caleb-restful-authentication 1.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (54) hide show
  1. data/CHANGELOG +68 -0
  2. data/README.textile +240 -0
  3. data/Rakefile +32 -0
  4. data/TODO +15 -0
  5. data/generators/authenticated/USAGE +1 -0
  6. data/generators/authenticated/authenticated_generator.rb +508 -0
  7. data/generators/authenticated/lib/insert_routes.rb +54 -0
  8. data/generators/authenticated/templates/_model_partial.html.erb +8 -0
  9. data/generators/authenticated/templates/activation.erb +3 -0
  10. data/generators/authenticated/templates/authenticated_system.rb +189 -0
  11. data/generators/authenticated/templates/authenticated_test_helper.rb +22 -0
  12. data/generators/authenticated/templates/controller.rb +43 -0
  13. data/generators/authenticated/templates/helper.rb +2 -0
  14. data/generators/authenticated/templates/login.html.erb +21 -0
  15. data/generators/authenticated/templates/mailer.rb +33 -0
  16. data/generators/authenticated/templates/migration.rb +29 -0
  17. data/generators/authenticated/templates/model.rb +101 -0
  18. data/generators/authenticated/templates/model_controller.rb +117 -0
  19. data/generators/authenticated/templates/model_helper.rb +93 -0
  20. data/generators/authenticated/templates/model_helper_spec.rb +158 -0
  21. data/generators/authenticated/templates/observer.rb +14 -0
  22. data/generators/authenticated/templates/signup.html.erb +21 -0
  23. data/generators/authenticated/templates/signup_notification.erb +8 -0
  24. data/generators/authenticated/templates/site_keys.rb +38 -0
  25. data/generators/authenticated/templates/spec/controllers/access_control_spec.rb +90 -0
  26. data/generators/authenticated/templates/spec/controllers/authenticated_system_spec.rb +102 -0
  27. data/generators/authenticated/templates/spec/controllers/sessions_controller_spec.rb +139 -0
  28. data/generators/authenticated/templates/spec/controllers/users_controller_spec.rb +200 -0
  29. data/generators/authenticated/templates/spec/fixtures/users.yml +66 -0
  30. data/generators/authenticated/templates/spec/helpers/users_helper_spec.rb +141 -0
  31. data/generators/authenticated/templates/spec/models/user_spec.rb +295 -0
  32. data/generators/authenticated/templates/stories/rest_auth_stories.rb +22 -0
  33. data/generators/authenticated/templates/stories/rest_auth_stories_helper.rb +81 -0
  34. data/generators/authenticated/templates/stories/steps/ra_navigation_steps.rb +49 -0
  35. data/generators/authenticated/templates/stories/steps/ra_resource_steps.rb +179 -0
  36. data/generators/authenticated/templates/stories/steps/ra_response_steps.rb +171 -0
  37. data/generators/authenticated/templates/stories/steps/user_steps.rb +153 -0
  38. data/generators/authenticated/templates/stories/users/accounts.story +194 -0
  39. data/generators/authenticated/templates/stories/users/sessions.story +134 -0
  40. data/generators/authenticated/templates/test/functional_test.rb +82 -0
  41. data/generators/authenticated/templates/test/mailer_test.rb +31 -0
  42. data/generators/authenticated/templates/test/model_functional_test.rb +95 -0
  43. data/generators/authenticated/templates/test/unit_test.rb +166 -0
  44. data/init.rb +1 -0
  45. data/lib/authentication.rb +40 -0
  46. data/lib/authentication/by_cookie_token.rb +82 -0
  47. data/lib/authentication/by_password.rb +64 -0
  48. data/lib/authorization.rb +14 -0
  49. data/lib/authorization/aasm_roles.rb +64 -0
  50. data/lib/authorization/stateful_roles.rb +63 -0
  51. data/lib/trustification.rb +14 -0
  52. data/lib/trustification/email_validation.rb +20 -0
  53. data/rails/init.rb +6 -0
  54. metadata +115 -0
@@ -0,0 +1,153 @@
1
+ require File.dirname(__FILE__) + '/../helper'
2
+
3
+ RE_<%= file_name.capitalize %> = %r{(?:(?:the )? *(\w+) *)}
4
+ RE_<%= file_name.capitalize %>_TYPE = %r{(?: *(\w+)? *)}
5
+ steps_for(:<%= file_name %>) do
6
+
7
+ #
8
+ # Setting
9
+ #
10
+
11
+ Given "an anonymous <%= file_name %>" do
12
+ log_out!
