somatics3-generators 0.0.2

data/lib/generators/somatics/authenticated_controller/templates/authenticated_system.rb

@@ -0,0 +1,189 @@
+module <%= model_class_name %>AuthenticatedSystem
+  protected
+    # Returns true or false if the <%= file_name %> is logged in.
+    # Preloads @current_<%= file_name %> with the <%= file_name %> model if they're logged in.
+    def <%= file_name %>_logged_in?
+      !!current_<%= file_name %>
+    end
+
+    # Accesses the current <%= file_name %> from the session.
+    # Future calls avoid the database because nil is not equal to false.
+    def current_<%= file_name %>
+      @current_<%= file_name %> ||= (<%= file_name %>_login_from_session || <%= file_name %>_login_from_basic_auth || <%= file_name %>_login_from_cookie) unless @current_<%= file_name %> == false
+    end
+
+    # Store the given <%= file_name %> id in the session.
+    def current_<%= file_name %>=(new_<%= file_name %>)
+      session[:<%= file_name %>_id] = new_<%= file_name %> ? new_<%= file_name %>.id : nil
+      @current_<%= file_name %> = new_<%= file_name %> || false
+    end
+
+    # Check if the <%= file_name %> is authorized
+    #
+    # Override this method in your controllers if you want to restrict access
+    # to only a few actions or if you want to check if the <%= file_name %>
+    # has the correct rights.
+    #
+    # Example:
+    #
+    #  # only allow nonbobs
+    #  def authorized?
+    #    current_<%= file_name %>.login != "bob"
+    #  end
+    #
+    def <%= file_name %>_authorized?(action = action_name, resource = nil)
+      <%= file_name %>_logged_in?
+    end
+
+    # Filter method to enforce a login requirement.
+    #
+    # To require logins for all actions, use this in your controllers:
+    #
+    #   before_filter :login_required
+    #
+    # To require logins for specific actions, use this in your controllers:
+    #
+    #   before_filter :login_required, :only => [ :edit, :update ]
+    #
+    # To skip this in a subclassed controller:
+    #
+    #   skip_before_filter :login_required
+    #
+    def <%= file_name %>_login_required
+      <%= file_name %>_authorized? || <%= file_name %>_access_denied
+    end
+
+    # Redirect as appropriate when an access request fails.
+    #
+    # The default action is to redirect to the login screen.
+    #
+    # Override this method in your controllers if you want to have special
+    # behavior in case the <%= file_name %> is not authorized
+    # to access the requested action.  For example, a popup window might
+    # simply close itself.
+    def <%= file_name %>_access_denied
+      respond_to do |format|
+        format.html do
+          store_location
+          redirect_to <%= controller_routing_name %>_login_path
+        end
+        # format.any doesn't work in rails version < http://dev.rubyonrails.org/changeset/8987
+        # Add any other API formats here.  (Some browsers, notably IE6, send Accept: */* and trigger 
+        # the 'format.any' block incorrectly. See http://bit.ly/ie6_borken or http://bit.ly/ie6_borken2
+        # for a workaround.)
+        format.any(:json, :xml) do
+          request_http_basic_authentication 'Web Password'
+        end
+      end
+    end
+
+    # Store the URI of the current request in the session.
+    #
+    # We can return to this location by calling #redirect_back_or_default.
+    def store_location
+      session[:return_to] = request.request_uri
+    end
+
+    # Redirect to the URI stored by the most recent store_location call or
+    # to the passed default.  Set an appropriately modified
+    #   after_filter :store_location, :only => [:index, :new, :show, :edit]
+    # for any controller you want to be bounce-backable.
+    def redirect_back_or_default(default)
+      redirect_to(session[:return_to] || default)
+      session[:return_to] = nil
+    end
+
+    # Inclusion hook to make #current_<%= file_name %> and #logged_in?
+    # available as ActionView helper methods.
+    def self.included(base)
