tournament 1.1.0 → 2.0.0

data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/stories/steps/ra_response_steps.rb

@@ -0,0 +1,171 @@
+#
+# What you should see when you get there
+#
+
+steps_for(:ra_response) do  
+  #
+  # Destinations.  Ex:
+  #   She should be at the new kids page
+  #   Tarkin should be at the destroy alderaan page 
+  #   The visitor should be at the '/lolcats/download' form
+  #   The visitor should be redirected to '/hi/mom'
+  #
+  # It doesn't know anything about actual routes -- it just 
+  # feeds its output to render_template or redirect_to
+  #
+  Then "$actor should be at $path" do |_, path|
+    response.should render_template(grok_path(path))
+  end
+
+  Then "$actor should be redirected to $path" do |_, path|
+    response.should redirect_to(grok_path(path))
+  end  
+
+  Then "the page should look AWESOME" do
+    response.should have_tag('head>title')
+    response.should have_tag('h1')
+    # response.should be_valid_xhtml
+  end
+  
+  #
+  # Tags 
+  #
+  
+  Then "the page should contain '$text'" do |_, text|
+    response.should have_text(/#{text}/)
+  end
+  
+  # please note: this enforces the use of a <label> field
+  Then "$actor should see a <$container> containing a $attributes" do |_, container, attributes|
+    attributes = attributes.to_hash_from_story
+    response.should have_tag(container) do
+      attributes.each do |tag, label|
+        case tag
+        when "textfield" then with_tag "input[type='text']";     with_tag("label", label)
+        when "password"  then with_tag "input[type='password']"; with_tag("label", label)
+        when "submit"    then with_tag "input[type='submit'][value='#{label}']"
+        else with_tag tag, label
+        end
+      end
+    end
+  end
+
+  #
+  # Session, cookie variables
+  #
+  Then "$actor $token cookie should include $attrlist" do |_, token, attrlist|
+    attrlist = attrlist.to_array_from_story
+    cookies.include?(token).should be_true
+    attrlist.each do |val|
+      cookies[token].include?(val).should be_true
+    end
+  end
+  
+  Then "$actor $token cookie should exist but not include $attrlist" do |_, token, attrlist|
+    attrlist = attrlist.to_array_from_story
+    cookies.include?(token).should be_true
+    puts [cookies, attrlist, token].to_yaml
+    attrlist.each do |val|
+      cookies[token].include?(val).should_not be_true
+    end
+  end
+
+  Then "$actor should have $an $token cookie" do |_, _, token|
+    cookies[token].should_not be_blank
+  end
+  Then "$actor should not have $an $token cookie" do |_, _, token|
+    cookies[token].should be_blank
+  end
+
+  Given "$actor has $an cookie jar with $attributes" do |_, _, attributes|
+    attributes = attributes.to_hash_from_story
+    attributes.each do |attr, val|
+      cookies[attr] = val
+    end
+  end
+  Given "$actor session store has no $attrlist" do |_, attrlist|
+    attrlist = attrlist.to_array_from_story
+    attrlist.each do |attr|
+      # Note that the comparison passes through 'to_s'
+      session[attr.to_sym] = nil
+    end
+  end
+  
+  Then "$actor session store should have $attributes" do |_, attributes|
+    attributes = attributes.to_hash_from_story
+    attributes.each do |attr, val|
