From 8b96de49e2924f3f92459238778f0fbf093cbcb2 Mon Sep 17 00:00:00 2001
From: Gavin Joyce <gavinjoyce@gmail.com>
Date: Sat, 13 Dec 2008 11:15:38 +0000
Subject: [PATCH] deleted and re-generated the restful_authentication
 framework. I've removed the user signup process as it isn't currently needed.

---
 app/controllers/application.rb                |   2 +-
 app/controllers/sessions_controller.rb        |   3 +-
 app/controllers/users_controller.rb           |  73 -------
 app/helpers/users_helper.rb                   |  73 -------
 app/models/user.rb                            |   7 +-
 app/models/user_mailer.rb                     |  24 ---
 app/models/user_observer.rb                   |  11 -
 app/views/layouts/application.html.erb        |   7 -
 app/views/user_mailer/activation.erb          |   3 -
 app/views/user_mailer/signup_notification.erb |   8 -
 app/views/users/_user_bar.html.erb            |   8 -
 app/views/users/new.html.erb                  |  19 --
 config/environment.rb                         |   5 +-
 config/initializers/site_keys.rb              |   3 +-
 config/routes.rb                              |   8 +-
 ...sers.rb => 20081213105754_create_users.rb} |   6 +-
 public/stylesheets/main.css                   |   4 -
 spec/controllers/sessions_controller_spec.rb  |   1 +
 spec/controllers/users_controller_spec.rb     | 196 ------------------
 spec/fixtures/users.yml                       |  15 +-
 spec/helpers/users_helper_spec.rb             | 119 -----------
 spec/models/user_spec.rb                      |  65 +-----
 stories/steps/user_steps.rb                   |  19 +-
 stories/users/accounts.story                  |  77 +------
 24 files changed, 20 insertions(+), 736 deletions(-)
 delete mode 100644 app/controllers/users_controller.rb
 delete mode 100644 app/models/user_mailer.rb
 delete mode 100644 app/models/user_observer.rb
 delete mode 100644 app/views/user_mailer/activation.erb
 delete mode 100644 app/views/user_mailer/signup_notification.erb
 delete mode 100644 app/views/users/_user_bar.html.erb
 delete mode 100644 app/views/users/new.html.erb
 rename db/migrate/{20081210104519_create_users.rb => 20081213105754_create_users.rb} (75%)
 delete mode 100644 spec/controllers/users_controller_spec.rb

diff --git a/app/controllers/application.rb b/app/controllers/application.rb
index f1db903..9755554 100644
--- a/app/controllers/application.rb
+++ b/app/controllers/application.rb
@@ -2,8 +2,8 @@
 # Likewise, all the methods added will be available for all controllers.
 
 class ApplicationController < ActionController::Base
-  include AuthenticatedSystem
   helper :all # include all helpers, all the time
+	include AuthenticatedSystem
 
   # See ActionController::RequestForgeryProtection for details
   # Uncomment the :secret if you're not using the cookie session store
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 44065c4..7b55954 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -1,5 +1,6 @@
 # This controller handles the login/logout function of the site.  
 class SessionsController < ApplicationController
+  # Be sure to include AuthenticationSystem in Application Controller instead
 
   # render new.rhtml
   def new
@@ -17,7 +18,7 @@ def create
       new_cookie_flag = (params[:remember_me] == "1")
       handle_remember_cookie! new_cookie_flag
       redirect_back_or_default('/')
-      flash[:success] = "Welcome back #{h(user.login)}"
+      flash[:notice] = "Logged in successfully"
     else
       note_failed_signin
       @login       = params[:login]
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
deleted file mode 100644
index 34a3494..0000000
--- a/app/controllers/users_controller.rb
+++ /dev/null
@@ -1,73 +0,0 @@
-class UsersController < ApplicationController
-	  
-  # Protect these actions behind an admin login
-  # before_filter :admin_required, :only => [:suspend, :unsuspend, :destroy, :purge]
-  before_filter :find_user, :only => [:suspend, :unsuspend, :destroy, :purge]
-  
-
-  # render new.rhtml
-  def new
-    @user = User.new
-  end
- 
-  def create
-    logout_keeping_session!
-    @user = User.new(params[:user])
-    @user.register! if @user && @user.valid?
-    success = @user && @user.valid?
-    if success && @user.errors.empty?
-      redirect_back_or_default('/')
-      flash[:notice] = "Thanks for signing up!  We're sending you an email with your activation code."
-    else
-      flash[:error]  = "We couldn't set up that account, sorry.  Please try again, or contact an admin (link is above)."
-      render :action => 'new'
-    end
-  end
-
-  def activate
-    logout_keeping_session!
-    user = User.find_by_activation_code(params[:activation_code]) unless params[:activation_code].blank?
-    case
-    when (!params[:activation_code].blank?) && user && !user.active?
-      user.activate!
-			self.current_user = user
-      flash[:notice] = "That's it! Welcome aboard."
-      redirect_to '/' #TODO: GJ: redirect to user page when we have added it
-    when params[:activation_code].blank?
-      flash[:error] = "The activation code was missing.  Please follow the URL from your email."
-      redirect_back_or_default('/')
-    else 
-      flash[:error]  = "We couldn't find a user with that activation code -- check your email? Or maybe you've already activated -- try signing in."
-      redirect_back_or_default('/')
-    end
-  end
-
-  def suspend
-    @user.suspend! 
-    redirect_to users_path
-  end
-
-  def unsuspend
-    @user.unsuspend! 
-    redirect_to users_path
-  end
-
-  def destroy
-    @user.delete!
-    redirect_to users_path
-  end
-
-  def purge
-    @user.destroy
-    redirect_to users_path
-  end
-  
-  # There's no page here to update or destroy a user.  If you add those, be
-  # smart -- make sure you check that the visitor is authorized to do so, that they
-  # supply their old password along with a new one to update it, etc.
-
-protected
-  def find_user
-    @user = User.find(params[:id])
-  end
-end
diff --git a/app/helpers/users_helper.rb b/app/helpers/users_helper.rb
index 281e0a4..9000ace 100644
--- a/app/helpers/users_helper.rb
+++ b/app/helpers/users_helper.rb
@@ -17,77 +17,4 @@ def if_authorized?(action, resource, &block)
     end
   end
 
