jeremydurham-restful_authentication 1.1.2

data/generators/authenticated/templates/observer.rb

@@ -0,0 +1,11 @@
+class <%= class_name %>Observer < ActiveRecord::Observer
+  def after_create(<%= file_name %>)
+    <%= class_name %>Mailer.deliver_signup_notification(<%= file_name %>)
+  end
+
+  def after_save(<%= file_name %>)
+  <% if options[:include_activation] %>
+    <%= class_name %>Mailer.deliver_activation(<%= file_name %>) if <%= file_name %>.recently_activated?
+  <% end %>
+  end
+end

data/generators/authenticated/templates/signup.html.erb

@@ -0,0 +1,19 @@
+<h1>Sign up as a new user</h1>
+<%% @<%= file_name %>.password = @<%= file_name %>.password_confirmation = nil %>
+
+<%% form_for :<%= file_name %>, :url => <%= model_controller_routing_name %>_path do |f| -%>
+<%%= f.error_messages %>
+<p><%%= f.label :login %><br/>
+<%%= f.text_field :login %></p>
+
+<p><%%= f.label :email %><br/>
+<%%= f.text_field :email %></p>
+
+<p><%%= f.label :password %><br/>
+<%%= f.password_field :password %></p>
+
+<p><%%= f.label :password_confirmation, 'Confirm Password' %><br/>
+<%%= f.password_field :password_confirmation %></p>
+
+<p><%%= f.submit 'Sign up' %></p>
+<%% end -%>

data/generators/authenticated/templates/signup_notification.erb

@@ -0,0 +1,8 @@
+Your account has been created.
+
+  Username: <%%=h @<%= file_name %>.login %>
+  Password: <%%=h @<%= file_name %>.password %>
+
+Visit this url to activate your account:
+
+  <%%=h @url %>

data/generators/authenticated/templates/site_keys.rb

@@ -0,0 +1,38 @@
+
+# A Site key gives additional protection against a dictionary attack if your
+# DB is ever compromised.  With no site key, we store
+#   DB_password = hash(user_password, DB_user_salt)
+# If your database were to be compromised you'd be vulnerable to a dictionary
+# attack on all your stupid users' passwords.  With a site key, we store
+#   DB_password = hash(user_password, DB_user_salt, Code_site_key)
+# That means an attacker needs access to both your site's code *and* its
+# database to mount an "offline dictionary attack.":http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/web-authentication.html
+# 
+# It's probably of minor importance, but recommended by best practices: 'defense
+# in depth'.  Needless to say, if you upload this to github or the youtubes or
+# otherwise place it in public view you'll kinda defeat the point.  Your users'
+# passwords are still secure, and the world won't end, but defense_in_depth -= 1.
+# 
+# Please note: if you change this, all the passwords will be invalidated, so DO
+# keep it someplace secure.  Use the random value given or type in the lyrics to
+# your favorite Jay-Z song or something; any moderately long, unpredictable text.
+REST_AUTH_SITE_KEY         = '<%= $rest_auth_site_key_from_generator %>'
+  
+# Repeated applications of the hash make brute force (even with a compromised
+# database and site key) harder, and scale with Moore's law.
+#
+#   bq. "To squeeze the most security out of a limited-entropy password or
+#   passphrase, we can use two techniques [salting and stretching]... that are
+#   so simple and obvious that they should be used in every password system.
+#   There is really no excuse not to use them." http://tinyurl.com/37lb73
+#   Practical Security (Ferguson & Scheier) p350
+# 
+# A modest 10 foldings (the default here) adds 3ms.  This makes brute forcing 10
+# times harder, while reducing an app that otherwise serves 100 reqs/s to 78 signin
+# reqs/s, an app that does 10reqs/s to 9.7 reqs/s
+# 
+# More:
+# * http://www.owasp.org/index.php/Hashing_Java
+# * "An Illustrated Guide to Cryptographic Hashes":http://www.unixwiz.net/techtips/iguide-crypto-hashes.html
+
+REST_AUTH_DIGEST_STRETCHES = <%= $rest_auth_digest_stretches_from_generator %>