+      # Note that the comparison passes through 'to_s'
+      session[attr.to_sym].to_s.should eql(val)
+    end
+  end
+  
+  Then "$actor session store should not have $attrlist" do |_, attrlist|
+    attrlist = attrlist.to_array_from_story
+    attrlist.each do |attr|
+      session[attr.to_sym].blank?.should be_true
+    end
+  end
+
+  #
+  # Flash messages
+  #
+  
+  Then "$actor should see $an $notice message '$message'" do |_, _, notice, message|
+    response.should have_flash(notice, %r{#{message}})
+  end
+  
+  Then "$actor should not see $an $notice message '$message'" do |_, _, notice, message|
+    response.should_not have_flash(notice, %r{#{message}})
+  end
+  
+  Then "$actor should see no messages" do |_|
+    ['error', 'warning', 'notice'].each do |notice|
+      response.should_not have_flash(notice)
+    end
+  end
+
+  RE_POLITENESS = /(?:please|sorry|thank(?:s| you))/i
+  Then %r{we should be polite about it} do 
+    response.should have_tag("div.error,div.notice", RE_POLITENESS)
+  end
+  Then %r{we should not even be polite about it} do 
+    response.should_not have_tag("div.error,div.notice", RE_POLITENESS)
+  end
+  
+  #
+  # Resource's attributes
+  # 
+  # "Then page should have the $resource's $attributes" is in resource_steps
+  
+  # helpful debug step
+  Then "we dump the response" do
+    dump_response
+  end  
+end
+
+
+def have_flash notice, *args
+  have_tag("div.#{notice}", *args)
+end
+
+RE_PRETTY_RESOURCE = /the (index|show|new|create|edit|update|destroy) (\w+) (page|form)/i
+RE_THE_FOO_PAGE    = /the '?([^']*)'? (page|form)/i
+RE_QUOTED_PATH     = /^'([^']*)'$/i
+def grok_path path
+  path.gsub(/\s+again$/,'') # strip trailing ' again'
+  case
+  when path == 'the home page'    then dest = '/'
+  when path =~ RE_PRETTY_RESOURCE then dest = template_for $1, $2
+  when path =~ RE_THE_FOO_PAGE    then dest = $1
+  when path =~ RE_QUOTED_PATH     then dest = $1
+  else                                 dest = path
+  end
+  dest
+end
+
+# turns 'new', 'road bikes' into 'road_bikes/new'
+# note that it's "action resource"
+def template_for(action, resource)
+  "#{resource.gsub(" ","_")}/#{action}"
+end
+

data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/stories/steps/user_steps.rb

@@ -0,0 +1,153 @@
+require File.dirname(__FILE__) + '/../helper'
+
+RE_<%= file_name.capitalize %>      = %r{(?:(?:the )? *(\w+) *)}
+RE_<%= file_name.capitalize %>_TYPE = %r{(?: *(\w+)? *)}
+steps_for(:<%= file_name %>) do
+
+  #
+  # Setting
+  #
+  
+  Given "an anonymous <%= file_name %>" do 
+    log_out!
+  end
+
+  Given "$an $<%= file_name %>_type <%= file_name %> with $attributes" do |_, <%= file_name %>_type, attributes|
+    create_<%= file_name %>! <%= file_name %>_type, attributes.to_hash_from_story
+  end
+  
+  Given "$an $<%= file_name %>_type <%= file_name %> named '$login'" do |_, <%= file_name %>_type, login|
+    create_<%= file_name %>! <%= file_name %>_type, named_<%= file_name %>(login)
+  end
+  
+  Given "$an $<%= file_name %>_type <%= file_name %> logged in as '$login'" do |_, <%= file_name %>_type, login|
+    create_<%= file_name %>! <%= file_name %>_type, named_<%= file_name %>(login)
+    log_in_<%= file_name %>!