13
+ end
14
+
15
+ Given "$an $<%= file_name %>_type <%= file_name %> with $attributes" do |_, <%= file_name %>_type, attributes|
16
+ create_<%= file_name %>! <%= file_name %>_type, attributes.to_hash_from_story
17
+ end
18
+
19
+ Given "$an $<%= file_name %>_type <%= file_name %> named '$login'" do |_, <%= file_name %>_type, login|
20
+ create_<%= file_name %>! <%= file_name %>_type, named_<%= file_name %>(login)
21
+ end
22
+
23
+ Given "$an $<%= file_name %>_type <%= file_name %> logged in as '$login'" do |_, <%= file_name %>_type, login|
24
+ create_<%= file_name %>! <%= file_name %>_type, named_<%= file_name %>(login)
25
+ log_in_<%= file_name %>!
26
+ end
27
+
28
+ Given "$actor is logged in" do |_, login|
29
+ log_in_<%= file_name %>! @<%= file_name %>_params || named_<%= file_name %>(login)
30
+ end
31
+
32
+ Given "there is no $<%= file_name %>_type <%= file_name %> named '$login'" do |_, login|
33
+ @<%= file_name %> = <%= class_name %>.find_by_login(login)
34
+ @<%= file_name %>.destroy! if @<%= file_name %>
35
+ @<%= file_name %>.should be_nil
36
+ end
37
+
38
+ #
39
+ # Actions
40
+ #
41
+ When "$actor logs out" do
42
+ log_out
43
+ end
44
+
45
+ When "$actor registers an account as the preloaded '$login'" do |_, login|
46
+ <%= file_name %> = named_<%= file_name %>(login)
47
+ <%= file_name %>['password_confirmation'] = <%= file_name %>['password']
48
+ create_<%= file_name %> <%= file_name %>
49
+ end
50
+
51
+ When "$actor registers an account with $attributes" do |_, attributes|
52
+ create_<%= file_name %> attributes.to_hash_from_story
53
+ end
54
+ <% if options[:include_activation] %>
55
+ When "$actor activates with activation code $attributes" do |_, activation_code|
56
+ activation_code = '' if activation_code == 'that is blank'
57
+ activate
58
+ end<% end %>
59
+
60
+ When "$actor logs in with $attributes" do |_, attributes|
61
+ log_in_<%= file_name %> attributes.to_hash_from_story
62
+ end
63
+
64
+ #
65
+ # Result
66
+ #
67
+ Then "$actor should be invited to sign in" do |_|
68
+ response.should render_template('/<%= controller_file_path %>/new')
69
+ end
70
+
71
+ Then "$actor should not be logged in" do |_|
72
+ controller.logged_in?.should_not be_true
73
+ end
74
+
75
+ Then "$login should be logged in" do |login|
76
+ controller.logged_in?.should be_true
77
+ controller.current_<%= file_name %>.should === @<%= file_name %>
78
+ controller.current_<%= file_name %>.login.should == login
79
+ end
80
+
81
+ end
82
+
83
+ def named_<%= file_name %> login
84
+ <%= file_name %>_params = {
85
+ 'admin' => {'id' => 1, 'login' => 'addie', 'password' => '1234addie', 'email' => 'admin@example.com', },
86
+ 'oona' => { 'login' => 'oona', 'password' => '1234oona', 'email' => 'unactivated@example.com'},
87
+ 'reggie' => { 'login' => 'reggie', 'password' => 'monkey', 'email' => 'registered@example.com' },
88
+ }
89
+ <%= file_name %>_params[login.downcase]
90
+ end
91
+
92
+ #
93
+ # <%= class_name %> account actions.