data/generators/authenticated/templates/spec/blueprints/user.rb

@@ -0,0 +1,6 @@
+<%= class_name %>.blueprint do
+  login { Faker::Internet.user_name }
+  password 'testing'
+  password_confirmation { password }
+  email { Faker::Internet.email }
+end

data/generators/authenticated/templates/spec/controllers/access_control_spec.rb

@@ -0,0 +1,89 @@
+require File.dirname(__FILE__) + '<%= ('/..'*controller_class_nesting_depth) + '/../spec_helper' %>'
+  # Be sure to include AuthenticatedTestHelper in spec/spec_helper.rb instead
+# Then, you can remove it from this and the units test.
+include AuthenticatedTestHelper
+
+#
+# A test controller with and without access controls
+#
+class AccessControlTestController < ApplicationController
+  before_filter :login_required, :only => :login_is_required
+  def login_is_required
+    respond_to do |format|
+      @foo = { 'success' => params[:format]||'no fmt given'}
+      format.html do render :text => "success"             end
+      format.xml  do render :xml  => @foo, :status => :ok  end
+      format.json do render :json => @foo, :status => :ok  end
+    end
+  end
+  def login_not_required
+    respond_to do |format|
+      @foo = { 'success' => params[:format]||'no fmt given'}
+      format.html do render :text => "success"             end
+      format.xml  do render :xml  => @foo, :status => :ok  end
+      format.json do render :json => @foo, :status => :ok  end
+    end
+  end
+end
+
+#
+# Access Control
+#
+
+ACCESS_CONTROL_FORMATS = [
+  ['',     "success"],
+  ['xml',  "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<hash>\n  <success>xml</success>\n</hash>\n"],
+  ['json', "{\"success\":\"json\"}"],]
+ACCESS_CONTROL_AM_I_LOGGED_IN = [
+  [:i_am_logged_in,     :quentin],
+  [:i_am_not_logged_in, nil],]
+ACCESS_CONTROL_IS_LOGIN_REQD = [
+  :login_not_required,
+  :login_is_required,]
+
+describe AccessControlTestController do
+  before do
+    # is there a better way to do this?
+    ActionController::Routing::Routes.add_route '/login_is_required',           :controller => 'access_control_test',   :action => 'login_is_required'
+    ActionController::Routing::Routes.add_route '/login_not_required',          :controller => 'access_control_test',   :action => 'login_not_required'
+  end
+
+  ACCESS_CONTROL_FORMATS.each do |format, success_text|
+    ACCESS_CONTROL_AM_I_LOGGED_IN.each do |logged_in_status, <%= file_name %>_login|
+      ACCESS_CONTROL_IS_LOGIN_REQD.each do |login_reqd_status|
+        describe "requesting #{format.blank? ? 'html' : format}; #{logged_in_status.to_s.humanize} and #{login_reqd_status.to_s.humanize}" do
+          before do
+            logout_keeping_session!
+            @<%= file_name %> = format.blank? ? log_in : authorize if logged_in_status == :i_am_logged_in
+            get login_reqd_status.to_s, :format => format
+          end
+
+          if ((login_reqd_status == :login_not_required) ||
+              (login_reqd_status == :login_is_required && logged_in_status == :i_am_logged_in))
+            it "succeeds" do
+              response.should have_text(success_text)
+              response.code.to_s.should == '200'
+            end
+
+          elsif (login_reqd_status == :login_is_required && logged_in_status == :i_am_not_logged_in)
+            if ['html', ''].include? format
+              it "redirects me to the log in page" do
+                response.should redirect_to('/<%= controller_routing_path %>/new')
+              end
+            else
+              it "returns 'Access denied' and a 406 (Access Denied) status code" do
+                response.should have_text("HTTP Basic: Access denied.\n")
+                response.code.to_s.should == '401'
+              end
+            end
+
+          else
+            warn "Oops no case for #{format} and #{logged_in_status.to_s.humanize} and #{login_reqd_status.to_s.humanize}"
+          end
+        end # describe
+
+      end
+    end
+  end # cases
+
+end

data/generators/authenticated/templates/spec/controllers/authenticated_system_spec.rb

