RubyGems - flexi_generators - Versions diffs - 0.1.0 - Mend

flexi_generators 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (137) hide show

data/generators/flexi_authentication/templates/authentication.rb ADDED Viewed

@@ -0,0 +1,61 @@
+# This module is included in your application controller which makes
+# several methods available to all controllers and views. Here's a
+# common example you might add to your application layout file.
+#
+#   <%% if logged_in? %>
+#     Welcome <%%=h current_<%= user_singular_name %>.username %>! Not you?
+#     <%%= link_to "Log out", logout_path %>
+#   <%% else %>
+#     <%%= link_to "Sign up", signup_path %> or
+#     <%%= link_to "log in", login_path %>.
+#   <%% end %>
+#
+# You can also restrict unregistered users from accessing a controller using
+# a before filter. For example.
+#
+#   before_filter :login_required, :except => [:index, :show]
+module Authentication
+  def self.included(controller)
+    controller.send :helper_method, :current_<%= user_singular_name %>, :logged_in?, :redirect_to_target_or_default
+    controller.filter_parameter_logging :password
+  end
+<%- if options[:authlogic] -%>
+  def current_<%= session_singular_name %>
+    return @current_<%= session_singular_name %> if defined?(@current_<%= session_singular_name %>)
+    @current_<%= session_singular_name %> = <%= session_class_name %>.find
+  end
+  def current_<%= user_singular_name %>
+    return @current_<%= user_singular_name %> if defined?(@current_<%= user_singular_name %>)
+    @current_<%= user_singular_name %> = current_<%= session_singular_name %> && current_<%= session_singular_name %>.record
+  end
+<%- else -%>
+  def current_<%= user_singular_name %>
+    @current_<%= user_singular_name %> ||= <%= user_class_name %>.find(session[:<%= user_singular_name %>_id]) if session[:<%= user_singular_name %>_id]
+  end
+<%- end -%>
+  def logged_in?
+    current_<%= user_singular_name %>
+  end
+  def login_required
+    unless logged_in?
+      flash[:error] = "É necessária a autenticação para ter acesso a esta página."
+      store_target_location
+      redirect_to login_url
+    end
+  end
+  def redirect_to_target_or_default(default)
+    redirect_to(session[:return_to] || default)
+    session[:return_to] = nil
+  end
+  private
+  def store_target_location
+    session[:return_to] = request.request_uri
+  end
+end

data/generators/flexi_authentication/templates/authlogic_session.rb ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ class <%= session_class_name %> < Authlogic::Session::Base
2	+ end

data/generators/flexi_authentication/templates/fixtures.yml ADDED Viewed

@@ -0,0 +1,24 @@
+# password: "secret"
+foo:
+  username: foo
+  email: foo@example.com
+<%- if options[:authlogic] -%>
+  persistence_token: d5ddba13ed4408ea2b0a12ab18ed2d2eda086279736bdc121ca726a11f1e4b99217d9c534c2cc4ebb22729349c8c5fdbe1529e1f2c3c5859c62ef4dd9feea25c
+  crypted_password: 3d16c326648cccafe3d4b4cb024475c381dda92f430dfedf6f933e1f61203bacb6bae2437849bdb43b06be335e23790e4aa03902b3c28c3bbbbe27d501e521f3
+  password_salt: n6z_wtpWoIsHgQb5IcFd
+<%- else -%>
+  password_hash: 3488f5f7efecab14b91eb96169e5e1ee518a569f
+  password_salt: bef65e058905c379436d80d1a32e7374b139e7b0
+<%- end -%>
+bar:
+  username: bar
+  email: bar@example.com
+<%- if options[:authlogic] -%>
+  persistence_token: 19e074bd7cb506ab3e7e53e41f24f0ab3221c8cb68111f4c1aa43965114ad734233979a50a9463537487cdca18c279ac91c4bc83693d589625d446493322394c
+  crypted_password: 3bc9f4113ca645a186765df3d31a9352d0067bf2304ba0cdd6b08a7f3d58c6668ab1762fa3e76aef466ea2ff188399d8e6c40244fa59312bb4112292dac9f7f0
+  password_salt: UiAh9ejabnKRxqsiK0xO
+<%- else -%>
+  password_hash: 3488f5f7efecab14b91eb96169e5e1ee518a569f
+  password_salt: bef65e058905c379436d80d1a32e7374b139e7b0
+<%- end -%>