+  end
+  
+  Given "$actor is logged in" do |_, login|
+    log_in_<%= file_name %>! @<%= file_name %>_params || named_<%= file_name %>(login)
+  end
+  
+  Given "there is no $<%= file_name %>_type <%= file_name %> named '$login'" do |_, login|
+    @<%= file_name %> = <%= class_name %>.find_by_login(login)
+    @<%= file_name %>.destroy! if @<%= file_name %>
+    @<%= file_name %>.should be_nil
+  end
+  
+  #
+  # Actions
+  #
+  When "$actor logs out" do 
+    log_out
+  end
+
+  When "$actor registers an account as the preloaded '$login'" do |_, login|
+    <%= file_name %> = named_<%= file_name %>(login)
+    <%= file_name %>['password_confirmation'] = <%= file_name %>['password']
+    create_<%= file_name %> <%= file_name %>
+  end
+
+  When "$actor registers an account with $attributes" do |_, attributes|
+    create_<%= file_name %> attributes.to_hash_from_story
+  end
+<% if options[:include_activation] %>  
+  When "$actor activates with activation code $attributes" do |_, activation_code|
+    activation_code = '' if activation_code == 'that is blank'
+    activate 
+  end<% end %>  
+
+  When "$actor logs in with $attributes" do |_, attributes|
+    log_in_<%= file_name %> attributes.to_hash_from_story
+  end
+  
+  #
+  # Result
+  #
+  Then "$actor should be invited to sign in" do |_|
+    response.should render_template('/<%= controller_file_path %>/new')
+  end
+  
+  Then "$actor should not be logged in" do |_|
+    controller.logged_in?.should_not be_true
+  end
+    
+  Then "$login should be logged in" do |login|
+    controller.logged_in?.should be_true
+    controller.current_<%= file_name %>.should === @<%= file_name %>
+    controller.current_<%= file_name %>.login.should == login
+  end
+    
+end
+
+def named_<%= file_name %> login
+  <%= file_name %>_params = {
+    'admin'   => {'id' => 1, 'login' => 'addie', 'password' => '1234addie', 'email' => 'admin@example.com',       },
+    'oona'    => {          'login' => 'oona',   'password' => '1234oona',  'email' => 'unactivated@example.com'},
+    'reggie'  => {          'login' => 'reggie', 'password' => 'monkey',    'email' => 'registered@example.com' },
+    }
+  <%= file_name %>_params[login.downcase]
+end
+
+#
+# <%= class_name %> account actions.
+#
+# The ! methods are 'just get the job done'.  It's true, they do some testing of
+# their own -- thus un-DRY'ing tests that do and should live in the <%= file_name %> account
+# stories -- but the repetition is ultimately important so that a faulty test setup
+# fails early.  
+#
+
+def log_out 
+  get '/<%= controller_file_path %>/destroy'
+end
+
+def log_out!
+  log_out
+  response.should redirect_to('/')
+  follow_redirect!
+end
+
+def create_<%= file_name %>(<%= file_name %>_params={})
+  @<%= file_name %>_params       ||= <%= file_name %>_params
+  post "/<%= model_controller_file_path %>", :<%= file_name %> => <%= file_name %>_params
+  @<%= file_name %> = <%= class_name %>.find_by_login(<%= file_name %>_params['login'])
+end
+
+def create_<%= file_name %>!(<%= file_name %>_type, <%= file_name %>_params)
+  <%= file_name %>_params['password_confirmation'] ||= <%= file_name %>_params['password'] ||= <%= file_name %>_params['password']
+  create_<%= file_name %> <%= file_name %>_params
+  response.should redirect_to('/')
+  follow_redirect!
+<% if options[:include_activation] %> 
+  # fix the <%= file_name %>'s activation status
+  activate_<%= file_name %>! if <%= file_name %>_type == 'activated'<% end %>
+end
+
+<% if options[:include_activation] %> 
+def activate_<%= file_name %> activation_code=nil
+  activation_code = @<%= file_name %>.activation_code if activation_code.nil?
+  get "/activate/#{activation_code}"
+end
+
+def activate_<%= file_name %>! *args
+  activate_<%= file_name %> *args
+  response.should redirect_to('/login')
+  follow_redirect!
+  response.should have_flash("notice", /Signup complete!/)
+end<% end %>
+
+def log_in_<%= file_name %> <%= file_name %>_params=nil
+  @<%= file_name %>_params ||= <%= file_name %>_params
+  <%= file_name %>_params  ||= @<%= file_name %>_params
+  post "/<%= controller_routing_path %>", <%= file_name %>_params
+  @<%= file_name %> = <%= class_name %>.find_by_login(<%= file_name %>_params['login'])
+  controller.current_<%= file_name %>
+end
+
+def log_in_<%= file_name %>! *args
+  log_in_<%= file_name %> *args
+  response.should redirect_to('/')
+  follow_redirect!
+  response.should have_flash("notice", /Logged in successfully/)
+end

data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/stories/users/accounts.story

@@ -0,0 +1,186 @@
+Visitors should be in control of creating an account and of proving their
+essential humanity/accountability or whatever it is people think the
+id-validation does.  We should be fairly skeptical about this process, as the
+identity+trust chain starts here.
