branston 0.3.2

data/lib/branston/vendor/plugins/calendar_date_select-1.15/spec/spec_helper.rb

@@ -0,0 +1,26 @@
+require "rubygems"
+
+require 'spec'
+
+gem 'activesupport', ">= 2.2.0"
+gem 'actionpack', ">= 2.2.0"
+
+require 'active_support'
+require 'action_pack'
+require 'action_controller'
+require 'action_view'
+
+require 'ostruct'
+
+ActionView::Helpers::InstanceTag.class_eval do
+  class << self; alias new_with_backwards_compatibility new; end
+end
+
+$: << (File.dirname(__FILE__) + "/../lib")
+require "calendar_date_select"
+
+class String
+  def to_regexp
+    is_a?(Regexp) ? self : Regexp.new(Regexp.escape(self.to_s))
+  end
+end

data/lib/branston/vendor/plugins/in_place_editing/README

@@ -0,0 +1,14 @@
+InPlaceEditing
+==============
+
+Example:
+
+  # Controller
+  class BlogController < ApplicationController
+    in_place_edit_for :post, :title
+  end
+
+  # View
+  <%= in_place_editor_field :post, 'title' %>
+
+Copyright (c) 2007 David Heinemeier Hansson, released under the MIT license  

data/lib/branston/vendor/plugins/in_place_editing/Rakefile

@@ -0,0 +1,22 @@
+require 'rake'
+require 'rake/testtask'
+require 'rake/rdoctask'
+
+desc 'Default: run unit tests.'
+task :default => :test
+
+desc 'Test in_place_editing plugin.'
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = true
+end
+
+desc 'Generate documentation for in_place_editing plugin.'
+Rake::RDocTask.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'InPlaceEditing'
+  rdoc.options << '--line-numbers' << '--inline-source'
+  rdoc.rdoc_files.include('README')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/lib/branston/vendor/plugins/in_place_editing/init.rb

@@ -0,0 +1,2 @@
+ActionController::Base.send :include, InPlaceEditing
+ActionController::Base.helper InPlaceMacrosHelper

data/lib/branston/vendor/plugins/in_place_editing/lib/in_place_editing.rb

@@ -0,0 +1,28 @@
+module InPlaceEditing
+  def self.included(base)
+    base.extend(ClassMethods)
+  end
+
+  # Example:
+  #
+  #   # Controller
+  #   class BlogController < ApplicationController
+  #     in_place_edit_for :post, :title
+  #   end
+  #
+  #   # View
+  #   <%= in_place_editor_field :post, 'title' %>
+  #
+  module ClassMethods
+    def in_place_edit_for(object, attribute, options = {})
+      define_method("set_#{object}_#{attribute}") do
+        unless [:post, :put].include?(request.method) then
+          return render(:text => 'Method not allowed', :status => 405)
+        end
+        @item = object.to_s.camelize.constantize.find(params[:id])
+        @item.update_attribute(attribute, params[:value])
+        render :text => CGI::escapeHTML(@item.send(attribute).to_s)
+      end
+    end
+  end
+end