@@ -0,0 +1,107 @@
+require File.dirname(__FILE__) + '<%= ('/..'*controller_class_nesting_depth) + '/../spec_helper' %>'
+
+# Be sure to include AuthenticatedTestHelper in spec/spec_helper.rb instead
+# Then, you can remove it from this and the units test.
+include AuthenticatedTestHelper
+include AuthenticatedSystem
+def action_name() end
+
+describe <%= controller_class_name %>Controller do  
+  before do
+    # FIXME -- <%= controller_file_name %> controller not testing xml logins 
+    stub!(:authenticate_with_http_basic).and_return nil
+  end    
+  describe "logout_killing_session!" do
+    before do
+      log_in
+      stub!(:reset_session)
+    end
+    it 'resets the session'         do should_receive(:reset_session);         logout_killing_session! end
+    it 'kills my auth_token cookie' do should_receive(:kill_remember_cookie!); logout_killing_session! end
+    it 'nils the current <%= file_name %>'      do logout_killing_session!; current_<%= file_name %>.should be_nil end
+    it 'kills :<%= file_name %>_id session' do
+      session.stub!(:[]=)
+      session.should_receive(:[]=).with(:<%= file_name %>_id, nil).at_least(:once)
+      logout_killing_session!
+    end
+    it 'forgets me' do    
+      current_<%= file_name %>_id = current_<%= file_name %>.id
+      current_<%= file_name %>.remember_me
+      current_<%= file_name %>.remember_token.should_not be_nil 
+      current_<%= file_name %>.remember_token_expires_at.should_not be_nil
+      <%= class_name %>.find(current_<%= file_name %>_id).remember_token.should_not be_nil 
+      <%= class_name %>.find(current_<%= file_name %>_id).remember_token_expires_at.should_not be_nil
+      logout_killing_session!
+      <%= class_name %>.find(current_<%= file_name %>_id).remember_token.should     be_nil 
+      <%= class_name %>.find(current_<%= file_name %>_id).remember_token_expires_at.should     be_nil
+    end
+  end
+
+  describe "logout_keeping_session!" do
+    before do
+      log_in
+      stub!(:reset_session)
+    end
+    it 'does not reset the session' do should_not_receive(:reset_session);   logout_keeping_session! end
+    it 'kills my auth_token cookie' do should_receive(:kill_remember_cookie!); logout_keeping_session! end
+    it 'nils the current <%= file_name %>'      do logout_keeping_session!; current_<%= file_name %>.should be_nil end
+    it 'kills :<%= file_name %>_id session' do
+      session.stub!(:[]=)
+      session.should_receive(:[]=).with(:<%= file_name %>_id, nil).at_least(:once)
+      logout_keeping_session!
+    end
+    it 'forgets me' do    
+      current_<%= file_name %>_id = current_<%= file_name %>.id
+      current_<%= file_name %>.remember_me
+      current_<%= file_name  %>.remember_token.should_not be_nil; current_<%= file_name %>.remember_token_expires_at.should_not be_nil
+      <%= class_name %>.find(current_<%= file_name %>_id).remember_token.should_not            be_nil
+      <%= class_name %>.find(current_<%= file_name %>_id).remember_token_expires_at.should_not be_nil
+      logout_keeping_session!
+      <%= class_name %>.find(current_<%= file_name %>_id).remember_token.should                be_nil
+      <%= class_name %>.find(current_<%= file_name %>_id).remember_token_expires_at.should     be_nil
+    end
+  end
+  
+  describe 'When logged out' do 
+    it "should not be authorized?" do
+      authorized?().should be_false
+    end    
+  end
+
+  #
+  # Cookie Login
+  #
+  describe "Logging in by cookie" do
+    def set_remember_token token, time
+      @<%= file_name %>[:remember_token]            = token
+      @<%= file_name %>[:remember_token_expires_at] = time
+      @<%= file_name %>.save!
+    end    
+    before do 
+      @<%= file_name %> = <%= class_name %>.make
+      set_remember_token 'hello!', 5.minutes.from_now
+    end    
+    it 'logs in with cookie' do
+      stub!(:cookies).and_return({ :auth_token => 'hello!' })
+      logged_in?.should be_true
+    end
+    
+    it 'fails cookie login with bad cookie' do
+      should_receive(:cookies).at_least(:once).and_return({ :auth_token => 'i_haxxor_joo' })
+      logged_in?.should_not be_true
+    end
+    
+    it 'fails cookie login with no cookie' do
+      set_remember_token nil, nil
+      should_receive(:cookies).at_least(:once).and_return({ })
+      logged_in?.should_not be_true
+    end
+    
+    it 'fails expired cookie login' do
+      set_remember_token 'hello!', 5.minutes.ago
+      stub!(:cookies).and_return({ :auth_token => 'hello!' })
+      logged_in?.should_not be_true
+    end
+  end
+  
+end