+      base.send :helper_method, :current_<%= file_name %>, :<%= file_name %>_logged_in?, :<%= file_name %>_authorized? if base.respond_to? :helper_method
+    end
+
+    #
+    # Login
+    #
+
+    # Called from #current_<%= file_name %>.  First attempt to login by the <%= file_name %> id stored in the session.
+    def <%= file_name %>_login_from_session
+      self.current_<%= file_name %> = <%= model_class_name %>.find_by_id(session[:<%= file_name %>_id]) if session[:<%= file_name %>_id]
+    end
+
+    # Called from #current_<%= file_name %>.  Now, attempt to login by basic authentication information.
+    def <%= file_name %>_login_from_basic_auth
+      authenticate_with_http_basic do |login, password|
+        self.current_<%= file_name %> = <%= model_class_name %>.authenticate(login, password)
+      end
+    end
+    
+    #
+    # Logout
+    #
+
+    # Called from #current_<%= file_name %>.  Finaly, attempt to login by an expiring token in the cookie.
+    # for the paranoid: we _should_ be storing <%= file_name %>_token = hash(cookie_token, request IP)
+    def <%= file_name %>_login_from_cookie
+      <%= file_name %> = cookies[:auth_token] && <%= model_class_name %>.find_by_remember_token(cookies[:auth_token])
+      if <%= file_name %> && <%= file_name %>.remember_token?
+        self.current_<%= file_name %> = <%= file_name %>
+        <%= file_name %>_handle_remember_cookie! false # freshen cookie token (keeping date)
+        self.current_<%= file_name %>
+      end
+    end
+
+    # This is ususally what you want; resetting the session willy-nilly wreaks
+    # havoc with forgery protection, and is only strictly necessary on login.
+    # However, **all session state variables should be unset here**.
+    def <%= file_name %>_logout_keeping_session!
+      # Kill server-side auth cookie
+      @current_<%= file_name %>.forget_me if @current_<%= file_name %>.is_a? <%= model_class_name %>
+      @current_<%= file_name %> = false     # not logged in, and don't do it for me
+      <%= file_name %>_kill_remember_cookie!     # Kill client-side auth cookie
+      session[:<%= file_name %>_id] = nil   # keeps the session but kill our variable
+      # explicitly kill any other session variables you set
+    end
+
+    # The session should only be reset at the tail end of a form POST --
+    # otherwise the request forgery protection fails. It's only really necessary
+    # when you cross quarantine (logged-out to logged-in).
+    def <%= file_name %>_logout_killing_session!
+      <%= file_name %>_logout_keeping_session!
+      reset_session
+    end
+    
+    #
+    # Remember_me Tokens
+    #
+    # Cookies shouldn't be allowed to persist past their freshness date,
+    # and they should be changed at each login
+
+    # Cookies shouldn't be allowed to persist past their freshness date,
+    # and they should be changed at each login
+
+    def <%= file_name %>_valid_remember_cookie?
+      return nil unless @current_<%= file_name %>
+      (@current_<%= file_name %>.remember_token?) && 
+        (cookies[:auth_token] == @current_<%= file_name %>.remember_token)
+    end
+    
+    # Refresh the cookie auth token if it exists, create it otherwise
+    def <%= file_name %>_handle_remember_cookie!(new_cookie_flag)
+      return unless @current_<%= file_name %>
+      case
+      when <%= file_name %>_valid_remember_cookie? then @current_<%= file_name %>.refresh_token # keeping same expiry date
+      when new_cookie_flag        then @current_<%= file_name %>.remember_me 
+      else                             @current_<%= file_name %>.forget_me
+      end
+      <%= file_name %>_send_remember_cookie!
+    end
+  
+    def <%= file_name %>_kill_remember_cookie!
+      cookies.delete :auth_token
+    end
+    
+    def <%= file_name %>_send_remember_cookie!
+      cookies[:auth_token] = {
+        :value   => @current_<%= file_name %>.remember_token,
+        :expires => @current_<%= file_name %>.remember_token_expires_at }
+    end
+
+end