-  #
-  # Link to user's page ('users/1')
-  #
-  # By default, their login is used as link text and link title (tooltip)
-  #
-  # Takes options
-  # * :content_text => 'Content text in place of user.login', escaped with
-  #   the standard h() function.
-  # * :content_method => :user_instance_method_to_call_for_content_text
-  # * :title_method => :user_instance_method_to_call_for_title_attribute
-  # * as well as link_to()'s standard options
-  #
-  # Examples:
-  #   link_to_user @user
-  #   # => <a href="/users/3" title="barmy">barmy</a>
-  #
-  #   # if you've added a .name attribute:
-  #  content_tag :span, :class => :vcard do
-  #    (link_to_user user, :class => 'fn n', :title_method => :login, :content_method => :name) +
-  #          ': ' + (content_tag :span, user.email, :class => 'email')
-  #   end
-  #   # => <span class="vcard"><a href="/users/3" title="barmy" class="fn n">Cyril Fotheringay-Phipps</a>: <span class="email">barmy@blandings.com</span></span>
-  #
-  #   link_to_user @user, :content_text => 'Your user page'
-  #   # => <a href="/users/3" title="barmy" class="nickname">Your user page</a>
-  #
-  def link_to_user(user, options={})
-    raise "Invalid user" unless user
-    options.reverse_merge! :content_method => :login, :title_method => :login, :class => :nickname
-    content_text      = options.delete(:content_text)
-    content_text    ||= user.send(options.delete(:content_method))
-    options[:title] ||= user.send(options.delete(:title_method))
-    link_to h(content_text), user_path(user), options
-  end
-
-  #
-  # Link to login page using remote ip address as link content
-  #
-  # The :title (and thus, tooltip) is set to the IP address 
-  #
-  # Examples:
-  #   link_to_login_with_IP
-  #   # => <a href="/login" title="169.69.69.69">169.69.69.69</a>
-  #
-  #   link_to_login_with_IP :content_text => 'not signed in'
-  #   # => <a href="/login" title="169.69.69.69">not signed in</a>
-  #
-  def link_to_login_with_IP content_text=nil, options={}
-    ip_addr           = request.remote_ip
-    content_text    ||= ip_addr
-    options.reverse_merge! :title => ip_addr
-    if tag = options.delete(:tag)
-      content_tag tag, h(content_text), options
-    else
-      link_to h(content_text), login_path, options
-    end
-  end
-
-  #
-  # Link to the current user's page (using link_to_user) or to the login page
-  # (using link_to_login_with_IP).
-  #
-  def link_to_current_user(options={})
-    if current_user
-      link_to_user current_user, options
-    else
-      content_text = options.delete(:content_text) || 'not signed in'
-      # kill ignored options from link_to_user
-      [:content_method, :title_method].each{|opt| options.delete(opt)} 
-      link_to_login_with_IP content_text, options
-    end
-  end
-
 end
diff --git a/app/models/user.rb b/app/models/user.rb
index 69a0366..42f98d7 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -4,7 +4,6 @@ class User < ActiveRecord::Base
   include Authentication
   include Authentication::ByPassword
   include Authentication::ByCookieToken
-  include Authorization::AasmRoles
 
   validates_presence_of     :login
   validates_length_of       :login,    :within => 3..40
@@ -36,7 +35,7 @@ class User < ActiveRecord::Base
   #
   def self.authenticate(login, password)
     return nil if login.blank? || password.blank?
-    u = find_in_state :first, :active, :conditions => {:login => login} # need to get the salt
+    u = find_by_login(login) # need to get the salt
     u && u.authenticated?(password) ? u : nil
   end
 
@@ -50,10 +49,6 @@ def email=(value)
 
   protected
     
-    def make_activation_code
-        self.deleted_at = nil
-        self.activation_code = self.class.make_token
-    end
 