data/generators/authenticated/templates/spec/controllers/sessions_controller_spec.rb

@@ -0,0 +1,138 @@
+require File.dirname(__FILE__) + '<%= ('/..'*controller_class_nesting_depth) + '/../spec_helper' %>'
+
+# Be sure to include AuthenticatedTestHelper in spec/spec_helper.rb instead
+# Then, you can remove it from this and the units test.
+include AuthenticatedTestHelper
+
+describe <%= controller_class_name %>Controller do
+  before do 
+    @<%= file_name %>  = <%= class_name %>.make
+    @login_params = { :login => 'quentin', :password => 'test' }
+    <%= class_name %>.stub!(:authenticate).with(@login_params[:login], @login_params[:password]).and_return(@<%= file_name %>)
+  end
+  def do_create
+    post :create, @login_params
+  end
+  describe "on successful login," do
+    [ [:nil,       nil,            nil],
+      [:expired,   'valid_token',  15.minutes.ago],
+      [:different, 'i_haxxor_joo', 15.minutes.from_now], 
+      [:valid,     'valid_token',  15.minutes.from_now]
+        ].each do |has_request_token, token_value, token_expiry|
+      [ true, false ].each do |want_remember_me|
+        describe "my request cookie token is #{has_request_token.to_s}," do
+          describe "and ask #{want_remember_me ? 'to' : 'not to'} be remembered" do 
+            before do
+              @ccookies = mock('cookies')
+              controller.stub!(:cookies).and_return(@ccookies)
+              @ccookies.stub!(:[]).with(:auth_token).and_return(token_value)
+              @ccookies.stub!(:delete).with(:auth_token)
+              @ccookies.stub!(:[]=)
+              @<%= file_name %>.stub!(:remember_me) 
+              @<%= file_name %>.stub!(:refresh_token) 
+              @<%= file_name %>.stub!(:forget_me)
+              @<%= file_name %>.stub!(:remember_token).and_return(token_value) 
+              @<%= file_name %>.stub!(:remember_token_expires_at).and_return(token_expiry)
+              @<%= file_name %>.stub!(:remember_token?).and_return(has_request_token == :valid)
+              if want_remember_me
+                @login_params[:remember_me] = '1'
+              else 
+                @login_params[:remember_me] = '0'
+              end
+            end
+            it "kills existing login"        do controller.should_receive(:logout_keeping_session!); do_create; end    
+            it "authorizes me"               do do_create; controller.send(:authorized?).should be_true;   end    
+            it "logs me in"                  do do_create; controller.send(:logged_in?).should  be_true  end    
+            it "greets me nicely"            do do_create; response.flash[:notice].should =~ /success/i   end
+            it "sets/resets/expires cookie"  do controller.should_receive(:handle_remember_cookie!).with(want_remember_me); do_create end
+            it "sends a cookie"              do controller.should_receive(:send_remember_cookie!);  do_create end
+            it 'redirects to the home page'  do do_create; response.should redirect_to('/')   end
+            it "does not reset my session"   do controller.should_not_receive(:reset_session).and_return nil; do_create end # change if you uncomment the reset_session path
+            if (has_request_token == :valid)
+              it 'does not make new token'   do @<%= file_name %>.should_not_receive(:remember_me);   do_create end
+              it 'does refresh token'        do @<%= file_name %>.should_receive(:refresh_token);     do_create end 
+              it "sets an auth cookie"       do do_create;  end
+            else
+              if want_remember_me
+                it 'makes a new token'       do @<%= file_name %>.should_receive(:remember_me);       do_create end 