data/lib/generators/somatics/authenticated_controller/templates/authenticated_test_helper.rb

@@ -0,0 +1,10 @@
+module <%= model_class_name %>AuthenticatedTestHelper 
+  # Sets the current <%= file_name %> in the session from the <%= file_name %> fixtures.
+  def login_as(<%= file_name %>)
+    @request.session[:<%= file_name %>_id] = <%= file_name %> ? (<%= file_name %>.is_a?(<%= file_name.camelize %>) ? <%= file_name %>.id : <%= table_name %>(<%= file_name %>).id) : nil
+  end
+
+  def authorize_as(<%= file_name %>)
+    @request.env["HTTP_AUTHORIZATION"] = <%= file_name %> ? ActionController::HttpAuthentication::Basic.encode_credentials(<%= table_name %>(<%= file_name %>).login, 'monkey') : nil
+  end
+end

data/lib/generators/somatics/authenticated_controller/templates/config/initializers/site_keys.rb

@@ -0,0 +1,38 @@
+
+# A Site key gives additional protection against a dictionary attack if your
+# DB is ever compromised.  With no site key, we store
+#   DB_password = hash(user_password, DB_user_salt)
+# If your database were to be compromised you'd be vulnerable to a dictionary
+# attack on all your stupid users' passwords.  With a site key, we store
+#   DB_password = hash(user_password, DB_user_salt, Code_site_key)
+# That means an attacker needs access to both your site's code *and* its
+# database to mount an "offline dictionary attack.":http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/web-authentication.html
+# 
+# It's probably of minor importance, but recommended by best practices: 'defense
+# in depth'.  Needless to say, if you upload this to github or the youtubes or
+# otherwise place it in public view you'll kinda defeat the point.  Your users'
+# passwords are still secure, and the world won't end, but defense_in_depth -= 1.
+# 
+# Please note: if you change this, all the passwords will be invalidated, so DO
+# keep it someplace secure.  Use the random value given or type in the lyrics to
+# your favorite Jay-Z song or something; any moderately long, unpredictable text.
+REST_AUTH_SITE_KEY         = '<%= $rest_auth_site_key_from_generator %>'
+  
+# Repeated applications of the hash make brute force (even with a compromised
+# database and site key) harder, and scale with Moore's law.
+#
+#   bq. "To squeeze the most security out of a limited-entropy password or
+#   passphrase, we can use two techniques [salting and stretching]... that are
+#   so simple and obvious that they should be used in every password system.
+#   There is really no excuse not to use them." http://tinyurl.com/37lb73
+#   Practical Security (Ferguson & Scheier) p350
+# 
+# A modest 10 foldings (the default here) adds 3ms.  This makes brute forcing 10
+# times harder, while reducing an app that otherwise serves 100 reqs/s to 78 signin
+# reqs/s, an app that does 10reqs/s to 9.7 reqs/s
+# 
+# More:
+# * http://www.owasp.org/index.php/Hashing_Java
+# * "An Illustrated Guide to Cryptographic Hashes":http://www.unixwiz.net/techtips/iguide-crypto-hashes.html
+
+REST_AUTH_DIGEST_STRETCHES = <%= $rest_auth_digest_stretches_from_generator %>

