application_controller.rb

Class ApplicationController < ActionController::Base

  include AuthenticationSystem

  # See ActionController::RequestForgeryProtection for details
  # Uncomment the :secret if you're not using the cookie session store
  protect_from_forgery # :secret => 'f14c53f0ede6084dccb766a9065f77bd'

  filter_parameter_logging :password, :password_confirmation
  helper_method :current_user_session, :current_user

# ...

  # this method will get called in case a user accesses a protected page
  # without being logged in
  def store_location
    if intent_saver = self.class.intent_save_point_for(action_name)
      instance_eval &intent_saver
    else
      session[:return_to] = request.request_uri
    end
  end

end

authentication_system.rb

module AuthenticationSystem

  def self.included(base)
    base.send :helper, :all
  end

  private
    def load_user_using_perishable_token
      @user = User.find_using_perishable_token(params[:id])
      unless @user
        flash[:error] = "Invalid token"
        redirect_to root_url
      end
    end

    def current_user_session
      return @current_user_session if defined?(@current_user_session)
      @current_user_session = UserSession.find
    end

    def current_user
      return @current_user if defined?(@current_user)
      @current_user = current_user_session && current_user_session.user
    end

    def require_admin_user
      unless current_user.try(:admin?)
        flash[:error] = "You cant do this"
        redirect_to_even_for_js "/"
        return false
      end
    end

    def require_user
      unless current_user
        store_location
        flash[:error] = "You must be logged in to access this page"
        redirect_to_even_for_js new_user_session_url
        return false
      end
    end

    def require_no_user
      if current_user
        store_location
        flash[:notice] = "You must be logged out to access this page"
        redirect_to_even_for_js account_url
        return false
      end
    end

    def redirect_back_or_default(default)
      redirect_to(session[:return_to] || default)
      session[:return_to] = nil
    end

    def redirect_to_even_for_js(target)
      respond_to do |format|
        format.html { redirect_to target }
        format.js do
          render :update do |page|
            page.redirect_to target
          end
        end
      end
    end

end

log output

Processing ThoughtsController#new (for 127.0.0.1 at 2009-07-02 12:12:04) [GET]
  Parameters: {"action"=>"new", "controller"=>"thoughts"}
  User Columns (2.8ms)   SHOW FIELDS FROM `users`
Filter chain halted as [:require_user] rendered_or_redirected.
Completed in 30ms (View: 2, DB: 3) | 406 Not Acceptable [http://localhost/thoughts/new]
  SQL (0.1ms)   SET SQL_AUTO_IS_NULL=0

rake routes

 login        /login                                                  {:controller=>"user_sessions", :action=>"create"}

thought.rb

class Thought < ActiveRecord::Base

  belongs_to :user

# ... 

end

thoughts_controller.rb

class ThoughtsController < ApplicationController

  before_filter :require_user, :except => [:index, :show, :search, :inappropriate, :nag_someone]

  def new
    @thought = build_object
  end

  def create
    @thought = build_object

    respond_to do |format|
      if @thought.save
        format.html { redirect_to @thought }
        format.xml { render :xml => @thought, :status => :created, :location => @thought }
      else
        format.html { render :action => "new" }
        format.xml { render :xml => @thought.errors, :status => :unprocessable_entity }
      end
    end
  end


  protected
    def build_object
      current_user.thoughts.new params[:thought]
    end

trample_config.rb

domain = "localhost:3000"

Trample.configure do
    concurrency 1 # how many users at once
    iterations  1 # how many times they'll take the journey below through the app
    login do
      
      post "http://#{domain}/login" do
        {:user_session => {:email => 'joe@shmoe.co.uk', :password => "topsekrit"} }
      end
    end
    random_number = rand(13)      
    
    get  "http://#{domain}/thoughts/new"
    post "http://#{domain}/thoughts/" do
      {
        :thought => {:thought_type=> "Idea", :title => "Trample title", :description => "Ample trample copy" }
      }
    end
    get  "http://#{domain}/thoughts/#{random_number}"

  end

user_sessions_controller.rb

class UserSessionsController < ApplicationController

  layout "user_session"

  def new
    @user_session = UserSession.new
  end

  def create
    @user_session = UserSession.new params[:user_session]
    logger.info "TRY_LOGIN #{@user_session.inspect}"
    logger.info "TRY_LOGIN #{params[:user_session][:email]}"
    logger.info "TRY_LOGIN #{request.format.inspect}"
    if @user_session.save
      after_login_redirect
    else
      flash.now[:error] = "Invalid username or password"
      respond_to do |format|
        format.html { render :action => :new }
        format.js
      end
    end
  end

  def show
    
  end

  def destroy
    current_user_session.destroy
    redirect_to root_path
  end

  private
    def complete_login
      respond_to do |format|  
        format.html { redirect_to root_url}
        format.js do
          render :update do |page|
          page.redirect_to root_url
          end
        end
      end
    end

    def after_login_redirect
      if current_user.first_time_from_old_nag?
        current_user.introduce_to_new_nag
        redirect_to_even_for_js edit_account_path
      elsif pending_intent_execution?
        replay_intent
      else
        complete_login
      end
    end

end