94
+ #
95
+ # The ! methods are 'just get the job done'. It's true, they do some testing of
96
+ # their own -- thus un-DRY'ing tests that do and should live in the <%= file_name %> account
97
+ # stories -- but the repetition is ultimately important so that a faulty test setup
98
+ # fails early.
99
+ #
100
+
101
+ def log_out
102
+ get '/<%= controller_file_path %>/destroy'
103
+ end
104
+
105
+ def log_out!
106
+ log_out
107
+ response.should redirect_to('/')
108
+ follow_redirect!
109
+ end
110
+
111
+ def create_<%= file_name %>(<%= file_name %>_params={})
112
+ @<%= file_name %>_params ||= <%= file_name %>_params
113
+ post "/<%= model_controller_file_path %>", :<%= file_name %> => <%= file_name %>_params
114
+ @<%= file_name %> = <%= class_name %>.find_by_login(<%= file_name %>_params['login'])
115
+ end
116
+
117
+ def create_<%= file_name %>!(<%= file_name %>_type, <%= file_name %>_params)
118
+ <%= file_name %>_params['password_confirmation'] ||= <%= file_name %>_params['password'] ||= <%= file_name %>_params['password']
119
+ create_<%= file_name %> <%= file_name %>_params
120
+ response.should redirect_to('/')
121
+ follow_redirect!
122
+ <% if options[:include_activation] %>
123
+ # fix the <%= file_name %>'s activation status
124
+ activate_<%= file_name %>! if <%= file_name %>_type == 'activated'<% end %>
125
+ end
126
+
127
+ <% if options[:include_activation] %>
128
+ def activate_<%= file_name %> activation_code=nil
129
+ activation_code = @<%= file_name %>.activation_code if activation_code.nil?
130
+ get "/activate/#{activation_code}"
131
+ end
132
+
133
+ def activate_<%= file_name %>! *args
134
+ activate_<%= file_name %> *args
135
+ response.should redirect_to('/login')
136
+ follow_redirect!
137
+ response.should have_flash("notice", /Signup complete!/)
138
+ end<% end %>
139
+
140
+ def log_in_<%= file_name %> <%= file_name %>_params=nil
141
+ @<%= file_name %>_params ||= <%= file_name %>_params
142
+ <%= file_name %>_params ||= @<%= file_name %>_params
143
+ post "/<%= controller_routing_path %>", <%= file_name %>_params
144
+ @<%= file_name %> = <%= class_name %>.find_by_login(<%= file_name %>_params['login'])
145
+ controller.current_<%= file_name %>
146
+ end
147
+
148
+ def log_in_<%= file_name %>! *args
149
+ log_in_<%= file_name %> *args
150
+ response.should redirect_to('/')
151
+ follow_redirect!
152
+ response.should have_flash("notice", /Logged in successfully/)
153
+ end
@@ -0,0 +1,194 @@
1
+ Visitors should be in control of creating an account and of proving their
2
+ essential humanity/accountability or whatever it is people think the
3
+ id-validation does. We should be fairly skeptical about this process, as the
4
+ identity+trust chain starts here.
5
+
6
+ Story: Creating an account
7
+ As an anonymous <%= file_name %>
8
+ I want to be able to create an account
9
+ So that I can be one of the cool kids
10
+
11
+ #
12
+ # Account Creation: Get entry form
13
+ #
14
+ Scenario: Anonymous <%= file_name %> can start creating an account
15
+ Given an anonymous <%= file_name %>
16
+ When she goes to /signup
17
+ Then she should be at the '<%= model_controller_routing_path %>/new' page
18
+ And the page should look AWESOME
19
+ And she should see a <form> containing a <% unless options[:email_as_login] -%>textfield: Login, <% end -%>textfield: Email, password: Password, password: 'Confirm Password', submit: 'Sign up'
20
+
21
+ #
22
+ # Account Creation
23
+ #
24
+ Scenario: Anonymous <%= file_name %> can create an account
25
+ Given an anonymous <%= file_name %>
26
+ <% unless options[:email_as_login] -%>
27
+ And no <%= file_name %> with login: 'Oona' exists
28
+ <% else %>
29
+ And no <%= file_name %> with email: 'unactivated@example.com' exists
30
+ <% end %>
31
+ When she registers an account as the preloaded 'Oona'
32
+ Then she should be redirected to the home page
33
+ When she follows that redirect!
