	+ def url_already_confirmed
	71	+ sign_in_url
	72	+ end
	73	+end
...	...
...	...	@@ -0,0 +1,81 @@
	1	+class Clearance::PasswordsController < ApplicationController
	2	+ unloadable
	3	+
	4	+ before_filter :forbid_missing_token, :only => [:edit, :update]
	5	+ before_filter :forbid_non_existent_user, :only => [:edit, :update]
	6	+ filter_parameter_logging :password, :password_confirmation
	7	+
	8	+ def new
	9	+ render :template => 'passwords/new'
	10	+ end
	11	+
	12	+ def create
	13	+ if user = ::User.find_by_email(params[:password][:email])
	14	+ user.forgot_password!
	15	+ ::ClearanceMailer.deliver_change_password user
	16	+ flash_notice_after_create
	17	+ redirect_to(url_after_create)
	18	+ else
	19	+ flash_failure_after_create
	20	+ render :template => 'passwords/new'
	21	+ end
	22	+ end
	23	+
	24	+ def edit
	25	+ @user = ::User.find_by_id_and_token(params[:user_id], params[:token])
	26	+ render :template => 'passwords/edit'
	27	+ end
	28	+
	29	+ def update
	30	+ @user = ::User.find_by_id_and_token(params[:user_id], params[:token])
	31	+
	32	+ if @user.update_password(params[:user][:password],
	33	+ params[:user][:password_confirmation])
	34	+ @user.confirm_email!
	35	+ sign_in(@user)
	36	+ flash_success_after_update
	37	+ redirect_to(url_after_update)
	38	+ else
	39	+ render :template => 'passwords/edit'
	40	+ end
	41	+ end
	42	+
	43	+ private
	44	+
	45	+ def forbid_missing_token
	46	+ if params[:token].blank?
	47	+ raise ActionController::Forbidden, "missing token"
	48	+ end
	49	+ end
	50	+
	51	+ def forbid_non_existent_user
	52	+ unless ::User.find_by_id_and_token(params[:user_id], params[:token])
	53	+ raise ActionController::Forbidden, "non-existent user"
	54	+ end
	55	+ end
	56	+
	57	+ def flash_notice_after_create
	58	+ flash[:notice] = translate(:deliver_change_password,
	59	+ :scope => [:clearance, :controllers, :passwords],
	60	+ :default => "You will receive an email within the next few minutes. " <<
	61	+ "It contains instructions for changing your password.")
	62	+ end
	63	+
	64	+ def flash_failure_after_create
	65	+ flash.now[:failure] = translate(:unknown_email,
	66	+ :scope => [:clearance, :controllers, :passwords],
	67	+ :default => "Unknown email.")
	68	+ end
	69	+
	70	+ def url_after_create
	71	+ new_session_url
	72	+ end
	73	+
	74	+ def flash_success_after_update
	75	+ flash[:success] = translate(:signed_in, :default => "Signed in.")
	76	+ end
	77	+
	78	+ def url_after_update
	79	+ root_url
	80	+ end
	81	+end
...	...
...	...	@@ -0,0 +1,67 @@
	1	+class Clearance::SessionsController < ApplicationController
	2	+ unloadable
	3	+
	4	+ protect_from_forgery :except => :create
	5	+ filter_parameter_logging :password
	6	+
	7	+ def new
	8	+ render :template => 'sessions/new'
	9	+ end
	10	+
	11	+ def create
	12	+ @user = ::User.authenticate(params[:session][:email],
	13	+ params[:session][:password])
	14	+ if @user.nil?
	15	+ flash_failure_after_create
	16	+ render :template => 'sessions/new', :status => :unauthorized
	17	+ else
	18	+ if @user.email_confirmed?
	19	+ sign_in(@user)
	20	+ remember(@user) if remember?
	21	+ flash_success_after_create
	22	+ redirect_back_or(url_after_create)
	23	+ else
	24	+ ::ClearanceMailer.deliver_confirmation(@user)
	25	+ flash_notice_after_create
	26	+ redirect_to(new_session_url)
	27	+ end
	28	+ end
	29	+ end
	30	+
	31	+ def destroy
	32	+ forget(current_user)
	33	+ flash_success_after_destroy
	34	+ redirect_to(url_after_destroy)
	35	+ end
	36	+
	37	+ private
	38	+
	39	+ def flash_failure_after_create
	40	+ flash.now[:failure] = translate(:bad_email_or_password,
	41	+ :scope => [:clearance, :controllers, :sessions],
	42	+ :default => "Bad email or password.")
	43	+ end
	44	+
	45	+ def flash_success_after_create
	46	+ flash[:success] = translate(:signed_in, :default => "Signed in.")
	47	+ end
	48	+
	49	+ def flash_notice_after_create
	50	+ flash[:notice] = translate(:unconfirmed_email,
	51	+ :scope => [:clearance, :controllers, :sessions],
	52	+ :default => "User has not confirmed email. " <<
	53	+ "Confirmation email will be resent.")
	54	+ end
	55	+
	56	+ def url_after_create
	57	+ root_url
	58	+ end
	59	+
	60	+ def flash_success_after_destroy
	61	+ flash[:success] = translate(:signed_out, :default => "Signed out.")
	62	+ end
	63	+
	64	+ def url_after_destroy
	65	+ new_session_url
	66	+ end
	67	+end
...	...
...	...	@@ -0,0 +1,35 @@
	1	+class Clearance::UsersController < ApplicationController
	2	+ unloadable
	3	+
	4	+ before_filter :redirect_to_root, :only => [:new, :create], :if => :signed_in?
	5	+ filter_parameter_logging :password
	6	+
	7	+ def new
	8	+ @user = ::User.new(params[:user])
	9	+ render :template => 'users/new'
	10	+ end
	11	+
	12	+ def create
	13	+ @user = ::User.new params[:user]
	14	+ if @user.save
	15	+ ::ClearanceMailer.deliver_confirmation @user
	16	+ flash_notice_after_create
	17	+ redirect_to(url_after_create)
	18	+ else
	19	+ render :template => 'users/new'
	20	+ end
	21	+ end
	22	+
	23	+ private
	24	+
	25	+ def flash_notice_after_create
	26	+ flash[:notice] = translate(:deliver_confirmation,
	27	+ :scope => [:clearance, :controllers, :users],
	28	+ :default => "You will receive an email within the next few minutes. " <<
	29	+ "It contains instructions for confirming your account.")
	30	+ end
	31	+
	32	+ def url_after_create
	33	+ new_session_url
	34	+ end
	35	+end
...	...