data/generators/flexi_authentication/templates/migration.rb ADDED Viewed

@@ -0,0 +1,30 @@
+class Create<%= user_plural_class_name %> < ActiveRecord::Migration
+  def self.up
+    create_table :<%= user_plural_name %> do |t|
+      t.string :username
+      t.string :email
+    <%- if options[:authlogic] -%>
+      t.string :persistence_token
+      t.string :crypted_password
+    <%- else -%>
+      t.string :password_hash
+    <%- end -%>
+      t.string :password_salt
+      t.timestamps
+    end
+    <%- if options[:authlogic] -%>
+      # ...
+	<%- else -%>
+	execute "INSERT INTO <%= user_plural_name %> (username,email,password_hash,password_salt) VALUES ('admin','admin@admin.com','3dad6da7754a5de4c3d46fc3901adf1a1ae9ce18','4207a4c0006e0b01da91693066d91a5e34fa7fb9')"
+	  puts ""
+	  puts "Username: admin"
+	  puts "Password: admin123"
+	  puts ""
+    <%- end -%>
+  end
+  def self.down
+    drop_table :<%= user_plural_name %>
+  end
+end

data/generators/flexi_authentication/templates/sessions_controller.rb ADDED Viewed

@@ -0,0 +1,52 @@
+class <%= session_plural_class_name %>Controller < ApplicationController
+<%- if options[:authlogic] -%>
+  skip_before_filter :login_required
+  layout 'login'
+  def new
+    @<%= session_singular_name %> = <%= session_class_name %>.new
+  end
+  def create
+    @<%= session_singular_name %> = <%= session_class_name %>.new(params[:<%= session_singular_name %>])
+    if @<%= session_singular_name %>.save
+      flash[:notice] = "Bem-vindo!"
+      redirect_to_target_or_default(root_url)
+    else
+      flash.now[:error] = "Usuário/E-mail ou senha inválidos."
+      render :action => 'new'
+    end
+  end
+  def destroy
+    @<%= session_singular_name %> = <%= session_class_name %>.find
+    @<%= session_singular_name %>.destroy
+    redirect_to root_url
+  end
+<%- else -%>
+  skip_before_filter :login_required
+  layout 'login'
+  def new
+  end
+  def create
+    <%= user_singular_name %> = <%= user_class_name %>.authenticate(params[:login], params[:password])
+    if <%= user_singular_name %>
+      session[:<%= user_singular_name %>_id] = <%= user_singular_name %>.id
+      flash[:notice] = "Bem-vindo!"
+      redirect_to admin_home_url
+    else
+      flash.now[:error] = "Usuário/E-mail  ou senha inválidos."
+      render :action => 'new'
+    end
+  end
+  def destroy
+    session[:<%= user_singular_name %>_id] = nil
+    redirect_to root_url
+  end
+<%- end -%>
+end

data/generators/flexi_authentication/templates/sessions_helper.rb ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ module <%= session_plural_class_name %>Helper
2	+ end

data/generators/flexi_authentication/templates/tests/rspec/sessions_controller.rb ADDED Viewed

@@ -0,0 +1,39 @@
+require File.dirname(__FILE__) + '/../spec_helper'
+describe <%= session_plural_class_name %>Controller do
+  fixtures :all
+  integrate_views
+  it "new action should render new template" do
+    get :new
+    response.should render_template(:new)
+  end
+<%- if options[:authlogic] -%>
+  it "create action should render new template when authentication is invalid" do
+    post :create, :<%= session_singular_name %> => { :username => "foo", :password => "badpassword" }
+    response.should render_template(:new)
+    <%= session_class_name %>.find.should be_nil
+  end
+  it "create action should redirect when authentication is valid" do
+    post :create, :<%= session_singular_name %> => { :username => "foo", :password => "secret" }
+    response.should redirect_to(root_url)
+    <%= session_class_name %>.find.<%= user_singular_name %>.should == <%= user_plural_name %>(:foo)
+  end
+<%- else -%>
+  it "create action should render new template when authentication is invalid" do
+    <%= user_class_name %>.stubs(:authenticate).returns(nil)
+    post :create
+    response.should render_template(:new)
+    session['<%= user_singular_name %>_id'].should be_nil
+  end
+  it "create action should redirect when authentication is valid" do
+    <%= user_class_name %>.stubs(:authenticate).returns(<%= user_class_name %>.first)
+    post :create
+    response.should redirect_to(root_url)
+    session['<%= user_singular_name %>_id'].should == <%= user_class_name %>.first.id
+  end
+<%- end -%>
+end