34
+ Then she should see a notice message 'Thanks for signing up!'
35
+ <% unless options[:email_as_login] -%>
36
+ And a <%= file_name %> with login: 'oona' should exist
37
+ And the <%= file_name %> should have login: 'oona', and email: 'unactivated@example.com'
38
+ <% else %>
39
+ And a <%= file_name %> with email: 'unactivated@example.com' should exist
40
+ <% end %>
41
+ <% if options[:include_activation] %>
42
+ And the <%= file_name %>'s activation_code should not be nil
43
+ And the <%= file_name %>'s activated_at should be nil
44
+ And she should not be logged in
45
+ <% else %>
46
+ And oona should be logged in
47
+ <% end %>
48
+
49
+ #
50
+ # Account Creation Failure: Account exists
51
+ #
52
+ <% if options[:include_activation] %>
53
+ Scenario: Anonymous <%= file_name %> can not create an account replacing a non-activated account
54
+ Given an anonymous <%= file_name %>
55
+ And a registered <%= file_name %> named 'Reggie'
56
+ And the <%= file_name %> has activation_code: 'activate_me', activated_at: nil!
57
+ And we try hard to remember the <%= file_name %>'s updated_at, and created_at
58
+ When she registers an account with login: 'reggie', password: 'monkey', and email: 'different@example.com'
59
+ Then she should be at the '<%= model_controller_routing_path %>/new' page
60
+ And she should see an errorExplanation message 'Login has already been taken'
61
+ And she should not see an errorExplanation message 'Email has already been taken'
62
+ And a <%= file_name %> with login: 'reggie' should exist
63
+ And the <%= file_name %> should have email: 'registered@example.com'
64
+ And the <%= file_name %>'s activation_code should not be nil
65
+ And the <%= file_name %>'s activated_at should be nil
66
+ And the <%= file_name %>'s created_at should stay the same under to_s
67
+ And the <%= file_name %>'s updated_at should stay the same under to_s
68
+ And she should not be logged in<% end %>
69
+
70
+ Scenario: Anonymous <%= file_name %> can not create an account replacing an activated account
71
+ Given an anonymous <%= file_name %>
72
+ And an activated <%= file_name %> named 'Reggie'
73
+ And we try hard to remember the <%= file_name %>'s updated_at, and created_at
74
+ When she registers an account with login: 'reggie', password: 'monkey', and email: 'reggie@example.com'
75
+ Then she should be at the '<%= model_controller_routing_path %>/new' page
76
+ And she should see an errorExplanation message 'Login has already been taken'
77
+ And she should not see an errorExplanation message 'Email has already been taken'
78
+ And a <%= file_name %> with login: 'reggie' should exist
79
+ And the <%= file_name %> should have email: 'registered@example.com'
80
+ <% if options[:include_activation] %>
81
+ And the <%= file_name %>'s activation_code should be nil
82
+ And the <%= file_name %>'s activated_at should not be nil<% end %>
83
+ And the <%= file_name %>'s created_at should stay the same under to_s
84
+ And the <%= file_name %>'s updated_at should stay the same under to_s
85
+ And she should not be logged in
86
+
87
+ #
88
+ # Account Creation Failure: Incomplete input
89
+ #
90
+ Scenario: Anonymous <%= file_name %> can not create an account with incomplete or incorrect input
91
+ Given an anonymous <%= file_name %>
92
+ And no <%= file_name %> with login: 'Oona' exists
93
+ When she registers an account with login: '', password: 'monkey', password_confirmation: 'monkey' and email: 'unactivated@example.com'
94
+ Then she should be at the '<%= model_controller_routing_path %>/new' page
95
+ And she should see an errorExplanation message 'Login can't be blank'
96
+ And no <%= file_name %> with login: 'oona' should exist
97
+
98
+ Scenario: Anonymous <%= file_name %> can not create an account with no password
99
+ Given an anonymous <%= file_name %>
100
+ And no <%= file_name %> with login: 'Oona' exists
101
+ When she registers an account with login: 'oona', password: '', password_confirmation: 'monkey' and email: 'unactivated@example.com'
102