data/lib/branston/vendor/plugins/in_place_editing/lib/in_place_macros_helper.rb

@@ -0,0 +1,82 @@
+module InPlaceMacrosHelper
+  # Makes an HTML element specified by the DOM ID +field_id+ become an in-place
+  # editor of a property.
+  #
+  # A form is automatically created and displayed when the user clicks the element,
+  # something like this:
+  #   <form id="myElement-in-place-edit-form" target="specified url">
+  #     <input name="value" text="The content of myElement"/>
+  #     <input type="submit" value="ok"/>
+  #     <a onclick="javascript to cancel the editing">cancel</a>
+  #   </form>
+  #
+  # The form is serialized and sent to the server using an AJAX call, the action on
+  # the server should process the value and return the updated value in the body of
+  # the reponse. The element will automatically be updated with the changed value
+  # (as returned from the server).
+  #
+  # Required +options+ are:
+  # <tt>:url</tt>::       Specifies the url where the updated value should
+  #                       be sent after the user presses "ok".
+  #
+  # Addtional +options+ are:
+  # <tt>:rows</tt>::              Number of rows (more than 1 will use a TEXTAREA)
+  # <tt>:cols</tt>::              Number of characters the text input should span (works for both INPUT and TEXTAREA)
+  # <tt>:size</tt>::              Synonym for :cols when using a single line text input.
+  # <tt>:cancel_text</tt>::       The text on the cancel link. (default: "cancel")
+  # <tt>:save_text</tt>::         The text on the save link. (default: "ok")
+  # <tt>:loading_text</tt>::      The text to display while the data is being loaded from the server (default: "Loading...")
+  # <tt>:saving_text</tt>::       The text to display when submitting to the server (default: "Saving...")
+  # <tt>:external_control</tt>::  The id of an external control used to enter edit mode.
+  # <tt>:load_text_url</tt>::     URL where initial value of editor (content) is retrieved.
+  # <tt>:options</tt>::           Pass through options to the AJAX call (see prototype's Ajax.Updater)
+  # <tt>:with</tt>::              JavaScript snippet that should return what is to be sent
+  #                               in the AJAX call, +form+ is an implicit parameter
+  # <tt>:script</tt>::            Instructs the in-place editor to evaluate the remote JavaScript response (default: false)
+  # <tt>:click_to_edit_text</tt>::The text shown during mouseover the editable text (default: "Click to edit")
+  def in_place_editor(field_id, options = {})
+    function =  "new Ajax.InPlaceEditor("
+    function << "'#{field_id}', "
+    function << "'#{url_for(options[:url])}'"
+
+    js_options = {}
+
+    if protect_against_forgery?
+      options[:with] ||= "Form.serialize(form)"
+      options[:with] += " + '&authenticity_token=' + encodeURIComponent('#{form_authenticity_token}')"
+    end
+
+    js_options['cancelText'] = %('#{options[:cancel_text]}') if options[:cancel_text]
+    js_options['okText'] = %('#{options[:save_text]}') if options[:save_text]
+    js_options['loadingText'] = %('#{options[:loading_text]}') if options[:loading_text]
+    js_options['savingText'] = %('#{options[:saving_text]}') if options[:saving_text]
+    js_options['rows'] = options[:rows] if options[:rows]
+    js_options['cols'] = options[:cols] if options[:cols]
+    js_options['size'] = options[:size] if options[:size]
+    js_options['externalControl'] = "'#{options[:external_control]}'" if options[:external_control]
+    js_options['loadTextURL'] = "'#{url_for(options[:load_text_url])}'" if options[:load_text_url]
+    js_options['ajaxOptions'] = options[:options] if options[:options]
+    js_options['htmlResponse'] = !options[:script] if options[:script]
+    js_options['callback']   = "function(form) { return #{options[:with]} }" if options[:with]
+    js_options['clickToEditText'] = %('#{options[:click_to_edit_text]}') if options[:click_to_edit_text]
+    js_options['textBetweenControls'] = %('#{options[:text_between_controls]}') if options[:text_between_controls]
+    function << (', ' + options_for_javascript(js_options)) unless js_options.empty?
+
+    function << ')'
+
+    javascript_tag(function)
+  end
+
+  # Renders the value of the specified object and method with in-place editing capabilities.
+  def in_place_editor_field(object, method, tag_options = {}, in_place_editor_options = {})
+    instance_tag = ::ActionView::Helpers::InstanceTag.new(object, method, self)
+    tag_options = {:tag => "span",
+                   :id => "#{object}_#{method}_#{instance_tag.object.id}_in_place_editor",
+                   :class => "in_place_editor_field"}.merge!(tag_options)
+    in_place_editor_options[:url] = in_place_editor_options[:url] || url_for({ :action => "set_#{object}_#{method}", :id => instance_tag.object.id })
+    value = instance_tag.value(instance_tag.object) || in_place_editor_options[:default_value] || "(Click to edit)"
+    tag = content_tag(tag_options.delete(:tag), h(value),tag_options)
+    return tag + in_place_editor(tag_options[:id], in_place_editor_options)
+  end
+end
+