data/lib/generators/somatics/authenticated_controller/templates/controller.rb

@@ -0,0 +1,55 @@
+class <%= controller_plural_name.camelize %>Controller < ApplicationController
+  # Be sure to include AuthenticationSystem in Application Controller instead
+  include <%= model_class_name %>AuthenticatedSystem
+  
+  skip_before_filter :<%= file_name %>_login_required
+
+  def new
+    @<%= file_name %> = <%= model_class_name %>.new
+  end
+
+  def create
+    <%= file_name %>_logout_keeping_session!
+    @<%= file_name %> = <%= model_class_name %>.new(params[:<%= file_name %>])
+<% if options[:stateful] -%>
+    @<%= file_name %>.register! if @<%= file_name %> && @<%= file_name %>.valid?
+    success = @<%= file_name %> && @<%= file_name %>.valid?
+<% else -%>
+    success = @<%= file_name %> && @<%= file_name %>.save
+<% end -%>
+    if success && @<%= file_name %>.errors.empty?
+<% if !options[:include_activation] -%>
+      # Protects against session fixation attacks, causes request forgery
+      # protection if visitor resubmits an earlier form using back
+      # button. Uncomment if you understand the tradeoffs.
+      # reset session
+      self.current_<%= file_name %> = @<%= file_name %> # !! now logged in
+<% end -%>
+      redirect_back_or_default('/')
+      flash[:notice] = "Thanks for signing up!  We're sending you an email with your activation code."
+    else
+      flash[:error]  = "We couldn't set up that account, sorry.  Please try again, or contact an admin (link is above)."
+      render :action => 'new'
+    end
+  end
+
+<% if options[:include_activation] -%>
+  def activate
+    <%= file_name %>_logout_keeping_session!
+    <%= file_name %> = <%= model_class_name %>.find_by_activation_code(params[:activation_code]) unless params[:activation_code].blank?
+    case
+      when (!params[:activation_code].blank?) && <%= file_name %> && !<%= file_name %>.active?
+        <%= file_name %>.activate!
+        flash[:notice] = "Signup complete! Please sign in to continue."
+        redirect_to "/#{controller_plural_name}/login"
+      when params[:activation_code].blank?
+        flash[:error] = "The activation code was missing.  Please follow the URL from your email."
+        redirect_back_or_default('/')
+      else 
+        flash[:error]  = "We couldn't find a <%= file_name %> with that activation code -- check your email? Or maybe you've already activated -- try signing in."
+        redirect_back_or_default('/')
+      end
+    end
+  end
+<% end -%>
+end

data/lib/generators/somatics/authenticated_controller/templates/helper.rb

@@ -0,0 +1,91 @@
+module <%= controller_class_name %>Helper
+  #
+  # Use this to wrap view elements that the user can't access.
+  # !! Note: this is an *interface*, not *security* feature !!
+  # You need to do all access control at the controller level.
+  #
+  # Example:
+  # <%%= if_authorized?(:index,   User)  do link_to('List all users', users_path) end %> |
+  # <%%= if_authorized?(:edit,    @user) do link_to('Edit this user', edit_user_path) end %> |
+  # <%%= if_authorized?(:destroy, @user) do link_to 'Destroy', @user, :confirm => 'Are you sure?', :method => :delete end %> 
+  #
+  #
+  def if_authorized?(action, resource, &block)
+    if authorized?(action, resource)
+      yield action, resource
+    end
+  end
+
+  #
+  # Link to user's page ('<%= table_name %>/1')
+  #
+  # By default, their login is used as link text and link title (tooltip)
+  #
+  # Takes options
+  # * :content_text => 'Content text in place of <%= file_name %>.login', escaped with
+  #   the standard h() function.
+  # * :content_method => :<%= file_name %>_instance_method_to_call_for_content_text
+  # * :title_method => :<%= file_name %>_instance_method_to_call_for_title_attribute
+  # * as well as link_to()'s standard options
+  #
+  # Examples:
+  #   link_to_<%= file_name %> @<%= file_name %>
+  #   # => <a href="/<%= table_name %>/3" title="barmy">barmy</a>
+  #
+  #   # if you've added a .name attribute:
+  #  content_tag :span, :class => :vcard do
+  #    (link_to_<%= file_name %> <%= file_name %>, :class => 'fn n', :title_method => :login, :content_method => :name) +
+  #          ': ' + (content_tag :span, <%= file_name %>.email, :class => 'email')
+  #   end
+  #   # => <span class="vcard"><a href="/<%= table_name %>/3" title="barmy" class="fn n">Cyril Fotheringay-Phipps</a>: <span class="email">barmy@blandings.com</span></span>
+  #
+  #   link_to_<%= file_name %> @<%= file_name %>, :content_text => 'Your user page'
+  #   # => <a href="/<%= table_name %>/3" title="barmy" class="nickname">Your user page</a>
+  #
+  def link_to_<%= file_name %>(<%= file_name %>, options={})
+    raise "Invalid <%= file_name %>" unless <%= file_name %>
+    options.reverse_merge! :content_method => :login, :title_method => :login, :class => :nickname
+    content_text      = options.delete(:content_text)
+    content_text    ||= <%= file_name %>.send(options.delete(:content_method))
+    options[:title] ||= <%= file_name %>.send(options.delete(:title_method))
+    link_to h(content_text), <%= controller_routing_name.singularize %>_path(<%= file_name %>), options
+  end
+
+  #
+  # Link to login page using remote ip address as link content
+  #
+  # The :title (and thus, tooltip) is set to the IP address 
+  #
+  # Examples:
+  #   link_to_login_with_IP
+  #   # => <a href="/login" title="169.69.69.69">169.69.69.69</a>
+  #
+  #   link_to_login_with_IP :content_text => 'not signed in'
+  #   # => <a href="/login" title="169.69.69.69">not signed in</a>
+  #
+  def link_to_login_with_IP content_text=nil, options={}
+    ip_addr           = request.remote_ip
+    content_text    ||= ip_addr
+    options.reverse_merge! :title => ip_addr
+    if tag = options.delete(:tag)
+      content_tag tag, h(content_text), options
+    else
+      link_to h(content_text), login_path, options
+    end
+  end
+
+  #
+  # Link to the current user's page (using link_to_<%= file_name %>) or to the login page
+  # (using link_to_login_with_IP).
+  #
+  def link_to_current_<%= file_name %>(options={})
+    if current_<%= file_name %>
+      link_to_<%= file_name %> current_<%= file_name %>, options
+    else
+      content_text = options.delete(:content_text) || 'not signed in'
+      # kill ignored options from link_to_<%= file_name %>
+      [:content_method, :title_method].each{|opt| options.delete(opt)} 
+      link_to_login_with_IP content_text, options
+    end
+  end
+end