 
 end
diff --git a/app/models/user_mailer.rb b/app/models/user_mailer.rb
deleted file mode 100644
index b105a43..0000000
--- a/app/models/user_mailer.rb
+++ /dev/null
@@ -1,24 +0,0 @@
-class UserMailer < ActionMailer::Base
-  def signup_notification(user)
-    setup_email(user)
-    @subject    += 'Please activate your new account'
-  
-    @body[:url]  = "http://YOURSITE/activate/#{user.activation_code}"
-  
-  end
-  
-  def activation(user)
-    setup_email(user)
-    @subject    += 'Your account has been activated!'
-    @body[:url]  = "http://YOURSITE/"
-  end
-  
-  protected
-    def setup_email(user)
-      @recipients  = "#{user.email}"
-      @from        = "ADMINEMAIL"
-      @subject     = "[YOURSITE] "
-      @sent_on     = Time.now
-      @body[:user] = user
-    end
-end
diff --git a/app/models/user_observer.rb b/app/models/user_observer.rb
deleted file mode 100644
index 03616f8..0000000
--- a/app/models/user_observer.rb
+++ /dev/null
@@ -1,11 +0,0 @@
-class UserObserver < ActiveRecord::Observer
-  def after_create(user)
-    UserMailer.deliver_signup_notification(user)
-  end
-
-  def after_save(user)
-  
-    UserMailer.deliver_activation(user) if user.recently_activated?
-  
-  end
-end
diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb
index a57e07a..889896d 100644
--- a/app/views/layouts/application.html.erb
+++ b/app/views/layouts/application.html.erb
@@ -10,13 +10,6 @@
 		<div id="container">
 			<div id="header">
 				<h1><%= link_to 'RubyJobs', :root %></h1>
-				<p>
-					<% if logged_in? %>
-						Hi <%= current_user.login %> <%= link_to 'logout', :logout %>
-					<% else %>
-						<%= link_to 'login', :login %> / <%= link_to 'signup', :signup %>
-					<% end %>
-				</p>
 			</div>
 			<div id="navigation">
 				<ul>
diff --git a/app/views/user_mailer/activation.erb b/app/views/user_mailer/activation.erb
deleted file mode 100644
index e5c0a6e..0000000
--- a/app/views/user_mailer/activation.erb
+++ /dev/null
@@ -1,3 +0,0 @@
-<%=h @user.login %>, your account has been activated.  Welcome aboard!
-
-  <%=h @url %>
diff --git a/app/views/user_mailer/signup_notification.erb b/app/views/user_mailer/signup_notification.erb
deleted file mode 100644
index 0cfaa86..0000000
--- a/app/views/user_mailer/signup_notification.erb
+++ /dev/null
@@ -1,8 +0,0 @@
-Your account has been created.
-
-  Username: <%=h @user.login %>
-  Password: <%=h @user.password %>
-
-Visit this url to activate your account:
-
-  <%=h @url %>
diff --git a/app/views/users/_user_bar.html.erb b/app/views/users/_user_bar.html.erb
deleted file mode 100644
index 0c53629..0000000
--- a/app/views/users/_user_bar.html.erb
+++ /dev/null
@@ -1,8 +0,0 @@
-<% if logged_in? -%>
-  <div id="user-bar-greeting">Logged in as <%= link_to_current_user :content_method => :login %></div>
-  <div id="user-bar-action"  >(<%= link_to "Log out", logout_path, { :title => "Log out" }    %>)</div>
-<% else -%>
-  <div id="user-bar-greeting"><%= link_to_login_with_IP 'Not logged in', :style => 'border: none;' %></div>
-  <div id="user-bar-action"  ><%= link_to "Log in",  login_path,  { :title => "Log in" } %> /
-                               <%= link_to "Sign up", signup_path, { :title => "Create an account" } %></div>
-<% end -%>
diff --git a/app/views/users/new.html.erb b/app/views/users/new.html.erb
deleted file mode 100644
index 2ab927e..0000000
--- a/app/views/users/new.html.erb
+++ /dev/null
@@ -1,19 +0,0 @@
-<h1>Sign up as a new user</h1>
-<% @user.password = @user.password_confirmation = nil %>
-
-<%= error_messages_for :user %>
-<% form_for :user, :url => users_path do |f| -%>
-<p><%= label_tag 'login' %><br/>
-<%= f.text_field :login %></p>
-
-<p><%= label_tag 'email' %><br/>
-<%= f.text_field :email %></p>
-
-<p><%= label_tag 'password' %><br/>
-<%= f.password_field :password %></p>
-
-<p><%= label_tag 'password_confirmation', 'Confirm Password' %><br/>
-<%= f.password_field :password_confirmation %></p>
-
-<p><%= submit_tag 'Sign up' %></p>
-<% end -%>
diff --git a/config/environment.rb b/config/environment.rb
index ceabffe..430a459 100644
--- a/config/environment.rb
+++ b/config/environment.rb
@@ -11,10 +11,7 @@
 require File.join(File.dirname(__FILE__), 'boot')
 
 Rails::Initializer.run do |config|
-		
-	config.gem "rubyist-aasm", :source => "http://gems.github.com", :lib => 'aasm'
-
-	config.active_record.observers = :user_observer
+	
   config.time_zone = 'UTC'
 
   config.action_controller.session = {
diff --git a/config/initializers/site_keys.rb b/config/initializers/site_keys.rb
index c492ae9..200e9d1 100644
--- a/config/initializers/site_keys.rb
+++ b/config/initializers/site_keys.rb
@@ -1,4 +1,3 @@
-#NOTE: GJ: I'll remove this file and change key once we are close to deployment, but I'll leave it here for now.
 