data/lib/branston/vendor/plugins/in_place_editing/test/in_place_editing_test.rb

@@ -0,0 +1,89 @@
+require File.expand_path(File.dirname(__FILE__) + "/test_helper")
+
+class InPlaceEditingTest < Test::Unit::TestCase
+  include InPlaceEditing
+  include InPlaceMacrosHelper
+  
+  include ActionView::Helpers::UrlHelper
+  include ActionView::Helpers::TagHelper
+  include ActionView::Helpers::TextHelper
+  include ActionView::Helpers::FormHelper
+  include ActionView::Helpers::CaptureHelper
+  
+  def setup
+    @controller = Class.new do
+      def url_for(options)
+        url =  "http://www.example.com/"
+        url << options[:action].to_s if options and options[:action]
+        url
+      end
+    end
+    @controller = @controller.new
+    @protect_against_forgery = false
+  end
+
+  def protect_against_forgery?
+    @protect_against_forgery
+  end
+
+  def test_in_place_editor_external_control
+      assert_dom_equal %(<script type=\"text/javascript\">\n//<![CDATA[\nnew Ajax.InPlaceEditor('some_input', 'http://www.example.com/inplace_edit', {externalControl:'blah'})\n//]]>\n</script>),
+        in_place_editor('some_input', {:url => {:action => 'inplace_edit'}, :external_control => 'blah'})
+  end
+  
+  def test_in_place_editor_size
+      assert_dom_equal %(<script type=\"text/javascript\">\n//<![CDATA[\nnew Ajax.InPlaceEditor('some_input', 'http://www.example.com/inplace_edit', {size:4})\n//]]>\n</script>),
+        in_place_editor('some_input', {:url => {:action => 'inplace_edit'}, :size => 4})
+  end
+  
+  def test_in_place_editor_cols_no_rows
+      assert_dom_equal %(<script type=\"text/javascript\">\n//<![CDATA[\nnew Ajax.InPlaceEditor('some_input', 'http://www.example.com/inplace_edit', {cols:4})\n//]]>\n</script>),
+        in_place_editor('some_input', {:url => {:action => 'inplace_edit'}, :cols => 4})
+  end
+  
+  def test_in_place_editor_cols_with_rows
+      assert_dom_equal %(<script type=\"text/javascript\">\n//<![CDATA[\nnew Ajax.InPlaceEditor('some_input', 'http://www.example.com/inplace_edit', {cols:40, rows:5})\n//]]>\n</script>),
+        in_place_editor('some_input', {:url => {:action => 'inplace_edit'}, :rows => 5, :cols => 40})
+  end
+
+  def test_inplace_editor_loading_text
+      assert_dom_equal %(<script type=\"text/javascript\">\n//<![CDATA[\nnew Ajax.InPlaceEditor('some_input', 'http://www.example.com/inplace_edit', {loadingText:'Why are we waiting?'})\n//]]>\n</script>),
+        in_place_editor('some_input', {:url => {:action => 'inplace_edit'}, :loading_text => 'Why are we waiting?'})
+  end
+  
+  def test_in_place_editor_url
+    assert_match "Ajax.InPlaceEditor('id-goes-here', 'http://www.example.com/action_to_set_value')",
+    in_place_editor( 'id-goes-here', :url => { :action => "action_to_set_value" })    
+  end
+  
+  def test_in_place_editor_load_text_url
+    assert_match "Ajax.InPlaceEditor('id-goes-here', 'http://www.example.com/action_to_set_value', {loadTextURL:'http://www.example.com/action_to_get_value'})",
+    in_place_editor( 'id-goes-here', 
+      :url => { :action => "action_to_set_value" }, 
+      :load_text_url => { :action => "action_to_get_value" })
+  end
+  
+  def test_in_place_editor_html_response
+    assert_match "Ajax.InPlaceEditor('id-goes-here', 'http://www.example.com/action_to_set_value', {htmlResponse:false})",
+    in_place_editor( 'id-goes-here', 
+      :url => { :action => "action_to_set_value" }, 
+      :script => true )
+  end
+  
+  def form_authenticity_token
+    "authenticity token"
+  end
+
+  def test_in_place_editor_with_forgery_protection
+    @protect_against_forgery = true
+    assert_match "Ajax.InPlaceEditor('id-goes-here', 'http://www.example.com/action_to_set_value', {callback:function(form) { return Form.serialize(form) + '&authenticity_token=' + encodeURIComponent('authenticity token') }})",
+    in_place_editor( 'id-goes-here', :url => { :action => "action_to_set_value" })
+  end
+
+  def test_in_place_editor_text_between_controls
+    assert_match "Ajax.InPlaceEditor('id-goes-here', 'http://www.example.com/action_to_set_value', {textBetweenControls:'or'})",
+    in_place_editor( 'id-goes-here',
+      :url => { :action => "action_to_set_value" },
+      :text_between_controls => "or" )
+  end
+end