data/generators/flexi_authentication/templates/tests/rspec/user.rb ADDED Viewed

@@ -0,0 +1,83 @@
+require File.dirname(__FILE__) + '/../spec_helper'
+describe <%= user_class_name %> do
+<%- unless options[:authlogic] -%>
+  def new_<%= user_singular_name %>(attributes = {})
+    attributes[:username] ||= 'foo'
+    attributes[:email] ||= 'foo@example.com'
+    attributes[:password] ||= 'abc123'
+    attributes[:password_confirmation] ||= attributes[:password]
+    <%= user_class_name %>.new(attributes)
+  end
+  before(:each) do
+    <%= user_class_name %>.delete_all
+  end
+  it "should be valid" do
+    new_<%= user_singular_name %>.should be_valid
+  end
+  it "should require username" do
+    new_<%= user_singular_name %>(:username => '').should have(1).error_on(:username)
+  end
+  it "should require password" do
+    new_<%= user_singular_name %>(:password => '').should have(1).error_on(:password)
+  end
+  it "should require well formed email" do
+    new_<%= user_singular_name %>(:email => 'foo@bar@example.com').should have(1).error_on(:email)
+  end
+  it "should validate uniqueness of email" do
+    new_<%= user_singular_name %>(:email => 'bar@example.com').save!
+    new_<%= user_singular_name %>(:email => 'bar@example.com').should have(1).error_on(:email)
+  end
+  it "should validate uniqueness of username" do
+    new_<%= user_singular_name %>(:username => 'uniquename').save!
+    new_<%= user_singular_name %>(:username => 'uniquename').should have(1).error_on(:username)
+  end
+  it "should not allow odd characters in username" do
+    new_<%= user_singular_name %>(:username => 'odd ^&(@)').should have(1).error_on(:username)
+  end
+  it "should validate password is longer than 3 characters" do
+    new_<%= user_singular_name %>(:password => 'bad').should have(1).error_on(:password)
+  end
+  it "should require matching password confirmation" do
+    new_<%= user_singular_name %>(:password_confirmation => 'nonmatching').should have(1).error_on(:password)
+  end
+  it "should generate password hash and salt on create" do
+    <%= user_singular_name %> = new_<%= user_singular_name %>
+    <%= user_singular_name %>.save!
+    <%= user_singular_name %>.password_hash.should_not be_nil
+    <%= user_singular_name %>.password_salt.should_not be_nil
+  end
+  it "should authenticate by username" do
+    <%= user_singular_name %> = new_<%= user_singular_name %>(:username => 'foobar', :password => 'secret')
+    <%= user_singular_name %>.save!
+    <%= user_class_name %>.authenticate('foobar', 'secret').should == <%= user_singular_name %>
+  end
+  it "should authenticate by email" do
+    <%= user_singular_name %> = new_<%= user_singular_name %>(:email => 'foo@bar.com', :password => 'secret')
+    <%= user_singular_name %>.save!
+    <%= user_class_name %>.authenticate('foo@bar.com', 'secret').should == <%= user_singular_name %>
+  end
+  it "should not authenticate bad username" do
+    <%= user_class_name %>.authenticate('nonexisting', 'secret').should be_nil
+  end
+  it "should not authenticate bad password" do
+    new_<%= user_singular_name %>(:username => 'foobar', :password => 'secret').save!
+    <%= user_class_name %>.authenticate('foobar', 'badpassword').should be_nil
+  end
+<%- end -%>
+end

data/generators/flexi_authentication/templates/tests/rspec/users_controller.rb ADDED Viewed

@@ -0,0 +1,26 @@
+require File.dirname(__FILE__) + '/../spec_helper'
+describe <%= user_plural_class_name %>Controller do
+  fixtures :all
+  integrate_views
+  it "new action should render new template" do
+    get :new
+    response.should render_template(:new)
+  end
+  it "create action should render new template when model is invalid" do
+    <%= user_class_name %>.any_instance.stubs(:valid?).returns(false)
+    post :create
+    response.should render_template(:new)
+  end
+  it "create action should redirect when model is valid" do
+    <%= user_class_name %>.any_instance.stubs(:valid?).returns(true)
+    post :create
+    response.should redirect_to(root_url)
+  <%- unless options[:authlogic] -%>
+    session['<%= user_singular_name %>_id'].should == assigns['<%= user_singular_name %>'].id
+  <%- end -%>
+  end
+end

data/generators/flexi_authentication/templates/tests/shoulda/sessions_controller.rb ADDED Viewed