 # A Site key gives additional protection against a dictionary attack if your
 # DB is ever compromised.  With no site key, we store
@@ -17,7 +16,7 @@
 # Please note: if you change this, all the passwords will be invalidated, so DO
 # keep it someplace secure.  Use the random value given or type in the lyrics to
 # your favorite Jay-Z song or something; any moderately long, unpredictable text.
-REST_AUTH_SITE_KEY         = 'c4693a7a8637f52082c5bf24d894b9053e7bca3d'
+REST_AUTH_SITE_KEY         = 'dbfa36bab66046775b676fcec6115ef13d5e14fc'
   
 # Repeated applications of the hash make brute force (even with a compromised
 # database and site key) harder, and scale with Moore's law.
diff --git a/config/routes.rb b/config/routes.rb
index 94ebf1d..c2cd195 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -3,10 +3,12 @@
   map.login '/login', :controller => 'sessions', :action => 'new'
   map.register '/register', :controller => 'users', :action => 'create'
   map.signup '/signup', :controller => 'users', :action => 'new'
-	map.activate '/activate/:activation_code', :controller => 'users', :action => 'activate', :activation_code => nil
-	
+  map.resources :users
+
   map.resource :session
-	map.resources :users, :member => { :suspend => :put, :unsuspend => :put, :purge => :delete }
+
+	map.activate '/activate/:activation_code', :controller => 'users', :action => 'activate', :activation_code => nil
+		map.resources :users, :member => { :suspend => :put, :unsuspend => :put, :purge => :delete }
 
   map.root :controller => "home"
 end
diff --git a/db/migrate/20081210104519_create_users.rb b/db/migrate/20081213105754_create_users.rb
similarity index 75%
rename from db/migrate/20081210104519_create_users.rb
rename to db/migrate/20081213105754_create_users.rb
index da70ef9..c1855d0 100644
--- a/db/migrate/20081210104519_create_users.rb
+++ b/db/migrate/20081213105754_create_users.rb
@@ -10,10 +10,8 @@ def self.up
       t.column :updated_at,                :datetime
       t.column :remember_token,            :string, :limit => 40
       t.column :remember_token_expires_at, :datetime
-      t.column :activation_code,           :string, :limit => 40
-      t.column :activated_at,              :datetime
-      t.column :state,                     :string, :null => :no, :default => 'passive'
-      t.column :deleted_at,                :datetime
+
+
     end
     add_index :users, :login, :unique => true
   end
diff --git a/public/stylesheets/main.css b/public/stylesheets/main.css
index aa33540..d799274 100644
--- a/public/stylesheets/main.css
+++ b/public/stylesheets/main.css
@@ -77,10 +77,6 @@ body {
 		font-size: 			2em;
 	}
 	