+                it "does not refresh token"  do @<%= file_name %>.should_not_receive(:refresh_token); do_create end
+                it "sets an auth cookie"       do do_create;  end
+              else 
+                it 'does not make new token' do @<%= file_name %>.should_not_receive(:remember_me);   do_create end
+                it 'does not refresh token'  do @<%= file_name %>.should_not_receive(:refresh_token); do_create end 
+                it 'kills user token'        do @<%= file_name %>.should_receive(:forget_me);         do_create end 
+              end
+            end
+          end # inner describe
+        end
+      end
+    end
+  end
+  
+  describe "on failed login" do
+    before do
+      <%= class_name %>.should_receive(:authenticate).with(anything(), anything()).and_return(nil)
+      log_in
+    end
+    it 'logs out keeping session'   do controller.should_receive(:logout_keeping_session!); do_create end
+    it 'flashes an error'           do do_create; flash[:error].should =~ /Couldn't log you in as 'quentin'/ end
+    it 'renders the log in page'    do do_create; response.should render_template('new')  end
+    it "doesn't log me in"          do do_create; controller.send(:logged_in?).should == false end
+    it "doesn't send password back" do 
+      @login_params[:password] = 'FROBNOZZ'
+      do_create
+      response.should_not have_text(/FROBNOZZ/i)
+    end
+  end
+
+  describe "on signout" do
+    def do_destroy
+      get :destroy
+    end
+    before do 
+      log_in
+    end
+    it 'logs me out'                   do controller.should_receive(:logout_killing_session!); do_destroy end
+    it 'redirects me to the home page' do do_destroy; response.should be_redirect     end
+  end
+  
+end
+
+describe <%= controller_class_name %>Controller do
+  describe "route generation" do
+    it "should route the new <%= controller_controller_name %> action correctly" do
+      route_for(:controller => '<%= controller_controller_name %>', :action => 'new').should == "/login"
+    end
+    it "should route the create <%= controller_controller_name %> correctly" do
+      route_for(:controller => '<%= controller_controller_name %>', :action => 'create').should == { :path => "/<%= controller_routing_path %>", :method => :post }
+    end
+    it "should route the destroy <%= controller_controller_name %> action correctly" do
+      route_for(:controller => '<%= controller_controller_name %>', :action => 'destroy').should == "/logout"
+    end
+  end
+  
+  describe "route recognition" do
+    it "should generate params from GET /login correctly" do
+      params_from(:get, '/login').should == {:controller => '<%= controller_controller_name %>', :action => 'new'}
+    end
+    it "should generate params from POST /<%= controller_routing_path %> correctly" do
+      params_from(:post, '/<%= controller_routing_path %>').should == {:controller => '<%= controller_controller_name %>', :action => 'create'}
+    end
+    it "should generate params from DELETE /<%= controller_routing_path %> correctly" do
+      params_from(:delete, '/logout').should == {:controller => '<%= controller_controller_name %>', :action => 'destroy'}
+    end
+  end
+  
+  describe "named routing" do
+    before(:each) do
+      get :new
+    end
+    it "should route <%= controller_routing_name %>_path() correctly" do
+      <%= controller_routing_name %>_path().should == "/<%= controller_routing_path %>"
+    end
+    it "should route new_<%= controller_routing_name %>_path() correctly" do
+      new_<%= controller_routing_name %>_path().should == "/<%= controller_routing_path %>/new"
+    end
+  end
+  
+end

data/generators/authenticated/templates/spec/controllers/users_controller_spec.rb