@@ -0,0 +1,40 @@
+require 'test_helper'
+class <%= session_plural_class_name %>ControllerTest < ActionController::TestCase
+  context "new action" do
+    should "render new template" do
+      get :new
+      assert_template 'new'
+    end
+  end
+  context "create action" do
+  <%- if options[:authlogic] -%>
+    should "render new template when authentication is invalid" do
+      post :create, :<%= session_singular_name %> => { :username => "foo", :password => "badpassword" }
+      assert_template 'new'
+      assert_nil <%= session_class_name %>.find
+    end
+    should "redirect when authentication is valid" do
+      post :create, :<%= session_singular_name %> => { :username => "foo", :password => "secret" }
+      assert_redirected_to root_url
+      assert_equal <%= user_plural_name %>(:foo), <%= session_class_name %>.find.<%= user_singular_name %>
+    end
+  <%- else -%>
+    should "render new template when authentication is invalid" do
+      <%= user_class_name %>.stubs(:authenticate).returns(nil)
+      post :create
+      assert_template 'new'
+      assert_nil session['<%= user_singular_name %>_id']
+    end
+    should "redirect when authentication is valid" do
+      <%= user_class_name %>.stubs(:authenticate).returns(<%= user_class_name %>.first)
+      post :create
+      assert_redirected_to root_url
+      assert_equal <%= user_class_name %>.first.id, session['<%= user_singular_name %>_id']
+    end
+  <%- end -%>
+  end
+end

data/generators/flexi_authentication/templates/tests/shoulda/user.rb ADDED Viewed

@@ -0,0 +1,85 @@
+require 'test_helper'
+class <%= user_class_name %>Test < ActiveSupport::TestCase
+<%- unless options[:authlogic] -%>
+  def new_<%= user_singular_name %>(attributes = {})
+    attributes[:username] ||= 'foo'
+    attributes[:email] ||= 'foo@example.com'
+    attributes[:password] ||= 'abc123'
+    attributes[:password_confirmation] ||= attributes[:password]
+    <%= user_singular_name %> = <%= user_class_name %>.new(attributes)
+    <%= user_singular_name %>.valid? # run validations
+    <%= user_singular_name %>
+  end
+  def setup
+    <%= user_class_name %>.delete_all
+  end
+  should "be valid" do
+    assert new_<%= user_singular_name %>.valid?
+  end
+  should "require username" do
+    assert new_<%= user_singular_name %>(:username => '').errors.on(:username)
+  end
+  should "require password" do
+    assert new_<%= user_singular_name %>(:password => '').errors.on(:password)
+  end
+  should "require well formed email" do
+    assert new_<%= user_singular_name %>(:email => 'foo@bar@example.com').errors.on(:email)
+  end
+  should "validate uniqueness of email" do
+    new_<%= user_singular_name %>(:email => 'bar@example.com').save!
+    assert new_<%= user_singular_name %>(:email => 'bar@example.com').errors.on(:email)
+  end
+  should "validate uniqueness of username" do
+    new_<%= user_singular_name %>(:username => 'uniquename').save!
+    assert new_<%= user_singular_name %>(:username => 'uniquename').errors.on(:username)
+  end
+  should "not allow odd characters in username" do
+    assert new_<%= user_singular_name %>(:username => 'odd ^&(@)').errors.on(:username)
+  end
+  should "validate password is longer than 3 characters" do
+    assert new_<%= user_singular_name %>(:password => 'bad').errors.on(:password)
+  end
+  should "require matching password confirmation" do
+    assert new_<%= user_singular_name %>(:password_confirmation => 'nonmatching').errors.on(:password)
+  end
+  should "generate password hash and salt on create" do
+    <%= user_singular_name %> = new_<%= user_singular_name %>
+    <%= user_singular_name %>.save!
+    assert <%= user_singular_name %>.password_hash
+    assert <%= user_singular_name %>.password_salt
+  end
+  should "authenticate by username" do
+    <%= user_singular_name %> = new_<%= user_singular_name %>(:username => 'foobar', :password => 'secret')
+    <%= user_singular_name %>.save!
+    assert_equal <%= user_singular_name %>, <%= user_class_name %>.authenticate('foobar', 'secret')
+  end
+  should "authenticate by email" do
+    <%= user_singular_name %> = new_<%= user_singular_name %>(:email => 'foo@bar.com', :password => 'secret')
+    <%= user_singular_name %>.save!
+    assert_equal <%= user_singular_name %>, <%= user_class_name %>.authenticate('foo@bar.com', 'secret')
+  end
+  should "not authenticate bad username" do
+    assert_nil <%= user_class_name %>.authenticate('nonexisting', 'secret')
+  end
+  should "not authenticate bad password" do
+    new_<%= user_singular_name %>(:username => 'foobar', :password => 'secret').save!
+    assert_nil <%= user_class_name %>.authenticate('foobar', 'badpassword')
+  end
+<%- end -%>
+end

data/generators/flexi_authentication/templates/tests/shoulda/users_controller.rb ADDED Viewed