-	#header p {
-		float: 				right;
-	}
-	
 #navigation {
 	background-color: 		#ccc;
 	padding: 				4px;
diff --git a/spec/controllers/sessions_controller_spec.rb b/spec/controllers/sessions_controller_spec.rb
index 70cd080..ee30e53 100644
--- a/spec/controllers/sessions_controller_spec.rb
+++ b/spec/controllers/sessions_controller_spec.rb
@@ -44,6 +44,7 @@ def do_create
             it "kills existing login"        do controller.should_receive(:logout_keeping_session!); do_create; end    
             it "authorizes me"               do do_create; controller.send(:authorized?).should be_true;   end    
             it "logs me in"                  do do_create; controller.send(:logged_in?).should  be_true  end    
+            it "greets me nicely"            do do_create; response.flash[:notice].should =~ /success/i   end
             it "sets/resets/expires cookie"  do controller.should_receive(:handle_remember_cookie!).with(want_remember_me); do_create end
             it "sends a cookie"              do controller.should_receive(:send_remember_cookie!);  do_create end
             it 'redirects to the home page'  do do_create; response.should redirect_to('/')   end
diff --git a/spec/controllers/users_controller_spec.rb b/spec/controllers/users_controller_spec.rb
deleted file mode 100644
index 03982db..0000000
--- a/spec/controllers/users_controller_spec.rb
+++ /dev/null
@@ -1,196 +0,0 @@
-require File.dirname(__FILE__) + '/../spec_helper'
-  
-# Be sure to include AuthenticatedTestHelper in spec/spec_helper.rb instead
-# Then, you can remove it from this and the units test.
-include AuthenticatedTestHelper
-
-describe UsersController do
-  fixtures :users
-
-  it 'allows signup' do
-    lambda do
-      create_user
-      response.should be_redirect
-    end.should change(User, :count).by(1)
-  end
-
-  
-  it 'signs up user in pending state' do
-    create_user
-    assigns(:user).reload
-    assigns(:user).should be_pending
-  end
-
-  it 'signs up user with activation code' do
-    create_user
-    assigns(:user).reload
-    assigns(:user).activation_code.should_not be_nil
-  end
-  it 'requires login on signup' do
-    lambda do
-      create_user(:login => nil)
-      assigns[:user].errors.on(:login).should_not be_nil
-      response.should be_success
-    end.should_not change(User, :count)
-  end
-  
-  it 'requires password on signup' do
-    lambda do
-      create_user(:password => nil)
-      assigns[:user].errors.on(:password).should_not be_nil
-      response.should be_success
-    end.should_not change(User, :count)
-  end
-  
-  it 'requires password confirmation on signup' do
-    lambda do
-      create_user(:password_confirmation => nil)
-      assigns[:user].errors.on(:password_confirmation).should_not be_nil
-      response.should be_success
-    end.should_not change(User, :count)
-  end
-
-  it 'requires email on signup' do
-    lambda do
-      create_user(:email => nil)
-      assigns[:user].errors.on(:email).should_not be_nil
-      response.should be_success
-    end.should_not change(User, :count)
-  end
-  
-  
-  it 'activates user' do
-    User.authenticate('aaron', 'monkey').should be_nil
-    get :activate, :activation_code => users(:aaron).activation_code
-    response.should redirect_to('/') #TODO: GJ: this will be the user page when we've added it
-    flash[:notice].should_not be_nil
-    flash[:error ].should     be_nil
-    User.authenticate('aaron', 'monkey').should == users(:aaron)
-  end
-  
-  it 'does not activate user without key' do
-    get :activate
-    flash[:notice].should     be_nil
-    flash[:error ].should_not be_nil
-  end
-  
-  it 'does not activate user with blank key' do
-    get :activate, :activation_code => ''
-    flash[:notice].should     be_nil
-    flash[:error ].should_not be_nil
-  end
-  
-  it 'does not activate user with bogus key' do
-    get :activate, :activation_code => 'i_haxxor_joo'
-    flash[:notice].should     be_nil
-    flash[:error ].should_not be_nil
-  end
-  
-  def create_user(options = {})
-    post :create, :user => { :login => 'quire', :email => 'quire@example.com',
-      :password => 'quire69', :password_confirmation => 'quire69' }.merge(options)
-  end
-end
-
-describe UsersController do
-  describe "route generation" do
-    it "should route users's 'index' action correctly" do
-      route_for(:controller => 'users', :action => 'index').should == "/users"
-    end
-    
-    it "should route users's 'new' action correctly" do
-      route_for(:controller => 'users', :action => 'new').should == "/signup"
-    end
-    
-    it "should route {:controller => 'users', :action => 'create'} correctly" do
-      route_for(:controller => 'users', :action => 'create').should == "/register"
-    end
-    
-    it "should route users's 'show' action correctly" do
-      route_for(:controller => 'users', :action => 'show', :id => '1').should == "/users/1"
-    end
-    
-    it "should route users's 'edit' action correctly" do
-      route_for(:controller => 'users', :action => 'edit', :id => '1').should == "/users/1/edit"
-    end
-    