+
+Story: Creating an account
+  As an anonymous <%= file_name %>
+  I want to be able to create an account
+  So that I can be one of the cool kids
+
+  #
+  # Account Creation: Get entry form
+  #
+  Scenario: Anonymous <%= file_name %> can start creating an account
+    Given an anonymous <%= file_name %>
+    When  she goes to /signup
+    Then  she should be at the '<%= model_controller_routing_path %>/new' page
+     And  the page should look AWESOME
+     And  she should see a <form> containing a textfield: Login, textfield: Email, password: Password, password: 'Confirm Password', submit: 'Sign up'
+
+  #
+  # Account Creation
+  #
+  Scenario: Anonymous <%= file_name %> can create an account
+    Given an anonymous <%= file_name %>
+     And  no <%= file_name %> with login: 'Oona' exists
+    When  she registers an account as the preloaded 'Oona'
+    Then  she should be redirected to the home page
+    When  she follows that redirect!
+    Then  she should see a notice message 'Thanks for signing up!'
+     And  a <%= file_name %> with login: 'oona' should exist
+     And  the <%= file_name %> should have login: 'oona', and email: 'unactivated@example.com'
+<% if options[:include_activation] %>
+     And  the <%= file_name %>'s activation_code should not be nil
+     And  the <%= file_name %>'s activated_at    should     be nil
+     And  she should not be logged in
+<% else %>
+     And  oona should be logged in
+<% end %>
+
+  #
+  # Account Creation Failure: Account exists
+  #
+<% if options[:include_activation] %>
+  Scenario: Anonymous <%= file_name %> can not create an account replacing a non-activated account
+    Given an anonymous <%= file_name %>
+     And  a registered <%= file_name %> named 'Reggie'
+     And  the <%= file_name %> has activation_code: 'activate_me', activated_at: nil! 
+     And  we try hard to remember the <%= file_name %>'s updated_at, and created_at
+    When  she registers an account with login: 'reggie', password: 'monkey', and email: 'different@example.com'
+    Then  she should be at the '<%= model_controller_routing_path %>/new' page
+     And  she should     see an errorExplanation message 'Login has already been taken'
+     And  she should not see an errorExplanation message 'Email has already been taken'
+     And  a <%= file_name %> with login: 'reggie' should exist
+     And  the <%= file_name %> should have email: 'registered@example.com'
+     And  the <%= file_name %>'s activation_code should not be nil
+     And  the <%= file_name %>'s activated_at    should     be nil
+     And  the <%= file_name %>'s created_at should stay the same under to_s
+     And  the <%= file_name %>'s updated_at should stay the same under to_s
+     And  she should not be logged in<% end %>
+     
+  Scenario: Anonymous <%= file_name %> can not create an account replacing an activated account
+    Given an anonymous <%= file_name %>
+     And  an activated <%= file_name %> named 'Reggie'
+     And  we try hard to remember the <%= file_name %>'s updated_at, and created_at
+    When  she registers an account with login: 'reggie', password: 'monkey', and email: 'reggie@example.com'
+    Then  she should be at the '<%= model_controller_routing_path %>/new' page
+     And  she should     see an errorExplanation message 'Login has already been taken'
+     And  she should not see an errorExplanation message 'Email has already been taken'
+     And  a <%= file_name %> with login: 'reggie' should exist
+     And  the <%= file_name %> should have email: 'registered@example.com'
+<% if options[:include_activation] %>
+     And  the <%= file_name %>'s activation_code should     be nil
+     And  the <%= file_name %>'s activated_at    should not be nil<% end %>
+     And  the <%= file_name %>'s created_at should stay the same under to_s
+     And  the <%= file_name %>'s updated_at should stay the same under to_s
+     And  she should not be logged in
+
+  #
+  # Account Creation Failure: Incomplete input
+  #
+  Scenario: Anonymous <%= file_name %> can not create an account with incomplete or incorrect input
+    Given an anonymous <%= file_name %>