@@ -0,0 +1,196 @@
+require File.dirname(__FILE__) + '<%= ('/..'*model_controller_class_nesting_depth) + '/../spec_helper' %>'
+  
+# Be sure to include AuthenticatedTestHelper in spec/spec_helper.rb instead
+# Then, you can remove it from this and the units test.
+include AuthenticatedTestHelper
+
+describe <%= model_controller_class_name %>Controller do
+  it 'allows signup' do
+    lambda do
+      create_<%= file_name %>
+      response.should be_redirect
+    end.should change(<%= class_name %>, :count).by(1)
+  end
+
+  <% if options[:stateful] %>
+  it 'signs up user in pending state' do
+    create_<%= file_name %>
+    assigns(:<%= file_name %>).reload
+    assigns(:<%= file_name %>).should be_pending
+  end<% end %>
+
+<% if options[:include_activation] -%>
+  it 'signs up user with activation code' do
+    create_<%= file_name %>
+    assigns(:<%= file_name %>).reload
+    assigns(:<%= file_name %>).activation_code.should_not be_nil
+  end<% end -%>
+
+  it 'requires login on signup' do
+    lambda do
+      create_<%= file_name %>(:login => nil)
+      assigns[:<%= file_name %>].errors.on(:login).should_not be_nil
+      response.should be_success
+    end.should_not change(<%= class_name %>, :count)
+  end
+  
+  it 'requires password on signup' do
+    lambda do
+      create_<%= file_name %>(:password => nil)
+      assigns[:<%= file_name %>].errors.on(:password).should_not be_nil
+      response.should be_success
+    end.should_not change(<%= class_name %>, :count)
+  end
+  
+  it 'requires password confirmation on signup' do
+    lambda do
+      create_<%= file_name %>(:password_confirmation => nil)
+      assigns[:<%= file_name %>].errors.on(:password_confirmation).should_not be_nil
+      response.should be_success
+    end.should_not change(<%= class_name %>, :count)
+  end
+
+  it 'requires email on signup' do
+    lambda do
+      create_<%= file_name %>(:email => nil)
+      assigns[:<%= file_name %>].errors.on(:email).should_not be_nil
+      response.should be_success
+    end.should_not change(<%= class_name %>, :count)
+  end
+  
+  <% if options[:include_activation] %>
+  it 'activates user' do
+    <%= class_name %>.authenticate('aaron', 'monkey').should be_nil
+    get :activate, :activation_code => <%= table_name %>(:aaron).activation_code
+    response.should redirect_to('/login')
+    flash[:notice].should_not be_nil
+    flash[:error ].should     be_nil
+    <%= class_name %>.authenticate('aaron', 'monkey').should == <%= table_name %>(:aaron)
+  end
+  
+  it 'does not activate user without key' do
+    get :activate
+    flash[:notice].should     be_nil
+    flash[:error ].should_not be_nil
+  end
+  
+  it 'does not activate user with blank key' do
+    get :activate, :activation_code => ''
+    flash[:notice].should     be_nil
+    flash[:error ].should_not be_nil
+  end
+  
+  it 'does not activate user with bogus key' do
+    get :activate, :activation_code => 'i_haxxor_joo'
+    flash[:notice].should     be_nil
+    flash[:error ].should_not be_nil
+  end<% end %>
+  
+  def create_<%= file_name %>(options = {})
+    post :create, :<%= file_name %> => { :login => 'quire', :email => 'quire@example.com',
+      :password => 'quire69', :password_confirmation => 'quire69' }.merge(options)
+  end
+end
+
+describe <%= model_controller_class_name %>Controller do
+  describe "route generation" do
+    it "should route <%= model_controller_controller_name %>'s 'index' action correctly" do
+      route_for(:controller => '<%= model_controller_controller_name %>', :action => 'index').should == "/<%= model_controller_routing_path %>"
+    end
+    
+    it "should route <%= model_controller_controller_name %>'s 'new' action correctly" do
+      route_for(:controller => '<%= model_controller_controller_name %>', :action => 'new').should == "/signup"
+    end
+    
+    it "should route {:controller => '<%= model_controller_controller_name %>', :action => 'create'} correctly" do