+ Then she should be at the '<%= model_controller_routing_path %>/new' page
103
+ And she should see an errorExplanation message 'Password can't be blank'
104
+ And no <%= file_name %> with login: 'oona' should exist
105
+
106
+ Scenario: Anonymous <%= file_name %> can not create an account with no password_confirmation
107
+ Given an anonymous <%= file_name %>
108
+ And no <%= file_name %> with login: 'Oona' exists
109
+ When she registers an account with login: 'oona', password: 'monkey', password_confirmation: '' and email: 'unactivated@example.com'
110
+ Then she should be at the '<%= model_controller_routing_path %>/new' page
111
+ And she should see an errorExplanation message 'Password confirmation can't be blank'
112
+ And no <%= file_name %> with login: 'oona' should exist
113
+
114
+ Scenario: Anonymous <%= file_name %> can not create an account with mismatched password & password_confirmation
115
+ Given an anonymous <%= file_name %>
116
+ And no <%= file_name %> with login: 'Oona' exists
117
+ When she registers an account with login: 'oona', password: 'monkey', password_confirmation: 'monkeY' and email: 'unactivated@example.com'
118
+ Then she should be at the '<%= model_controller_routing_path %>/new' page
119
+ And she should see an errorExplanation message 'Password doesn't match confirmation'
120
+ And no <%= file_name %> with login: 'oona' should exist
121
+
122
+ Scenario: Anonymous <%= file_name %> can not create an account with bad email
123
+ Given an anonymous <%= file_name %>
124
+ And no <%= file_name %> with login: 'Oona' exists
125
+ When she registers an account with login: 'oona', password: 'monkey', password_confirmation: 'monkey' and email: ''
126
+ Then she should be at the '<%= model_controller_routing_path %>/new' page
127
+ And she should see an errorExplanation message 'Email can't be blank'
128
+ And no <%= file_name %> with login: 'oona' should exist
129
+ When she registers an account with login: 'oona', password: 'monkey', password_confirmation: 'monkey' and email: 'unactivated@example.com'
130
+ Then she should be redirected to the home page
131
+ When she follows that redirect!
132
+ Then she should see a notice message 'Thanks for signing up!'
133
+ And a <%= file_name %> with login: 'oona' should exist
134
+ And the <%= file_name %> should have login: 'oona', and email: 'unactivated@example.com'
135
+ <% if options[:include_activation] %>
136
+ And the <%= file_name %>'s activation_code should not be nil
137
+ And the <%= file_name %>'s activated_at should be nil
138
+ And she should not be logged in
139
+ <% else %>
140
+ And oona should be logged in
141
+ <% end %>
142
+
143
+ <% if options[:include_activation] %>
144
+ Story: Activating an account
145
+ As a registered, but not yet activated, <%= file_name %>
146
+ I want to be able to activate my account
147
+ So that I can log in to the site
148
+
149
+ #
150
+ # Successful activation
151
+ #
152
+ Scenario: Not-yet-activated <%= file_name %> can activate her account
153
+ Given a registered <%= file_name %> named 'Reggie'
154
+ And the <%= file_name %> has activation_code: 'activate_me', activated_at: nil!
155
+ And we try hard to remember the <%= file_name %>'s updated_at, and created_at
156
+ When she goes to /activate/activate_me
157
+ Then she should be redirected to 'login'
158
+ When she follows that redirect!
159
+ Then she should see a notice message 'Signup complete!'
160
+ And a <%= file_name %> with login: 'reggie' should exist
161
+ And the <%= file_name %> should have login: 'reggie', and email: 'registered@example.com'
162
+ And the <%= file_name %>'s activation_code should be nil
163
+ And the <%= file_name %>'s activated_at should not be nil
164
+ And she should not be logged in
165
+
166
+ #
167
+ # Unsuccessful activation
168
+ #
169
+ Scenario: Not-yet-activated <%= file_name %> can't activate her account with a blank activation code
170
+ Given a registered <%= file_name %> named 'Reggie'
171
+ And the <%= file_name %> has activation_code: 'activate_me', activated_at: nil!