+     And  no <%= file_name %> with login: 'Oona' exists
+    When  she registers an account with login: '',     password: 'monkey', password_confirmation: 'monkey' and email: 'unactivated@example.com'
+    Then  she should be at the '<%= model_controller_routing_path %>/new' page
+     And  she should     see an errorExplanation message 'Login can't be blank'
+     And  no <%= file_name %> with login: 'oona' should exist
+     
+  Scenario: Anonymous <%= file_name %> can not create an account with no password
+    Given an anonymous <%= file_name %>
+     And  no <%= file_name %> with login: 'Oona' exists
+    When  she registers an account with login: 'oona', password: '',       password_confirmation: 'monkey' and email: 'unactivated@example.com'
+    Then  she should be at the '<%= model_controller_routing_path %>/new' page
+     And  she should     see an errorExplanation message 'Password can't be blank'
+     And  no <%= file_name %> with login: 'oona' should exist
+     
+  Scenario: Anonymous <%= file_name %> can not create an account with no password_confirmation
+    Given an anonymous <%= file_name %>
+     And  no <%= file_name %> with login: 'Oona' exists
+    When  she registers an account with login: 'oona', password: 'monkey', password_confirmation: ''       and email: 'unactivated@example.com'
+    Then  she should be at the '<%= model_controller_routing_path %>/new' page
+     And  she should     see an errorExplanation message 'Password confirmation can't be blank'
+     And  no <%= file_name %> with login: 'oona' should exist
+     
+  Scenario: Anonymous <%= file_name %> can not create an account with mismatched password & password_confirmation
+    Given an anonymous <%= file_name %>
+     And  no <%= file_name %> with login: 'Oona' exists
+    When  she registers an account with login: 'oona', password: 'monkey', password_confirmation: 'monkeY' and email: 'unactivated@example.com'
+    Then  she should be at the '<%= model_controller_routing_path %>/new' page
+     And  she should     see an errorExplanation message 'Password doesn't match confirmation'
+     And  no <%= file_name %> with login: 'oona' should exist
+     
+  Scenario: Anonymous <%= file_name %> can not create an account with bad email
+    Given an anonymous <%= file_name %>
+     And  no <%= file_name %> with login: 'Oona' exists
+    When  she registers an account with login: 'oona', password: 'monkey', password_confirmation: 'monkey' and email: ''
+    Then  she should be at the '<%= model_controller_routing_path %>/new' page
+     And  she should     see an errorExplanation message 'Email can't be blank'
+     And  no <%= file_name %> with login: 'oona' should exist
+    When  she registers an account with login: 'oona', password: 'monkey', password_confirmation: 'monkey' and email: 'unactivated@example.com'
+    Then  she should be redirected to the home page
+    When  she follows that redirect!
+    Then  she should see a notice message 'Thanks for signing up!'
+     And  a <%= file_name %> with login: 'oona' should exist
+     And  the <%= file_name %> should have login: 'oona', and email: 'unactivated@example.com'
+<% if options[:include_activation] %>
+     And  the <%= file_name %>'s activation_code should not be nil
+     And  the <%= file_name %>'s activated_at    should     be nil
+     And  she should not be logged in
+<% else %>
+     And  oona should be logged in
+<% end %>
+     
+<% if options[:include_activation] %>
+Story: Activating an account
+  As a registered, but not yet activated, <%= file_name %>
+  I want to be able to activate my account
+  So that I can log in to the site
+
+  #
+  # Successful activation
+  #
+  Scenario: Not-yet-activated <%= file_name %> can activate her account
+    Given a registered <%= file_name %> named 'Reggie'
+     And  the <%= file_name %> has activation_code: 'activate_me', activated_at: nil! 
+     And  we try hard to remember the <%= file_name %>'s updated_at, and created_at
+    When  she goes to /activate/activate_me
+    Then  she should be redirected to 'login'
+    When  she follows that redirect!
+    Then  she should see a notice message 'Signup complete!'
