rnewman57/clearance

## clearance
diff --git a/app/controllers/clearance/sessions_controller.rb b/app/controllers/clearance/sessions_controller.rb
index 41bffa5..94bc1ba 100644
--- a/app/controllers/clearance/sessions_controller.rb
+++ b/app/controllers/clearance/sessions_controller.rb
@@ -31,7 +31,7 @@ class Clearance::SessionsController < ApplicationController
   def destroy
     sign_out
     flash_success_after_destroy
-    redirect_to(url_after_destroy)
+    redirect_back_or(url_after_destroy)
   end

   private
diff --git a/app/views/sessions/new.html.erb b/app/views/sessions/new.html.erb
index 8f540b0..03c6a6e 100644
--- a/app/views/sessions/new.html.erb
+++ b/app/views/sessions/new.html.erb
@@ -1,6 +1,6 @@
 <h2>Sign in</h2>

-<% form_for :session, :url => session_path do |form| %>
+<% form_for :session, :url => session_path(:return_to => params[:return_to]) do |form| %>
   <div class="text_field">
     <%= form.label :email %>
     <%= form.text_field :email %>
diff --git a/generators/clearance_views/templates/formtastic/sessions/new.html.erb b/generators/clearance_views/templates/formtastic/sessions/new.html.erb
index 440d03e..b1d9f64 100644
--- a/generators/clearance_views/templates/formtastic/sessions/new.html.erb
+++ b/generators/clearance_views/templates/formtastic/sessions/new.html.erb
@@ -1,6 +1,6 @@
 <h2>Sign in</h2>

-<% semantic_form_for :session, :url => session_path do |form| %>
+<% semantic_form_for :session, :url => session_path(:return_to => params[:return_to]) do |form| %>
   <% form.inputs do %>
     <%= form.input :email %>
     <%= form.input :password, :as => :password %>
diff --git a/shoulda_macros/clearance.rb b/shoulda_macros/clearance.rb
index 582222d..3fb747c 100644
--- a/shoulda_macros/clearance.rb
+++ b/shoulda_macros/clearance.rb
@@ -206,10 +206,13 @@ module Clearance
       end
     end

-    def should_display_a_sign_in_form
+    def should_display_a_sign_in_form(&block)   # block produces either a return_to value or nil
       warn "[DEPRECATION] should_display_a_sign_in_form: not meant to be public, no longer used internally"
       should 'display a "sign in" form' do
-        assert_select "form[action=#{session_path}][method=post]",
+        return_to = instance_eval(&block)
+        submit_url = session_path
+        submit_url << "?return_to=" << ERB::Util::url_encode(return_to) if return_to
+        assert_select "form[action=?][method=post]", submit_url,
           true, "There must be a form to sign in" do
             assert_select "input[type=text][name=?]",
               "session[email]", true, "There must be an email field"
diff --git a/test/controllers/sessions_controller_test.rb b/test/controllers/sessions_controller_test.rb
index 63a6e33..dfeb1b1 100644
--- a/test/controllers/sessions_controller_test.rb
+++ b/test/controllers/sessions_controller_test.rb
@@ -5,13 +5,25 @@ class SessionsControllerTest < ActionController::TestCase

   should_filter_params :password

-  context "on GET to /sessions/new" do
+  context "on GET to /sessions/new without a request return url" do
     setup { get :new }

     should_respond_with    :success
     should_render_template :new
     should_not_set_the_flash
-    should_display_a_sign_in_form
+    should_display_a_sign_in_form {nil}  # no return_url
+  end
+
+  context "on GET to /sessions/new with a request return url" do
+    setup do
+      @return_url = "/url_in_the_request"
+      get :new, :return_to => @return_url
+    end
+
+    should_respond_with    :success
+    should_render_template :new
+    should_not_set_the_flash
+    should_display_a_sign_in_form {@return_url}
   end

   context "on POST to #create with unconfirmed credentials" do
@@ -207,4 +219,35 @@ class SessionsControllerTest < ActionController::TestCase
     end
   end