+      route_for(:controller => '<%= model_controller_controller_name %>', :action => 'create').should == "/register"
+    end
+    
+    it "should route <%= model_controller_controller_name %>'s 'show' action correctly" do
+      route_for(:controller => '<%= model_controller_controller_name %>', :action => 'show', :id => '1').should == "/<%= model_controller_routing_path %>/1"
+    end
+    
+    it "should route <%= model_controller_controller_name %>'s 'edit' action correctly" do
+      route_for(:controller => '<%= model_controller_controller_name %>', :action => 'edit', :id => '1').should == "/<%= model_controller_routing_path %>/1/edit"
+    end
+    
+    it "should route <%= model_controller_controller_name %>'s 'update' action correctly" do
+      route_for(:controller => '<%= model_controller_controller_name %>', :action => 'update', :id => '1').should == { :path => "/<%= model_controller_routing_path %>/1", :method => :put }
+    end
+    
+    it "should route <%= model_controller_controller_name %>'s 'destroy' action correctly" do
+      route_for(:controller => '<%= model_controller_controller_name %>', :action => 'destroy', :id => '1').should == { :path => "/<%= model_controller_routing_path %>/1", :method => :delete }
+    end
+  end
+  
+  describe "route recognition" do
+    it "should generate params for <%= model_controller_controller_name %>'s index action from GET /<%= model_controller_routing_path %>" do
+      params_from(:get, '/<%= model_controller_routing_path %>').should == {:controller => '<%= model_controller_controller_name %>', :action => 'index'}
+      params_from(:get, '/<%= model_controller_routing_path %>.xml').should == {:controller => '<%= model_controller_controller_name %>', :action => 'index', :format => 'xml'}
+      params_from(:get, '/<%= model_controller_routing_path %>.json').should == {:controller => '<%= model_controller_controller_name %>', :action => 'index', :format => 'json'}
+    end
+    
+    it "should generate params for <%= model_controller_controller_name %>'s new action from GET /<%= model_controller_routing_path %>" do
+      params_from(:get, '/<%= model_controller_routing_path %>/new').should == {:controller => '<%= model_controller_controller_name %>', :action => 'new'}
+      params_from(:get, '/<%= model_controller_routing_path %>/new.xml').should == {:controller => '<%= model_controller_controller_name %>', :action => 'new', :format => 'xml'}
+      params_from(:get, '/<%= model_controller_routing_path %>/new.json').should == {:controller => '<%= model_controller_controller_name %>', :action => 'new', :format => 'json'}
+    end
+    
+    it "should generate params for <%= model_controller_controller_name %>'s create action from POST /<%= model_controller_routing_path %>" do
+      params_from(:post, '/<%= model_controller_routing_path %>').should == {:controller => '<%= model_controller_controller_name %>', :action => 'create'}
+      params_from(:post, '/<%= model_controller_routing_path %>.xml').should == {:controller => '<%= model_controller_controller_name %>', :action => 'create', :format => 'xml'}
+      params_from(:post, '/<%= model_controller_routing_path %>.json').should == {:controller => '<%= model_controller_controller_name %>', :action => 'create', :format => 'json'}
+    end
+    
+    it "should generate params for <%= model_controller_controller_name %>'s show action from GET /<%= model_controller_routing_path %>/1" do
+      params_from(:get , '/<%= model_controller_routing_path %>/1').should == {:controller => '<%= model_controller_controller_name %>', :action => 'show', :id => '1'}
+      params_from(:get , '/<%= model_controller_routing_path %>/1.xml').should == {:controller => '<%= model_controller_controller_name %>', :action => 'show', :id => '1', :format => 'xml'}