172
+ And we try hard to remember the <%= file_name %>'s updated_at, and created_at
173
+ When she goes to /activate/
174
+ Then she should be redirected to the home page
175
+ When she follows that redirect!
176
+ Then she should see an error message 'activation code was missing'
177
+ And a <%= file_name %> with login: 'reggie' should exist
178
+ And the <%= file_name %> should have login: 'reggie', activation_code: 'activate_me', and activated_at: nil!
179
+ And the <%= file_name %>'s updated_at should stay the same under to_s
180
+ And she should not be logged in
181
+
182
+ Scenario: Not-yet-activated <%= file_name %> can't activate her account with a bogus activation code
183
+ Given a registered <%= file_name %> named 'Reggie'
184
+ And the <%= file_name %> has activation_code: 'activate_me', activated_at: nil!
185
+ And we try hard to remember the <%= file_name %>'s updated_at, and created_at
186
+ When she goes to /activate/i_haxxor_joo
187
+ Then she should be redirected to the home page
188
+ When she follows that redirect!
189
+ Then she should see an error message 'couldn\'t find a <%= file_name %> with that activation code'
190
+ And a <%= file_name %> with login: 'reggie' should exist
191
+ And the <%= file_name %> should have login: 'reggie', activation_code: 'activate_me', and activated_at: nil!
192
+ And the <%= file_name %>'s updated_at should stay the same under to_s
193
+ And she should not be logged in
194
+ <% end %>
@@ -0,0 +1,134 @@
1
+ Users want to know that nobody can masquerade as them. We want to extend trust
2
+ only to visitors who present the appropriate credentials. Everyone wants this
3
+ identity verification to be as secure and convenient as possible.
4
+
5
+ Story: Logging in
6
+ As an anonymous <%= file_name %> with an account
7
+ I want to log in to my account
8
+ So that I can be myself
9
+
10
+ #
11
+ # Log in: get form
12
+ #
13
+ Scenario: Anonymous <%= file_name %> can get a login form.
14
+ Given an anonymous <%= file_name %>
15
+ When she goes to /login
16
+ Then she should be at the new <%= controller_file_name %> page
17
+ And the page should look AWESOME
18
+ And she should see a <form> containing a textfield: Login, password: Password, and submit: 'Log in'
19
+
20
+ #
21
+ # Log in successfully, but don't remember me
22
+ #
23
+ Scenario: Anonymous <%= file_name %> can log in
24
+ Given an anonymous <%= file_name %>
25
+ And an activated <%= file_name %> named 'reggie'
26
+ When she creates a singular <%= controller_file_name %> with login: 'reggie', password: 'monkey', remember me: ''
27
+ Then she should be redirected to the home page
28
+ When she follows that redirect!
29
+ Then she should see a notice message 'Logged in successfully'
30
+ And reggie should be logged in
31
+ And she should not have an auth_token cookie
32
+
33
+ Scenario: Logged-in <%= file_name %> who logs in should be the new one
34
+ Given an activated <%= file_name %> named 'reggie'
35
+ And an activated <%= file_name %> logged in as 'oona'
36
+ When she creates a singular <%= controller_file_name %> with login: 'reggie', password: 'monkey', remember me: ''
37
+ Then she should be redirected to the home page
38
+ When she follows that redirect!
39
+ Then she should see a notice message 'Logged in successfully'
40
+ And reggie should be logged in
41
+ And she should not have an auth_token cookie
42
+
43
+ #
44
+ # Log in successfully, remember me
45
+ #
46
+ Scenario: Anonymous <%= file_name %> can log in and be remembered
47
+ Given an anonymous <%= file_name %>
48
+ And an activated <%= file_name %> named 'reggie'
49
+ When she creates a singular <%= controller_file_name %> with login: 'reggie', password: 'monkey', remember me: '1'
50
+ Then she should be redirected to the home page
51
+ When she follows that redirect!