-    it "should route users's 'update' action correctly" do
-      route_for(:controller => 'users', :action => 'update', :id => '1').should == "/users/1"
-    end
-    
-    it "should route users's 'destroy' action correctly" do
-      route_for(:controller => 'users', :action => 'destroy', :id => '1').should == "/users/1"
-    end
-  end
-  
-  describe "route recognition" do
-    it "should generate params for users's index action from GET /users" do
-      params_from(:get, '/users').should == {:controller => 'users', :action => 'index'}
-      params_from(:get, '/users.xml').should == {:controller => 'users', :action => 'index', :format => 'xml'}
-      params_from(:get, '/users.json').should == {:controller => 'users', :action => 'index', :format => 'json'}
-    end
-    
-    it "should generate params for users's new action from GET /users" do
-      params_from(:get, '/users/new').should == {:controller => 'users', :action => 'new'}
-      params_from(:get, '/users/new.xml').should == {:controller => 'users', :action => 'new', :format => 'xml'}
-      params_from(:get, '/users/new.json').should == {:controller => 'users', :action => 'new', :format => 'json'}
-    end
-    
-    it "should generate params for users's create action from POST /users" do
-      params_from(:post, '/users').should == {:controller => 'users', :action => 'create'}
-      params_from(:post, '/users.xml').should == {:controller => 'users', :action => 'create', :format => 'xml'}
-      params_from(:post, '/users.json').should == {:controller => 'users', :action => 'create', :format => 'json'}
-    end
-    
-    it "should generate params for users's show action from GET /users/1" do
-      params_from(:get , '/users/1').should == {:controller => 'users', :action => 'show', :id => '1'}
-      params_from(:get , '/users/1.xml').should == {:controller => 'users', :action => 'show', :id => '1', :format => 'xml'}
-      params_from(:get , '/users/1.json').should == {:controller => 'users', :action => 'show', :id => '1', :format => 'json'}
-    end
-    
-    it "should generate params for users's edit action from GET /users/1/edit" do
-      params_from(:get , '/users/1/edit').should == {:controller => 'users', :action => 'edit', :id => '1'}
-    end
-    
-    it "should generate params {:controller => 'users', :action => update', :id => '1'} from PUT /users/1" do
-      params_from(:put , '/users/1').should == {:controller => 'users', :action => 'update', :id => '1'}
-      params_from(:put , '/users/1.xml').should == {:controller => 'users', :action => 'update', :id => '1', :format => 'xml'}
-      params_from(:put , '/users/1.json').should == {:controller => 'users', :action => 'update', :id => '1', :format => 'json'}
-    end
-    
-    it "should generate params for users's destroy action from DELETE /users/1" do
-      params_from(:delete, '/users/1').should == {:controller => 'users', :action => 'destroy', :id => '1'}
-      params_from(:delete, '/users/1.xml').should == {:controller => 'users', :action => 'destroy', :id => '1', :format => 'xml'}
-      params_from(:delete, '/users/1.json').should == {:controller => 'users', :action => 'destroy', :id => '1', :format => 'json'}
-    end
-  end
-  
-  describe "named routing" do
-    before(:each) do
-      get :new
-    end
-    
-    it "should route users_path() to /users" do
-      users_path().should == "/users"
-      formatted_users_path(:format => 'xml').should == "/users.xml"
-      formatted_users_path(:format => 'json').should == "/users.json"
-    end
-    
-    it "should route new_user_path() to /users/new" do
-      new_user_path().should == "/users/new"
-      formatted_new_user_path(:format => 'xml').should == "/users/new.xml"
-      formatted_new_user_path(:format => 'json').should == "/users/new.json"
-    end
-    
-    it "should route user_(:id => '1') to /users/1" do
-      user_path(:id => '1').should == "/users/1"
-      formatted_user_path(:id => '1', :format => 'xml').should == "/users/1.xml"
-      formatted_user_path(:id => '1', :format => 'json').should == "/users/1.json"
-    end
-    
-    it "should route edit_user_path(:id => '1') to /users/1/edit" do
-      edit_user_path(:id => '1').should == "/users/1/edit"
-    end
-  end
-  
-end
diff --git a/spec/fixtures/users.yml b/spec/fixtures/users.yml
index d147d29..a54d9f4 100644
--- a/spec/fixtures/users.yml
+++ b/spec/fixtures/users.yml
@@ -4,27 +4,20 @@ quentin:
   login:                     quentin
   email:                     quentin@example.com
   salt:                      356a192b7913b04c54574d18c28d46e6395428ab # SHA1('0')
-  crypted_password:          86510ad7db3163fa19f9f4dae17baf8a37f0d308 # 'monkey'
+  crypted_password:          3f76116d9adc6f75dd61906cac5d0ed610d15588 # 'monkey'
   created_at:                <%= 5.days.ago.to_s :db  %>
   remember_token_expires_at: <%= 1.days.from_now.to_s %>
   remember_token:            77de68daecd823babbb58edb1c8e14d7106e83bb
-  activation_code:           
-  activated_at:              <%= 5.days.ago.to_s :db %>
-  state:                     active
       