data/lib/branston/vendor/plugins/in_place_editing/test/test_helper.rb

@@ -0,0 +1,8 @@
+$:.unshift(File.dirname(__FILE__) + '/../lib')
+
+require 'test/unit'
+require 'rubygems'
+require 'action_controller'
+require 'action_controller/assertions'
+require 'in_place_editing'
+require 'in_place_macros_helper'

data/lib/branston/vendor/plugins/restful_authentication/CHANGELOG

@@ -0,0 +1,68 @@
+h1. Internal Changes to code
+
+As always, this is just a copy-and-pasted version of the CHANGELOG file in the source code tree.
+
+h2. Changes for the May, 2008 version of restful-authentication
+
+h3. Changes to user model
+
+* recently_activated? belongs only if stateful
+* Gave migration a 40-char limit on remember_token & an index on users by login
+* **Much** stricter login and email validation
+* put length constraints in migration too
+* password in 6, 40
+* salt and remember_token now much less predictability
+
+h3. Changes to session_controller
+
+* use uniform logout function
+* use uniform remember_cookie functions
+* avoid calling logged_in? which will auto-log-you-in (safe in the face of
+  logout! call, but idiot-proof)
+* Moved reset_session into only the "now logged in" branch
+** wherever it goes, it has to be in front of the current_user= call
+** See more in README-Tradeoffs.txt
+* made a place to take action on failed login attempt
+* recycle login and remember_me setting on failed login
+* nil'ed out the password field in 'new' view
+
+h3. Changes to users_controller
+
+* use uniform logout function
+* use uniform remember_cookie functions
+* Moved reset_session into only the "now logged in" branch
+** wherever it goes, it has to be in front of the current_user= call
+** See more in README-Tradeoffs.txt
+* made the implicit login only happen for non-activationed sites
+* On a failed signup, kick you back to the signin screen (but strip out the password & confirmation)
+* more descriptive error messages in activate()
+
+h3. users_helper
+
+* link_to_user, link_to_current_user, link_to_signin_with_IP 
+* if_authorized(action, resource, &block) view function (with appropriate
+  warning)
+
+h3. authenticated_system
+
+* Made authorized? take optional arguments action=nil, resource=nil, *args
+  This makes its signature better match traditional approaches to access control
+  eg Reference Monitor in "Security Patterns":http://www.securitypatterns.org/patterns.html)
+* authorized? should be a helper too
+* added uniform logout! methods
+* format.any (as found in access_denied) doesn't work until
+  http://dev.rubyonrails.org/changeset/8987 lands.
+* cookies are now refreshed each time we cross the logged out/in barrier, as 
+  "best":http://palisade.plynt.com/issues/2004Jul/safe-auth-practices/
+  "practice":http://www.owasp.org/index.php/Session_Management#Regeneration_of_Session_Tokens
+
+h3. Other
+
+* Used escapes <%= %> in email templates (among other reasons, so courtenay's
+  "'dumbass' test":http://tinyurl.com/684g9t doesn't complain)
+* Added site key to generator, users.yml.
+* Made site key generation idempotent in the most crude and hackish way
+* 100% coverage apart from the stateful code. (needed some access_control
+  checks, and the http_auth stuff)
+* Stories!
+

data/lib/branston/vendor/plugins/restful_authentication/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2009 rick olson
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/lib/branston/vendor/plugins/restful_authentication/README.textile