data/lib/generators/somatics/authenticated_controller/templates/login.html.erb

@@ -0,0 +1,29 @@
+<%% form_tag <%= sessions_controller_routing_name %>_path, :id => 'login-form' do %>
+<p><%%= flash[:error] %></p>
+<table>
+  <tbody>
+    <tr>
+      <td align="right"><b><%%= <%= model_class_name %>.human_attribute_name(:login) %></b></td>
+      <td align="left"><%%= text_field_tag 'login', @login %></td>
+    </tr>
+    <tr>
+      <td align="right"><b><%%= <%= model_class_name %>.human_attribute_name(:password) %></b></td>
+      <td align="left"><%%= password_field_tag 'password', nil %></td>
+    </tr>
+    <!-- Uncomment this if you want this functionality
+    <tr>
+      <td align="right"><%%#= label_tag 'remember_me', 'Remember me' %></td>
+      <td align="left"><%%#= check_box_tag 'remember_me', '1', @remember_me %></td>
+    </tr>
+    -->
+    <tr>
+      <td align="right"></td>
+      <td align="left"></td>
+    </tr>
+    <tr>
+      <td align="left"></td>
+      <td align="right"><%%= submit_tag t('Log_in') %></td>
+    </tr>    
+  </tbody>
+</table>
+<%% end %>

data/lib/generators/somatics/authenticated_controller/templates/mailer.rb

@@ -0,0 +1,25 @@
+class <%= class_name %>Mailer < ActionMailer::Base
+  def signup_notification(<%= file_name %>)
+    setup_email(<%= file_name %>)
+    @subject    += 'Please activate your new account'
+  <% if options[:include_activation] %>
+    @body[:url]  = "http://YOURSITE/activate/#{<%= file_name %>.activation_code}"
+  <% else %>
+    @body[:url]  = "http://YOURSITE/login/" <% end %>
+  end
+  
+  def activation(<%= file_name %>)
+    setup_email(<%= file_name %>)
+    @subject    += 'Your account has been activated!'
+    @body[:url]  = "http://YOURSITE/"
+  end
+  
+  protected
+    def setup_email(<%= file_name %>)
+      @recipients  = "#{<%= file_name %>.email}"
+      @from        = "ADMINEMAIL"
+      @subject     = "[YOURSITE] "
+      @sent_on     = Time.now
+      @body[:<%= file_name %>] = <%= file_name %>
+    end
+end