@@ -0,0 +1,27 @@
+require 'test_helper'
+class <%= user_plural_class_name %>ControllerTest < ActionController::TestCase
+  context "new action" do
+    should "render new template" do
+      get :new
+      assert_template 'new'
+    end
+  end
+  context "create action" do
+    should "render new template when model is invalid" do
+      <%= user_class_name %>.any_instance.stubs(:valid?).returns(false)
+      post :create
+      assert_template 'new'
+    end
+    should "redirect when model is valid" do
+      <%= user_class_name %>.any_instance.stubs(:valid?).returns(true)
+      post :create
+      assert_redirected_to root_url
+    <%- unless options[:authlogic] -%>
+      assert_equal assigns['<%= user_singular_name %>'].id, session['<%= user_singular_name %>_id']
+    <%- end -%>
+    end
+  end
+end

data/generators/flexi_authentication/templates/tests/testunit/sessions_controller.rb ADDED Viewed

@@ -0,0 +1,36 @@
+require 'test_helper'
+class <%= session_plural_class_name %>ControllerTest < ActionController::TestCase
+  def test_new
+    get :new
+    assert_template 'new'
+  end
+<%- if options[:authlogic] -%>
+  def test_create_invalid
+    post :create, :<%= session_singular_name %> => { :username => "foo", :password => "badpassword" }
+    assert_template 'new'
+    assert_nil <%= session_class_name %>.find
+  end
+  def test_create_valid
+    post :create, :<%= session_singular_name %> => { :username => "foo", :password => "secret" }
+    assert_redirected_to root_url
+    assert_equal <%= user_plural_name %>(:foo), <%= session_class_name %>.find.<%= user_singular_name %>
+  end
+<%- else -%>
+  def test_create_invalid
+    <%= user_class_name %>.stubs(:authenticate).returns(nil)
+    post :create
+    assert_template 'new'
+    assert_nil session['<%= user_singular_name %>_id']
+  end
+  def test_create_valid
+    <%= user_class_name %>.stubs(:authenticate).returns(<%= user_class_name %>.first)
+    post :create
+    assert_redirected_to root_url
+    assert_equal <%= user_class_name %>.first.id, session['<%= user_singular_name %>_id']
+  end
+<%- end -%>
+end

data/generators/flexi_authentication/templates/tests/testunit/user.rb ADDED Viewed