@@ -0,0 +1,224 @@
+h1. "Restful Authentication Generator":http://github.com/technoweenie/restful-authentication
+
+This widely-used plugin provides a foundation for securely managing user
+authentication:
+* Login / logout
+* Secure password handling
+* Account activation by validating email
+* Account approval / disabling by admin
+* Rudimentary hooks for authorization and access control.
+
+Several features were updated in May, 2008.
+* "Stable newer version":http://github.com/technoweenie/restful-authentication/tree/master
+* "'Classic' (backward-compatible) version":http://github.com/technoweenie/restful-authentication/tree/classic
+* "Experimental version":http://github.com/technoweenie/restful-authentication/tree/modular (Much more modular, needs testing & review)
+
+  !! important: if you upgrade your site, existing user account !!
+  !! passwords will stop working unless you use --old-passwords !!
+
+***************************************************************************
+
+h2. Issue Tracker
+
+Please submit any bugs or annoyances on the lighthouse tracker at
+* "http://rails_security.lighthouseapp.com/projects/15332-restful_authentication/overview":http://rails_security.lighthouseapp.com/projects/15332-restful_authentication/overview
+
+For anything simple enough, please github message both maintainers: Rick Olson
+("technoweenie":http://github.com/technoweenie) and Flip Kromer
+("mrflip":http://github.com/mrflip).
+
+***************************************************************************
+
+h2. Documentation
+
+This page has notes on
+* "Installation":#INSTALL
+* "New Features":#AWESOME
+* "After installing":#POST-INSTALL
+
+See the "wiki":http://github.com/technoweenie/restful-authentication/wikis/home
+(or the notes/ directory) if you want to learn more about:
+
+* "Extensions, Addons and Alternatives":addons such as HAML templates
+* "Security Design Patterns":security-patterns with "snazzy diagram":http://github.com/technoweenie/restful-authentication/tree/master/notes/SecurityFramework.png
+* [[Authentication]] -- Lets a visitor identify herself (and lay  claim to her corresponding Roles and measure of Trust)
+* "Trust Metrics":Trustification -- Confidence we can rely on the outcomes of this visitor's actions.
+* [[Authorization]] and Policy -- Based on trust and identity, what actions may this visitor perform?
+* [[Access Control]] -- How the Authorization policy is actually enforced in your code (A: hopefully without turning it into  a spaghetti of if thens)
+* [[Rails Plugins]] for Authentication, Trust,  Authorization and Access Control
+* [[Tradeoffs]] -- for the paranoid or the curious, a rundown of tradeoffs made in the code
+* [[CHANGELOG]] -- Summary of changes to internals
+* [[TODO]] -- Ideas for how you can help
+
+These best version of the release notes are in the notes/ directory in the
+"source code":http://github.com/technoweenie/restful-authentication/tree/master
+-- look there for the latest version.  The wiki versions are taken (manually)
+from there.
+
+***************************************************************************
+
+<a id="AWESOME"/> </a>
+h2. Exciting new features
+
+h3. Stories
+
+There are now "Cucumber":http://wiki.github.com/aslakhellesoy/cucumber/home features that allow expressive, enjoyable tests for the
+authentication code. The flexible code for resource testing in stories was
+extended from "Ben Mabey's.":http://www.benmabey.com/2008/02/04/rspec-plain-text-stories-webrat-chunky-bacon/
+
+h3. Modularize to match security design patterns:
+
+* Authentication (currently: password, browser cookie token, HTTP basic)
+* Trust metric (email validation)
+* Authorization (stateful roles)
+* Leave a flexible framework that will play nicely with other access control / policy definition / trust metric plugins
+
+h3. Other
+
+* Added a few helper methods for linking to user pages
+* Uniform handling of logout, remember_token
+* Stricter email, login field validation
+* Minor security fixes -- see CHANGELOG
+
+***************************************************************************
+
+h2. Non-backwards compatible Changes
+
+Here are a few changes in the May 2008 release that increase "Defense in Depth"
+but may require changes to existing accounts
+
+* If you have an existing site, none of these changes are compelling enough to
+  warrant migrating your userbase.
+* If you are generating for a new site, all of these changes are low-impact.
+  You should apply them.
+
+h3. Passwords
+
+The new password encryption (using a site key salt and stretching) will break
+existing user accounts' passwords.  We recommend you use the --old-passwords
+option or write a migration tool and submit it as a patch.  See the
+[[Tradeoffs]] note for more information.
+
+h3. Validations
+
+By default, email and usernames are validated against a somewhat strict pattern; your users' values may be now illegal.  Adjust to suit.
+
+***************************************************************************
+
+<a id="INSTALL"/> </a>