data/lib/generators/somatics/authenticated_controller/templates/migration.rb

@@ -0,0 +1,26 @@
+class <%= migration_name %> < ActiveRecord::Migration
+  def self.up
+    create_table "<%= table_name %>", :force => true do |t|
+      t.column :login,                     :string, :limit => 40
+      t.column :name,                      :string, :limit => 100, :default => '', :null => true
+      t.column :email,                     :string, :limit => 100
+      t.column :crypted_password,          :string, :limit => 40
+      t.column :salt,                      :string, :limit => 40
+      t.column :created_at,                :datetime
+      t.column :updated_at,                :datetime
+      t.column :remember_token,            :string, :limit => 40
+      t.column :remember_token_expires_at, :datetime
+<% if options[:include_activation] -%>
+      t.column :activation_code,           :string, :limit => 40
+      t.column :activated_at,              :datetime<% end %>
+<% for attribute in attributes -%>
+      t.<%= attribute.type %> :<%= attribute.name %>
+<% end -%>
+    end
+    add_index :<%= table_name %>, :login, :unique => true
+  end
+
+  def self.down
+    drop_table "<%= table_name %>"
+  end
+end

data/lib/generators/somatics/authenticated_controller/templates/model.rb

@@ -0,0 +1,83 @@
+require 'digest/sha1'
+
+class <%= class_name %> < ActiveRecord::Base
+  include Authentication
+  include Authentication::ByPassword
+  include Authentication::ByCookieToken
+<% if options[:aasm] -%>
+  include Authorization::AasmRoles
+<% elsif options[:stateful] -%>
+  include Authorization::StatefulRoles<% end %>
+  validates_presence_of     :login
+  validates_length_of       :login,    :within => 3..40
+  validates_uniqueness_of   :login
+  validates_format_of       :login,    :with => Authentication.login_regex, :message => Authentication.bad_login_message
+
+  validates_format_of       :name,     :with => Authentication.name_regex,  :message => Authentication.bad_name_message, :allow_nil => true
+  validates_length_of       :name,     :maximum => 100
+
+  validates_presence_of     :email
+  validates_length_of       :email,    :within => 6..100 #r@a.wk
+  validates_uniqueness_of   :email
+  validates_format_of       :email,    :with => Authentication.email_regex, :message => Authentication.bad_email_message
+
+  <% if options[:include_activation] && !options[:stateful] %>before_create :make_activation_code <% end %>
+
+  # HACK HACK HACK -- how to do attr_accessible from here?
+  # prevents a user from submitting a crafted form that bypasses activation
+  # anything else you want your user to change should be added here.
+  attr_accessible :login, :email, :name, :password, :password_confirmation
+
+<% if options[:include_activation] && !options[:stateful] %>
+  # Activates the user in the database.
+  def activate!
+    @activated = true
+    self.activated_at = Time.now.utc
+    self.activation_code = nil
+    save(false)
+  end
+
+  # Returns true if the user has just been activated.
+  def recently_activated?
+    @activated
+  end
+
+  def active?
+    # the existence of an activation code means they have not activated yet
+    activation_code.nil?
+  end<% end %>
+
+  # Authenticates a user by their login name and unencrypted password.  Returns the user or nil.
+  #
+  # uff.  this is really an authorization, not authentication routine.  
+  # We really need a Dispatch Chain here or something.
+  # This will also let us return a human error message.
+  #
+  def self.authenticate(login, password)
+    return nil if login.blank? || password.blank?
+    u = <% if    options[:stateful]           %>find_in_state :first, :active, :conditions => {:login => login.downcase}<%
+           elsif options[:include_activation] %>find :first, :conditions => ['login = ? and activated_at IS NOT NULL', login]<%
+           else %>find_by_login(login.downcase)<% end %> # need to get the salt
+    u && u.authenticated?(password) ? u : nil
+  end
+
+  def login=(value)
+    write_attribute :login, (value ? value.downcase : nil)
+  end
+
+  def email=(value)
+    write_attribute :email, (value ? value.downcase : nil)
+  end
+
+  protected
+    
+<% if options[:include_activation] -%>
+    def make_activation_code
+  <% if options[:stateful] -%>
+      self.deleted_at = nil
+  <% end -%>
+      self.activation_code = self.class.make_token
+    end
+<% end %>
+
+end