 aaron:
   id:                        2
   login:                     aaron
   email:                     aaron@example.com
   salt:                      da4b9237bacccdf19c0760cab7aec4a8359010b0 # SHA1('1')
-  crypted_password:          9cb1efce51d5467c621ed2546223612e8c069d7e # 'monkey'
+  crypted_password:          24afd662c12b391760a4749f190c2f34d3f22c99 # 'monkey'
   created_at:                <%= 1.days.ago.to_s :db %>
   remember_token_expires_at: 
   remember_token:            
-  activation_code:           1b6453892473a467d07372d45eb05abc2031647a
-  activated_at:              
-
-  state:                     pending
 
 
 old_password_holder:
@@ -35,8 +28,4 @@ old_password_holder:
   crypted_password:          00742970dc9e6319f8019fd54864d3ea740f04b1 # test
   created_at:                <%= 1.days.ago.to_s :db %>
 
-  activation_code:           
-  activated_at:              <%= 5.days.ago.to_s :db %>
-
 
-  state:                     active
diff --git a/spec/helpers/users_helper_spec.rb b/spec/helpers/users_helper_spec.rb
index 7becd87..5a02d43 100644
--- a/spec/helpers/users_helper_spec.rb
+++ b/spec/helpers/users_helper_spec.rb
@@ -18,124 +18,5 @@
       if_authorized?('a','r'){ 'hi' }.should be_nil
     end
   end
-  
-  describe "link_to_user" do
-    it "should give an error on a nil user" do
-      lambda { link_to_user(nil) }.should raise_error('Invalid user')
-    end
-    it "should link to the given user" do
-      should_receive(:user_path).at_least(:once).and_return('/users/1')
-      link_to_user(@user).should have_tag("a[href='/users/1']")
-    end
-    it "should use given link text if :content_text is specified" do
-      link_to_user(@user, :content_text => 'Hello there!').should have_tag("a", 'Hello there!')
-    end
-    it "should use the login as link text with no :content_method specified" do
-      link_to_user(@user).should have_tag("a", 'user_name')
-    end
-    it "should use the name as link text with :content_method => :name" do
-      link_to_user(@user, :content_method => :name).should have_tag("a", 'U. Surname')
-    end
-    it "should use the login as title with no :title_method specified" do
-      link_to_user(@user).should have_tag("a[title='user_name']")
-    end
-    it "should use the name as link title with :content_method => :name" do
-      link_to_user(@user, :title_method => :name).should have_tag("a[title='U. Surname']")
-    end
-    it "should have nickname as a class by default" do
-      link_to_user(@user).should have_tag("a.nickname")
-    end
-    it "should take other classes and no longer have the nickname class" do
-      result = link_to_user(@user, :class => 'foo bar')
-      result.should have_tag("a.foo")
-      result.should have_tag("a.bar")
-    end
-  end
-
-  describe "link_to_login_with_IP" do
-    it "should link to the login_path" do
-      link_to_login_with_IP().should have_tag("a[href='/login']")
-    end
-    it "should use given link text if :content_text is specified" do
-      link_to_login_with_IP('Hello there!').should have_tag("a", 'Hello there!')
-    end
-    it "should use the login as link text with no :content_method specified" do
-      link_to_login_with_IP().should have_tag("a", '0.0.0.0')
-    end
-    it "should use the ip address as title" do
-      link_to_login_with_IP().should have_tag("a[title='0.0.0.0']")
-    end
-    it "should by default be like school in summer and have no class" do
-      link_to_login_with_IP().should_not have_tag("a.nickname")
-    end
-    it "should have some class if you tell it to" do
-      result = link_to_login_with_IP(nil, :class => 'foo bar')
-      result.should have_tag("a.foo")
-      result.should have_tag("a.bar")
-    end
-    it "should have some class if you tell it to" do
-      result = link_to_login_with_IP(nil, :tag => 'abbr')
-      result.should have_tag("abbr[title='0.0.0.0']")
-    end
-  end
-
-  describe "link_to_current_user, When logged in" do
-    before do
-      stub!(:current_user).and_return(@user)
-    end
-    it "should link to the given user" do
-      should_receive(:user_path).at_least(:once).and_return('/users/1')
-      link_to_current_user().should have_tag("a[href='/users/1']")
-    end
-    it "should use given link text if :content_text is specified" do
-      link_to_current_user(:content_text => 'Hello there!').should have_tag("a", 'Hello there!')
-    end
-    it "should use the login as link text with no :content_method specified" do
-      link_to_current_user().should have_tag("a", 'user_name')
-    end
-    it "should use the name as link text with :content_method => :name" do
-      link_to_current_user(:content_method => :name).should have_tag("a", 'U. Surname')
-    end
-    it "should use the login as title with no :title_method specified" do
-      link_to_current_user().should have_tag("a[title='user_name']")
-    end
-    it "should use the name as link title with :content_method => :name" do
-      link_to_current_user(:title_method => :name).should have_tag("a[title='U. Surname']")
-    end
-    it "should have nickname as a class" do
-      link_to_current_user().should have_tag("a.nickname")
-    end
-    it "should take other classes and no longer have the nickname class" do
-      result = link_to_current_user(:class => 'foo bar')
-      result.should have_tag("a.foo")
-      result.should have_tag("a.bar")
-    end
-  end
-
-  describe "link_to_current_user, When logged out" do
-    before do
-      stub!(:current_user).and_return(nil)
-    end
-    it "should link to the login_path" do
-      link_to_current_user().should have_tag("a[href='/login']")
-    end
-    it "should use given link text if :content_text is specified" do
-      link_to_current_user(:content_text => 'Hello there!').should have_tag("a", 'Hello there!')
-    end
-    it "should use 'not signed in' as link text with no :content_method specified" do
-      link_to_current_user().should have_tag("a", 'not signed in')
-    end
-    it "should use the ip address as title" do
-      link_to_current_user().should have_tag("a[title='0.0.0.0']")
-    end
-    it "should by default be like school in summer and have no class" do
-      link_to_current_user().should_not have_tag("a.nickname")
-    end
-    it "should have some class if you tell it to" do
-      result = link_to_current_user(:class => 'foo bar')
-      result.should have_tag("a.foo")
-      result.should have_tag("a.bar")
-    end
-  end
 
 end
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index 298585d..8c23d16 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -20,18 +20,6 @@
     it 'increments User#count' do
       @creating_user.should change(User, :count).by(1)
     end
-
-    it 'initializes #activation_code' do
-      @creating_user.call
-      @user.reload
-      @user.activation_code.should_not be_nil
-    end
-
-    it 'starts in pending state' do
-      @creating_user.call
-      @user.reload
-      @user.should be_pending
-    end
   end
 
   #
@@ -230,61 +218,10 @@
     users(:quentin).remember_token_expires_at.between?(before, after).should be_true
   end
 
-  it 'registers passive user' do
-    user = create_user(:password => nil, :password_confirmation => nil)
-    user.should be_passive
-    user.update_attributes(:password => 'new password', :password_confirmation => 'new password')
-    user.register!
-    user.should be_pending
-  end
-
-  it 'suspends user' do
-    users(:quentin).suspend!
-    users(:quentin).should be_suspended
-  end
-
-  it 'does not authenticate suspended user' do
-    users(:quentin).suspend!
-    User.authenticate('quentin', 'monkey').should_not == users(:quentin)
-  end
-
-  it 'deletes user' do
-    users(:quentin).deleted_at.should be_nil
-    users(:quentin).delete!
-    users(:quentin).deleted_at.should_not be_nil
-    users(:quentin).should be_deleted
-  end
-
-  describe "being unsuspended" do
-    fixtures :users
-
-    before do
-      @user = users(:quentin)
-      @user.suspend!
-    end
-
-    it 'reverts to active state' do
-      @user.unsuspend!
-      @user.should be_active
-    end
-
-    it 'reverts to passive state if activation_code and activated_at are nil' do
-      User.update_all :activation_code => nil, :activated_at => nil
-      @user.reload.unsuspend!
-      @user.should be_passive
-    end
-
-    it 'reverts to pending state if activation_code is set and activated_at is nil' do
-      User.update_all :activation_code => 'foo-bar', :activated_at => nil
-      @user.reload.unsuspend!
-      @user.should be_pending
-    end
-  end
-
 protected
   def create_user(options = {})
     record = User.new({ :login => 'quire', :email => 'quire@example.com', :password => 'quire69', :password_confirmation => 'quire69' }.merge(options))
-    record.register! if record.valid?
+    record.save
     record
   end
 end
diff --git a/stories/steps/user_steps.rb b/stories/steps/user_steps.rb
index 847a68e..b7cbbc5 100644
--- a/stories/steps/user_steps.rb
+++ b/stories/steps/user_steps.rb
@@ -52,10 +52,6 @@
     create_user attributes.to_hash_from_story
   end
   