+h2. Installation
+
+This is a basic restful authentication generator for rails, taken from
+acts as authenticated.  Currently it requires Rails 1.2.6 or above.
+
+**IMPORTANT FOR RAILS > 2.1 USERS** To avoid a @NameError@ exception ("lighthouse tracker ticket":http://rails_security.lighthouseapp.com/projects/15332-restful_authentication/tickets/2-not-a-valid-constant-name-errors#ticket-2-2), check out the code to have an _underscore_ and not _dash_ in its name:
+* either use <code>git clone git://github.com/technoweenie/restful-authentication.git restful_authentication</code>
+* or rename the plugin's directory to be <code>restful_authentication</code> after fetching it.
+
+To use the generator:
+
+  ./script/generate authenticated user sessions \
+    --include-activation \
+    --stateful \
+    --rspec \
+    --skip-migration \
+    --skip-routes \
+    --old-passwords
+
+* The first parameter specifies the model that gets created in signup (typically
+  a user or account model).  A model with migration is created, as well as a
+  basic controller with the create method. You probably want to say "User" here.
+
+* The second parameter specifies the session controller name.  This is the
+  controller that handles the actual login/logout function on the site.
+  (probably: "Session").
+
+* --include-activation: Generates the code for a ActionMailer and its respective
+  Activation Code through email.
+
+* --stateful: Builds in support for acts_as_state_machine and generates
+  activation code.  (@--stateful@ implies @--include-activation@). Based on the
+  idea at [[http://www.vaporbase.com/postings/stateful_authentication]]. Passing
+  @--skip-migration@ will skip the user migration, and @--skip-routes@ will skip
+  resource generation -- both useful if you've already run this generator.
+  (Needs the "acts_as_state_machine plugin":http://elitists.textdriven.com/svn/plugins/acts_as_state_machine/,
+  but new installs should probably run with @--aasm@ instead.)
+
+* --aasm: Works the same as stateful but uses the "updated aasm gem":http://github.com/rubyist/aasm/tree/master
+
+* --rspec: Generate RSpec tests and Stories in place of standard rails tests.
+  This requires the
+    "RSpec and Rspec-on-rails plugins":http://rspec.info/
+  (make sure you "./script/generate rspec" after installing RSpec.)  The rspec
+  and story suite are much more thorough than the rails tests, and changes are
+  unlikely to be backported.
+
+* --old-passwords: Use the older password scheme (see [[#COMPATIBILITY]], above)
+
+* --skip-migration: Don't generate a migration file for this model
+
+* --skip-routes: Don't generate a resource line in @config/routes.rb@
+
+***************************************************************************
+<a id="POST-INSTALL"/> </a>
+h2. After installing
+
+The below assumes a Model named 'User' and a Controller named 'Session'; please
+alter to suit. There are additional security minutae in @notes/README-Tradeoffs@
+-- only the paranoid or the curious need bother, though.
+
+* Add these familiar login URLs to your @config/routes.rb@ if you like:
+
+    <pre><code>
+    map.signup  '/signup', :controller => 'users',   :action => 'new'
+    map.login  '/login',  :controller => 'session', :action => 'new'
+    map.logout '/logout', :controller => 'session', :action => 'destroy'
+    </code></pre>
+
+* With @--include-activation@, also add to your @config/routes.rb@:
+
+    <pre><code>
+    map.activate '/activate/:activation_code', :controller => 'users', :action => 'activate', :activation_code => nil
+    </code></pre>
+
+  and add an observer to @config/environment.rb@:
+
+    <pre><code>
+    config.active_record.observers = :user_observer
+    </code></pre>
+
+  Pay attention, may be this is not an issue for everybody, but if you should
+  have problems, that the sent activation_code does match with that in the
+  database stored, reload your user object before sending its data through email
+  something like:
+
+    <pre><code>
+    class UserObserver < ActiveRecord::Observer
+      def after_create(user)
+        user.reload
+        UserMailer.deliver_signup_notification(user)
+      end
+      def after_save(user)
+        user.reload
+        UserMailer.deliver_activation(user) if user.recently_activated?
+      end
+    end
+    </code></pre>
+
+
+* With @--stateful@, add an observer to config/environment.rb:
+
+    <pre><code>
+    config.active_record.observers = :user_observer
+    </code></pre>
+
+  and modify the users resource line to read
+
+    map.resources :users, :member => { :suspend   => :put,
+                                       :unsuspend => :put,
+                                       :purge     => :delete }
+
+* If you use a public repository for your code (such as github, rubyforge,
+  gitorious, etc.) make sure to NOT post your site_keys.rb (add a line like
+  '/config/initializers/site_keys.rb' to your .gitignore or do the svn ignore
+  dance), but make sure you DO keep it backed up somewhere safe.