+      params_from(:get , '/<%= model_controller_routing_path %>/1.json').should == {:controller => '<%= model_controller_controller_name %>', :action => 'show', :id => '1', :format => 'json'}
+    end
+    
+    it "should generate params for <%= model_controller_controller_name %>'s edit action from GET /<%= model_controller_routing_path %>/1/edit" do
+      params_from(:get , '/<%= model_controller_routing_path %>/1/edit').should == {:controller => '<%= model_controller_controller_name %>', :action => 'edit', :id => '1'}
+    end
+    
+    it "should generate params {:controller => '<%= model_controller_controller_name %>', :action => update', :id => '1'} from PUT /<%= model_controller_routing_path %>/1" do
+      params_from(:put , '/<%= model_controller_routing_path %>/1').should == {:controller => '<%= model_controller_controller_name %>', :action => 'update', :id => '1'}
+      params_from(:put , '/<%= model_controller_routing_path %>/1.xml').should == {:controller => '<%= model_controller_controller_name %>', :action => 'update', :id => '1', :format => 'xml'}
+      params_from(:put , '/<%= model_controller_routing_path %>/1.json').should == {:controller => '<%= model_controller_controller_name %>', :action => 'update', :id => '1', :format => 'json'}
+    end
+    
+    it "should generate params for <%= model_controller_controller_name %>'s destroy action from DELETE /<%= model_controller_routing_path %>/1" do
+      params_from(:delete, '/<%= model_controller_routing_path %>/1').should == {:controller => '<%= model_controller_controller_name %>', :action => 'destroy', :id => '1'}
+      params_from(:delete, '/<%= model_controller_routing_path %>/1.xml').should == {:controller => '<%= model_controller_controller_name %>', :action => 'destroy', :id => '1', :format => 'xml'}
+      params_from(:delete, '/<%= model_controller_routing_path %>/1.json').should == {:controller => '<%= model_controller_controller_name %>', :action => 'destroy', :id => '1', :format => 'json'}
+    end
+  end
+  
+  describe "named routing" do
+    before(:each) do
+      get :new
+    end
+    
+    it "should route <%= model_controller_routing_name %>_path() to /<%= model_controller_routing_path %>" do
+      <%= model_controller_routing_name %>_path().should == "/<%= model_controller_routing_path %>"
+      <%= model_controller_routing_name %>_path(:format => 'xml').should == "/<%= model_controller_routing_path %>.xml"
+      <%= model_controller_routing_name %>_path(:format => 'json').should == "/<%= model_controller_routing_path %>.json"
+    end
+    
+    it "should route new_<%= model_controller_routing_name.singularize %>_path() to /<%= model_controller_routing_path %>/new" do
+      new_<%= model_controller_routing_name.singularize %>_path().should == "/<%= model_controller_routing_path %>/new"
+      new_<%= model_controller_routing_name.singularize %>_path(:format => 'xml').should == "/<%= model_controller_routing_path %>/new.xml"
+      new_<%= model_controller_routing_name.singularize %>_path(:format => 'json').should == "/<%= model_controller_routing_path %>/new.json"
+    end
+    
+    it "should route <%= model_controller_routing_name.singularize %>_(:id => '1') to /<%= model_controller_routing_path %>/1" do
+      <%= model_controller_routing_name.singularize %>_path(:id => '1').should == "/<%= model_controller_routing_path %>/1"
+      <%= model_controller_routing_name.singularize %>_path(:id => '1', :format => 'xml').should == "/<%= model_controller_routing_path %>/1.xml"
+      <%= model_controller_routing_name.singularize %>_path(:id => '1', :format => 'json').should == "/<%= model_controller_routing_path %>/1.json"
+    end
+    
+    it "should route edit_<%= model_controller_routing_name.singularize %>_path(:id => '1') to /<%= model_controller_routing_path %>/1/edit" do
+      edit_<%= model_controller_routing_name.singularize %>_path(:id => '1').should == "/<%= model_controller_routing_path %>/1/edit"
+    end
+  end
+  
+end