@@ -0,0 +1,88 @@
+require 'test_helper'
+class <%= user_class_name %>Test < ActiveSupport::TestCase
+<%- unless options[:authlogic] -%>
+  def new_<%= user_singular_name %>(attributes = {})
+    attributes[:username] ||= 'foo'
+    attributes[:email] ||= 'foo@example.com'
+    attributes[:password] ||= 'abc123'
+    attributes[:password_confirmation] ||= attributes[:password]
+    <%= user_singular_name %> = <%= user_class_name %>.new(attributes)
+    <%= user_singular_name %>.valid? # run validations
+    <%= user_singular_name %>
+  end
+  def setup
+    <%= user_class_name %>.delete_all
+  end
+  def test_valid
+    assert new_<%= user_singular_name %>.valid?
+  end
+  def test_require_username
+    assert new_<%= user_singular_name %>(:username => '').errors.on(:username)
+  end
+  def test_require_password
+    assert new_<%= user_singular_name %>(:password => '').errors.on(:password)
+  end
+  def test_require_well_formed_email
+    assert new_<%= user_singular_name %>(:email => 'foo@bar@example.com').errors.on(:email)
+  end
+  def test_validate_uniqueness_of_email
+    new_<%= user_singular_name %>(:email => 'bar@example.com').save!
+    assert new_<%= user_singular_name %>(:email => 'bar@example.com').errors.on(:email)
+  end
+  def test_validate_uniqueness_of_username
+    new_<%= user_singular_name %>(:username => 'uniquename').save!
+    assert new_<%= user_singular_name %>(:username => 'uniquename').errors.on(:username)
+  end
+  def test_validate_odd_characters_in_username
+    assert new_<%= user_singular_name %>(:username => 'odd ^&(@)').errors.on(:username)
+  end
+  def test_validate_password_length
+    assert new_<%= user_singular_name %>(:password => 'bad').errors.on(:password)
+  end
+  def test_require_matching_password_confirmation
+    assert new_<%= user_singular_name %>(:password_confirmation => 'nonmatching').errors.on(:password)
+  end
+  def test_generate_password_hash_and_salt_on_create
+    <%= user_singular_name %> = new_<%= user_singular_name %>
+    <%= user_singular_name %>.save!
+    assert <%= user_singular_name %>.password_hash
+    assert <%= user_singular_name %>.password_salt
+  end
+  def test_authenticate_by_username
+    <%= user_class_name %>.delete_all
+    <%= user_singular_name %> = new_<%= user_singular_name %>(:username => 'foobar', :password => 'secret')
+    <%= user_singular_name %>.save!
+    assert_equal <%= user_singular_name %>, <%= user_class_name %>.authenticate('foobar', 'secret')
+  end
+  def test_authenticate_by_email
+    <%= user_class_name %>.delete_all
+    <%= user_singular_name %> = new_<%= user_singular_name %>(:email => 'foo@bar.com', :password => 'secret')
+    <%= user_singular_name %>.save!
+    assert_equal <%= user_singular_name %>, <%= user_class_name %>.authenticate('foo@bar.com', 'secret')
+  end
+  def test_authenticate_bad_username
+    assert_nil <%= user_class_name %>.authenticate('nonexisting', 'secret')
+  end
+  def test_authenticate_bad_password
+    <%= user_class_name %>.delete_all
+    new_<%= user_singular_name %>(:username => 'foobar', :password => 'secret').save!
+    assert_nil <%= user_class_name %>.authenticate('foobar', 'badpassword')
+  end
+<%- end -%>
+end

data/generators/flexi_authentication/templates/tests/testunit/users_controller.rb ADDED Viewed

@@ -0,0 +1,23 @@
+require 'test_helper'
+class <%= user_plural_class_name %>ControllerTest < ActionController::TestCase
+  def test_new
+    get :new
+    assert_template 'new'
+  end
+  def test_create_invalid
+    <%= user_class_name %>.any_instance.stubs(:valid?).returns(false)
+    post :create
+    assert_template 'new'
+  end
+  def test_create_valid
+    <%= user_class_name %>.any_instance.stubs(:valid?).returns(true)
+    post :create
+    assert_redirected_to root_url
+  <%- unless options[:authlogic] -%>
+    assert_equal assigns['<%= user_singular_name %>'].id, session['<%= user_singular_name %>_id']
+  <%- end -%>
+  end
+end

data/generators/flexi_authentication/templates/user.rb ADDED Viewed

@@ -0,0 +1,43 @@
+class <%= user_class_name %> < ActiveRecord::Base
+<%- if options[:authlogic] -%>
+  acts_as_authentic
+<%- else -%>
+  # new columns need to be added here to be writable through mass assignment
+  attr_accessible :username, :email, :password, :password_confirmation
+  attr_accessor :password
+  before_save :prepare_password
+  validates_presence_of :username
+  validates_uniqueness_of :username, :email, :allow_blank => true
+  validates_format_of :username, :with => /^[-\w\._@]+$/i, :allow_blank => true, :message => "should only contain letters, numbers, or .-_@"
+  validates_format_of :email, :with => /^[-a-z0-9_+\.]+\@([-a-z0-9]+\.)+[a-z0-9]{2,4}$/i
+  validates_presence_of :password, :on => :create
+  validates_presence_of :password_confirmation, :on => :create
+  validates_confirmation_of :password
+  validates_length_of :password, :minimum => 4, :allow_blank => true
+  # login can be either username or email address
+  def self.authenticate(login, pass)
+    <%= user_singular_name %> = find_by_username(login) || find_by_email(login)
+    return <%= user_singular_name %> if <%= user_singular_name %> && <%= user_singular_name %>.matching_password?(pass)
+  end
+  def matching_password?(pass)
+    self.password_hash == encrypt_password(pass)
+  end
+  private
+  def prepare_password
+    unless password.blank?
+      self.password_salt = Digest::SHA1.hexdigest([Time.now, rand].join)
+      self.password_hash = encrypt_password(password)
+    end
+  end
+  def encrypt_password(pass)
+    Digest::SHA1.hexdigest([pass, password_salt].join)
+  end
+<%- end -%>
+end