+     And  a <%= file_name %> with login: 'reggie' should exist
+     And  the <%= file_name %> should have login: 'reggie', and email: 'registered@example.com'
+     And  the <%= file_name %>'s activation_code should     be nil
+     And  the <%= file_name %>'s activated_at    should not be nil
+     And  she should not be logged in
+
+  #
+  # Unsuccessful activation
+  #
+  Scenario: Not-yet-activated <%= file_name %> can't activate her account with a blank activation code
+    Given a registered <%= file_name %> named 'Reggie'
+     And  the <%= file_name %> has activation_code: 'activate_me', activated_at: nil! 
+     And  we try hard to remember the <%= file_name %>'s updated_at, and created_at
+    When  she goes to /activate/
+    Then  she should be redirected to the home page
+    When  she follows that redirect!
+    Then  she should see an error  message 'activation code was missing'
+     And  a <%= file_name %> with login: 'reggie' should exist
+     And  the <%= file_name %> should have login: 'reggie', activation_code: 'activate_me', and activated_at: nil!
+     And  the <%= file_name %>'s updated_at should stay the same under to_s
+     And  she should not be logged in
+  
+  Scenario: Not-yet-activated <%= file_name %> can't activate her account with a bogus activation code
+    Given a registered <%= file_name %> named 'Reggie'
+     And  the <%= file_name %> has activation_code: 'activate_me', activated_at: nil! 
+     And  we try hard to remember the <%= file_name %>'s updated_at, and created_at
+    When  she goes to /activate/i_haxxor_joo
+    Then  she should be redirected to the home page
+    When  she follows that redirect!
+    Then  she should see an error  message 'couldn\'t find a <%= file_name %> with that activation code'
+     And  a <%= file_name %> with login: 'reggie' should exist
+     And  the <%= file_name %> should have login: 'reggie', activation_code: 'activate_me', and activated_at: nil!
+     And  the <%= file_name %>'s updated_at should stay the same under to_s
+     And  she should not be logged in
+<% end %>

data/webgui/vendor/plugins/restful_authentication/generators/authenticated/templates/stories/users/sessions.story

@@ -0,0 +1,134 @@
+Users want to know that nobody can masquerade as them.  We want to extend trust
+only to visitors who present the appropriate credentials.  Everyone wants this
+identity verification to be as secure and convenient as possible.
+
+Story: Logging in
+  As an anonymous <%= file_name %> with an account
+  I want to log in to my account
+  So that I can be myself
+
+  #
+  # Log in: get form
+  #
+  Scenario: Anonymous <%= file_name %> can get a login form.
+    Given an anonymous <%= file_name %>
+    When  she goes to /login
+    Then  she should be at the new <%= controller_file_name %> page
+     And  the page should look AWESOME
+     And  she should see a <form> containing a textfield: Login, password: Password, and submit: 'Log in'
+  
+  #
+  # Log in successfully, but don't remember me
+  #
+  Scenario: Anonymous <%= file_name %> can log in
+    Given an anonymous <%= file_name %>
+     And  an activated <%= file_name %> named 'reggie'
+    When  she creates a singular <%= controller_file_name %> with login: 'reggie', password: 'monkey', remember me: ''
+    Then  she should be redirected to the home page
+    When  she follows that redirect!
+    Then  she should see a notice message 'Logged in successfully'
+     And  reggie should be logged in
+     And  she should not have an auth_token cookie
+   
+  Scenario: Logged-in <%= file_name %> who logs in should be the new one
+    Given an activated <%= file_name %> named 'reggie'
+     And  an activated <%= file_name %> logged in as 'oona'
+    When  she creates a singular <%= controller_file_name %> with login: 'reggie', password: 'monkey', remember me: ''
+    Then  she should be redirected to the home page
+    When  she follows that redirect!
+    Then  she should see a notice message 'Logged in successfully'
+     And  reggie should be logged in
+     And  she should not have an auth_token cookie
+  
+  #
+  # Log in successfully, remember me
+  #
+  Scenario: Anonymous <%= file_name %> can log in and be remembered
+    Given an anonymous <%= file_name %>
+     And  an activated <%= file_name %> named 'reggie'
+    When  she creates a singular <%= controller_file_name %> with login: 'reggie', password: 'monkey', remember me: '1'
+    Then  she should be redirected to the home page
+    When  she follows that redirect!