-  When "$actor activates with activation code $attributes" do |_, activation_code|
-    activation_code = '' if activation_code == 'that is blank'
-    activate 
-  end  
 
   When "$actor logs in with $attributes" do |_, attributes|
     log_in_user attributes.to_hash_from_story
@@ -119,23 +115,10 @@ def create_user!(user_type, user_params)
   create_user user_params
   response.should redirect_to('/')
   follow_redirect!
- 
-  # fix the user's activation status
-  activate_user! if user_type == 'activated'
-end
 
- 
-def activate_user activation_code=nil
-  activation_code = @user.activation_code if activation_code.nil?
-  get "/activate/#{activation_code}"
 end
 
-def activate_user! *args
-  activate_user *args
-  response.should redirect_to('/login')
-  follow_redirect!
-  response.should have_flash("notice", /Signup complete!/)
-end
+
 
 def log_in_user user_params=nil
   @user_params ||= user_params
diff --git a/stories/users/accounts.story b/stories/users/accounts.story
index 91f5d3e..9af2b5a 100644
--- a/stories/users/accounts.story
+++ b/stories/users/accounts.story
@@ -31,31 +31,13 @@ Story: Creating an account
      And  a user with login: 'oona' should exist
      And  the user should have login: 'oona', and email: 'unactivated@example.com'
 
-     And  the user's activation_code should not be nil
-     And  the user's activated_at    should     be nil
-     And  she should not be logged in
+     And  oona should be logged in
 
 
   #
   # Account Creation Failure: Account exists
   #
 
-  Scenario: Anonymous user can not create an account replacing a non-activated account
-    Given an anonymous user
-     And  a registered user named 'Reggie'
-     And  the user has activation_code: 'activate_me', activated_at: nil! 
-     And  we try hard to remember the user's updated_at, and created_at
-    When  she registers an account with login: 'reggie', password: 'monkey', and email: 'different@example.com'
-    Then  she should be at the 'users/new' page
-     And  she should     see an errorExplanation message 'Login has already been taken'
-     And  she should not see an errorExplanation message 'Email has already been taken'
-     And  a user with login: 'reggie' should exist
-     And  the user should have email: 'registered@example.com'
-     And  the user's activation_code should not be nil
-     And  the user's activated_at    should     be nil
-     And  the user's created_at should stay the same under to_s
-     And  the user's updated_at should stay the same under to_s
-     And  she should not be logged in
      
   Scenario: Anonymous user can not create an account replacing an activated account
     Given an anonymous user
@@ -68,8 +50,6 @@ Story: Creating an account
      And  a user with login: 'reggie' should exist
      And  the user should have email: 'registered@example.com'
 
-     And  the user's activation_code should     be nil
-     And  the user's activated_at    should not be nil
      And  the user's created_at should stay the same under to_s
      And  the user's updated_at should stay the same under to_s
      And  she should not be logged in
@@ -123,60 +103,7 @@ Story: Creating an account
      And  a user with login: 'oona' should exist
      And  the user should have login: 'oona', and email: 'unactivated@example.com'
 
-     And  the user's activation_code should not be nil
-     And  the user's activated_at    should     be nil
-     And  she should not be logged in
+     And  oona should be logged in
 
      
 
-Story: Activating an account
-  As a registered, but not yet activated, user
-  I want to be able to activate my account
-  So that I can log in to the site
-
-  #
-  # Successful activation
-  #
-  Scenario: Not-yet-activated user can activate her account
-    Given a registered user named 'Reggie'
-     And  the user has activation_code: 'activate_me', activated_at: nil! 
-     And  we try hard to remember the user's updated_at, and created_at
-    When  she goes to /activate/activate_me
-    Then  she should be redirected to 'login'
-    When  she follows that redirect!
-    Then  she should see a notice message 'Signup complete!'
-     And  a user with login: 'reggie' should exist
-     And  the user should have login: 'reggie', and email: 'registered@example.com'
-     And  the user's activation_code should     be nil
-     And  the user's activated_at    should not be nil
-     And  she should not be logged in
-
-  #
-  # Unsuccessful activation
-  #
-  Scenario: Not-yet-activated user can't activate her account with a blank activation code
-    Given a registered user named 'Reggie'
-     And  the user has activation_code: 'activate_me', activated_at: nil! 
-     And  we try hard to remember the user's updated_at, and created_at
-    When  she goes to /activate/
-    Then  she should be redirected to the home page
-    When  she follows that redirect!
-    Then  she should see an error  message 'activation code was missing'
-     And  a user with login: 'reggie' should exist
-     And  the user should have login: 'reggie', activation_code: 'activate_me', and activated_at: nil!
-     And  the user's updated_at should stay the same under to_s
-     And  she should not be logged in
-  
-  Scenario: Not-yet-activated user can't activate her account with a bogus activation code
-    Given a registered user named 'Reggie'
-     And  the user has activation_code: 'activate_me', activated_at: nil! 
-     And  we try hard to remember the user's updated_at, and created_at
-    When  she goes to /activate/i_haxxor_joo
-    Then  she should be redirected to the home page
-    When  she follows that redirect!
-    Then  she should see an error  message 'couldn\'t find a user with that activation code'
-     And  a user with login: 'reggie' should exist
-     And  the user should have login: 'reggie', activation_code: 'activate_me', and activated_at: nil!
-     And  the user's updated_at should stay the same under to_s
-     And  she should not be logged in
-