52
+ Then she should see a notice message 'Logged in successfully'
53
+ And reggie should be logged in
54
+ And she should have an auth_token cookie
55
+ # assumes fixtures were run sometime
56
+ And her session store should have <%= file_name %>_id: 4
57
+
58
+ #
59
+ # Log in unsuccessfully
60
+ #
61
+
62
+ Scenario: Logged-in <%= file_name %> who fails logs in should be logged out
63
+ Given an activated <%= file_name %> named 'oona'
64
+ When she creates a singular <%= controller_file_name %> with login: 'oona', password: '1234oona', remember me: '1'
65
+ Then she should be redirected to the home page
66
+ When she follows that redirect!
67
+ Then she should see a notice message 'Logged in successfully'
68
+ And oona should be logged in
69
+ And she should have an auth_token cookie
70
+ When she creates a singular <%= controller_file_name %> with login: 'reggie', password: 'i_haxxor_joo'
71
+ Then she should be at the new <%= controller_file_name %> page
72
+ Then she should see an error message 'Couldn't log you in as 'reggie''
73
+ And she should not be logged in
74
+ And she should not have an auth_token cookie
75
+ And her session store should not have <%= file_name %>_id
76
+
77
+ Scenario: Log-in with bogus info should fail until it doesn't
78
+ Given an activated <%= file_name %> named 'reggie'
79
+ When she creates a singular <%= controller_file_name %> with login: 'reggie', password: 'i_haxxor_joo'
80
+ Then she should be at the new <%= controller_file_name %> page
81
+ Then she should see an error message 'Couldn't log you in as 'reggie''
82
+ And she should not be logged in
83
+ And she should not have an auth_token cookie
84
+ And her session store should not have <%= file_name %>_id
85
+ When she creates a singular <%= controller_file_name %> with login: 'reggie', password: ''
86
+ Then she should be at the new <%= controller_file_name %> page
87
+ Then she should see an error message 'Couldn't log you in as 'reggie''
88
+ And she should not be logged in
89
+ And she should not have an auth_token cookie
90
+ And her session store should not have <%= file_name %>_id
91
+ When she creates a singular <%= controller_file_name %> with login: '', password: 'monkey'
92
+ Then she should be at the new <%= controller_file_name %> page
93
+ Then she should see an error message 'Couldn't log you in as '''
94
+ And she should not be logged in
95
+ And she should not have an auth_token cookie
96
+ And her session store should not have <%= file_name %>_id
97
+ When she creates a singular <%= controller_file_name %> with login: 'leonard_shelby', password: 'monkey'
98
+ Then she should be at the new <%= controller_file_name %> page
99
+ Then she should see an error message 'Couldn't log you in as 'leonard_shelby''
100
+ And she should not be logged in
101
+ And she should not have an auth_token cookie
102
+ And her session store should not have <%= file_name %>_id
103
+ When she creates a singular <%= controller_file_name %> with login: 'reggie', password: 'monkey', remember me: '1'
104
+ Then she should be redirected to the home page
105
+ When she follows that redirect!
106
+ Then she should see a notice message 'Logged in successfully'
107
+ And reggie should be logged in
108
+ And she should have an auth_token cookie
109
+ # assumes fixtures were run sometime
110
+ And her session store should have <%= file_name %>_id: 4
111
+
112
+
113
+ #
114
+ # Log out successfully (should always succeed)
115
+ #
116
+ Scenario: Anonymous (logged out) <%= file_name %> can log out.
117
+ Given an anonymous <%= file_name %>
118
+ When she goes to /logout
119
+ Then she should be redirected to the home page
120
+ When she follows that redirect!
121
+ Then she should see a notice message 'You have been logged out'
122
+ And she should not be logged in
123
+ And she should not have an auth_token cookie
124
+ And her session store should not have <%= file_name %>_id
125
+
126
+ Scenario: Logged in <%= file_name %> can log out.
127
+ Given an activated <%= file_name %> logged in as 'reggie'
128
+ When she goes to /logout
129
+ Then she should be redirected to the home page
130
+ When she follows that redirect!
131
+ Then she should see a notice message 'You have been logged out'
132
+ And she should not be logged in
133
+ And she should not have an auth_token cookie
134
+ And her session store should not have <%= file_name %>_id