+    Then  she should see a notice message 'Logged in successfully'
+     And  reggie should be logged in
+     And  she should have an auth_token cookie
+	      # assumes fixtures were run sometime
+     And  her session store should have <%= file_name %>_id: 4
+   
+  #
+  # Log in unsuccessfully
+  #
+  
+  Scenario: Logged-in <%= file_name %> who fails logs in should be logged out
+    Given an activated <%= file_name %> named 'oona'
+    When  she creates a singular <%= controller_file_name %> with login: 'oona', password: '1234oona', remember me: '1'
+    Then  she should be redirected to the home page
+    When  she follows that redirect!
+    Then  she should see a notice message 'Logged in successfully'
+     And  oona should be logged in
+     And  she should have an auth_token cookie
+    When  she creates a singular <%= controller_file_name %> with login: 'reggie', password: 'i_haxxor_joo'
+    Then  she should be at the new <%= controller_file_name %> page
+    Then  she should see an error message 'Couldn't log you in as 'reggie''
+     And  she should not be logged in
+     And  she should not have an auth_token cookie
+     And  her session store should not have <%= file_name %>_id
+  
+  Scenario: Log-in with bogus info should fail until it doesn't
+    Given an activated <%= file_name %> named 'reggie'
+    When  she creates a singular <%= controller_file_name %> with login: 'reggie', password: 'i_haxxor_joo'
+    Then  she should be at the new <%= controller_file_name %> page
+    Then  she should see an error message 'Couldn't log you in as 'reggie''
+     And  she should not be logged in
+     And  she should not have an auth_token cookie
+     And  her session store should not have <%= file_name %>_id
+    When  she creates a singular <%= controller_file_name %> with login: 'reggie', password: ''
+    Then  she should be at the new <%= controller_file_name %> page
+    Then  she should see an error message 'Couldn't log you in as 'reggie''
+     And  she should not be logged in
+     And  she should not have an auth_token cookie
+     And  her session store should not have <%= file_name %>_id
+    When  she creates a singular <%= controller_file_name %> with login: '', password: 'monkey'
+    Then  she should be at the new <%= controller_file_name %> page
+    Then  she should see an error message 'Couldn't log you in as '''
+     And  she should not be logged in
+     And  she should not have an auth_token cookie
+     And  her session store should not have <%= file_name %>_id
+    When  she creates a singular <%= controller_file_name %> with login: 'leonard_shelby', password: 'monkey'
+    Then  she should be at the new <%= controller_file_name %> page
+    Then  she should see an error message 'Couldn't log you in as 'leonard_shelby''
+     And  she should not be logged in
+     And  she should not have an auth_token cookie
+     And  her session store should not have <%= file_name %>_id
+    When  she creates a singular <%= controller_file_name %> with login: 'reggie', password: 'monkey', remember me: '1'
+    Then  she should be redirected to the home page
+    When  she follows that redirect!
+    Then  she should see a notice message 'Logged in successfully'
+     And  reggie should be logged in
+     And  she should have an auth_token cookie
+	      # assumes fixtures were run sometime
+     And  her session store should have <%= file_name %>_id: 4
+
+
+  #
+  # Log out successfully (should always succeed)
+  #
+  Scenario: Anonymous (logged out) <%= file_name %> can log out.
+    Given an anonymous <%= file_name %>
+    When  she goes to /logout
+    Then  she should be redirected to the home page
+    When  she follows that redirect!
+    Then  she should see a notice message 'You have been logged out'
+     And  she should not be logged in
+     And  she should not have an auth_token cookie
+     And  her session store should not have <%= file_name %>_id
+
+  Scenario: Logged in <%= file_name %> can log out.
+    Given an activated <%= file_name %> logged in as 'reggie'
+    When  she goes to /logout
+    Then  she should be redirected to the home page
+    When  she follows that redirect!
+    Then  she should see a notice message 'You have been logged out'
+     And  she should not be logged in
+     And  she should not have an auth_token cookie
+     And  her session store should not have <%= file_name %>_id