data/lib/generators/somatics/authenticated_controller/templates/observer.rb

@@ -0,0 +1,11 @@
+class <%= class_name %>Observer < ActiveRecord::Observer
+  def after_create(<%= file_name %>)
+    <%= class_name %>Mailer.deliver_signup_notification(<%= file_name %>)
+  end
+
+  def after_save(<%= file_name %>)
+  <% if options[:include_activation] %>
+    <%= class_name %>Mailer.deliver_activation(<%= file_name %>) if <%= file_name %>.recently_activated?
+  <% end %>
+  end
+end

data/lib/generators/somatics/authenticated_controller/templates/session_helper.rb

@@ -0,0 +1,2 @@
+module <%= sessions_controller_class_name %>Helper
+end

data/lib/generators/somatics/authenticated_controller/templates/sessions_controller.rb

@@ -0,0 +1,43 @@
+# This controller handles the login/logout function of the site.  
+class <%= sessions_controller_class_name %>Controller < <%= options[:admin_authenticated] ? "Admin::AdminController" : "ApplicationController" %>
+  # Be sure to include AuthenticationSystem in Application Controller instead
+  include <%= model_class_name %>AuthenticatedSystem
+  skip_before_filter :<%= file_name %>_login_required
+  # render new.rhtml
+  def new
+  end
+
+  def create
+    <%= file_name %>_logout_keeping_session!
+    <%= file_name %> = <%= model_class_name %>.authenticate(params[:login], params[:password])
+    if <%= file_name %>
+      # Protects against session fixation attacks, causes request forgery
+      # protection if user resubmits an earlier form using back
+      # button. Uncomment if you understand the tradeoffs.
+      # reset_session
+      self.current_<%= file_name %> = <%= file_name %>
+      new_cookie_flag = (params[:remember_me] == "1")
+      <%= file_name %>_handle_remember_cookie! new_cookie_flag
+      redirect_back_or_default('/')
+      flash[:notice] = "Logged in successfully"
+    else
+      note_failed_signin
+      @login       = params[:login]
+      @remember_me = params[:remember_me]
+      redirect_to :action => 'new'
+    end
+  end
+
+  def destroy
+    <%= file_name %>_logout_killing_session!
+    flash[:notice] = "You have been logged out."
+    redirect_back_or_default('/')
+  end
+
+protected
+  # Track failed login attempts
+  def note_failed_signin
+    flash[:error] = "Couldn't log you in as '#{params[:login]}'"
+    logger.warn "Failed login for '#{params[:login]}' from #{request.remote_ip} at #{Time.now.utc}"
+  end
+end

data/lib/generators/somatics/authenticated_controller/templates/signup.html.erb

@@ -0,0 +1,19 @@
+<h1>Sign up as a new user</h1>
+<%% @<%= file_name %>.password = @<%= file_name %>.password_confirmation = nil %>
+
+<%% form_for :<%= file_name %>, :url => <%= file_name %>_register_path do |f| -%>
+<%%= f.error_messages %>
+<p><%%= label_tag 'login' %><br/>
+<%%= f.text_field :login %></p>
+
+<p><%%= label_tag 'email' %><br/>
+<%%= f.text_field :email %></p>
+
+<p><%%= label_tag 'password' %><br/>
+<%%= f.password_field :password %></p>
+
+<p><%%= label_tag 'password_confirmation', 'Confirm Password' %><br/>
+<%%= f.password_field :password_confirmation %></p>
+
+<p><%%= submit_tag 'Sign up' %></p>
+<%% end -%>

data/lib/generators/somatics/authenticated_controller/templates/signup_notification.erb

@@ -0,0 +1,8 @@
+Your account has been created.
+
+  Username: <%%=h @<%= file_name %>.login %>
+  Password: <%%=h @<%= file_name %>.password %>
+
+Visit this url to activate your account:
+
+  <%%=h @url %>