Reset the remember_token on sign out instead of sign in

* Allows for the same user to sign in from two locations at once
* Added support for setting User#remember_token on creation
* Addresses this thread:
  http://groups.google.com/group/thoughtbot-clearance/browse_thread/thread/d071ae84573e40ff

lib/clearance/authentication.rb

@@ -62,7 +62,6 @@ def authenticate
       #   sign_in(@user)
       def sign_in(user)
         if user
-          user.reset_remember_token!
           cookies[:remember_token] = {
             :value   => user.remember_token,
             :expires => 1.year.from_now.utc
@@ -77,6 +76,7 @@ def sign_in(user)
       #   sign_out
       def sign_out
         cookies.delete(:remember_token)
+        current_user.reset_remember_token! if current_user
         current_user = nil
       end
 

lib/clearance/user.rb

@@ -67,7 +67,8 @@ def self.included(model)
         model.class_eval do
           before_save :initialize_salt,
                       :encrypt_password
-          before_create :generate_confirmation_token
+          before_create :generate_confirmation_token,
+                        :generate_remember_token
           after_create :send_confirmation_email, :unless => :email_confirmed?
         end
       end

test/controllers/sessions_controller_test.rb

@@ -35,6 +35,7 @@ class SessionsControllerTest < ActionController::TestCase
   context "on POST to #create with good credentials" do
     setup do
       @user = Factory(:email_confirmed_user)
+      @user.update_attribute(:remember_token, "old-token")
       post :create, :session => {
                       :email    => @user.email,
                       :password => @user.password }
@@ -47,8 +48,8 @@ class SessionsControllerTest < ActionController::TestCase
       assert ! cookies['remember_token'].empty?
     end
 
-    should 'set the token in users table' do
-      assert_not_nil @user.reload.remember_token
+    should "not change the remember token" do
+      assert_equal "old-token", @user.reload.remember_token
     end
   end
 
@@ -121,6 +122,7 @@ class SessionsControllerTest < ActionController::TestCase
   context "on DELETE to #destroy with a cookie" do
     setup do
       @user = Factory(:email_confirmed_user)
+      @user.update_attribute(:remember_token, "old-token")
       cookies['remember_token'] = CGI::Cookie.new('token', 'value')
       sign_in_as @user
       delete :destroy
@@ -133,8 +135,8 @@ class SessionsControllerTest < ActionController::TestCase
       assert_nil cookies['remember_token']
     end
 
-    should "delete the database token" do
-      assert_nil @user.reload.remember_token
+    should "reset the remember token" do
+      assert_not_equal "old-token", @user.reload.remember_token
     end
   end
 

test/models/user_test.rb

@@ -125,12 +125,12 @@ def @user.initialize_salt; end
   context "When resetting authentication with reset_remember_token!" do
     setup do
       @user  = Factory(:email_confirmed_user)
-      assert_nil @user.remember_token
+      @user.remember_token = "old-token"
       @user.reset_remember_token!
     end
 
-    should "set the remember token" do
-      assert_not_nil @user.remember_token
+    should "change the remember token" do
+      assert_not_equal "old-token", @user.remember_token
     end
   end