+  context "on DELETE to #destroy given a signed out user with a request return url" do
+    setup do
+      sign_out
+      @return_url = '/url_in_the_request'
+      delete :destroy, :return_to => @return_url
+    end
+    should_set_the_flash_to(/signed out/i)
+    should_redirect_to("the return URL") { @return_url }
+  end
+
+  context "on DELETE to #destroy with a cookie and a request return url" do
+    setup do
+      @user = Factory(:email_confirmed_user)
+      @user.update_attribute(:remember_token, "old-token")
+      @request.cookies["remember_token"] = "old-token"
+      @return_url = '/url_in_the_request'
+      delete :destroy, :return_to => @return_url
+    end
+
+    should_set_the_flash_to(/signed out/i)
+    should_redirect_to("the return URL") { @return_url }
+
+    should "delete the cookie token" do
+      assert_nil cookies['remember_token']
+    end
+
+    should "reset the remember token" do
+      assert_not_equal "old-token", @user.reload.remember_token
+    end
+  end
+
 end
	diff --git a/app/controllers/clearance/sessions_controller.rb b/app/controllers/clearance/sessions_controller.rb
	index 41bffa5..94bc1ba 100644
	--- a/app/controllers/clearance/sessions_controller.rb
	+++ b/app/controllers/clearance/sessions_controller.rb
	@@ -31,7 +31,7 @@ class Clearance::SessionsController < ApplicationController
	def destroy
	sign_out
	flash_success_after_destroy
	- redirect_to(url_after_destroy)
	+ redirect_back_or(url_after_destroy)
	end

	private
	diff --git a/app/views/sessions/new.html.erb b/app/views/sessions/new.html.erb
	index 8f540b0..03c6a6e 100644
	--- a/app/views/sessions/new.html.erb
	+++ b/app/views/sessions/new.html.erb
	@@ -1,6 +1,6 @@
	<h2>Sign in</h2>

	-<% form_for :session, :url => session_path do \|form\| %>
	+<% form_for :session, :url => session_path(:return_to => params[:return_to]) do \|form\| %>
	<div class="text_field">
	<%= form.label :email %>
	<%= form.text_field :email %>
	diff --git a/generators/clearance_views/templates/formtastic/sessions/new.html.erb b/generators/clearance_views/templates/formtastic/sessions/new.html.erb
	index 440d03e..b1d9f64 100644
	--- a/generators/clearance_views/templates/formtastic/sessions/new.html.erb
	+++ b/generators/clearance_views/templates/formtastic/sessions/new.html.erb
	@@ -1,6 +1,6 @@
	<h2>Sign in</h2>

	-<% semantic_form_for :session, :url => session_path do \|form\| %>
	+<% semantic_form_for :session, :url => session_path(:return_to => params[:return_to]) do \|form\| %>
	<% form.inputs do %>
	<%= form.input :email %>
	<%= form.input :password, :as => :password %>
	diff --git a/shoulda_macros/clearance.rb b/shoulda_macros/clearance.rb
	index 582222d..3fb747c 100644
	--- a/shoulda_macros/clearance.rb
	+++ b/shoulda_macros/clearance.rb
	@@ -206,10 +206,13 @@ module Clearance
	end
	end

	- def should_display_a_sign_in_form
	+ def should_display_a_sign_in_form(&block) # block produces either a return_to value or nil
	warn "[DEPRECATION] should_display_a_sign_in_form: not meant to be public, no longer used internally"
	should 'display a "sign in" form' do
	- assert_select "form[action=#{session_path}][method=post]",
	+ return_to = instance_eval(&block)
	+ submit_url = session_path
	+ submit_url << "?return_to=" << ERB::Util::url_encode(return_to) if return_to
	+ assert_select "form[action=?][method=post]", submit_url,
	true, "There must be a form to sign in" do
	assert_select "input[type=text][name=?]",
	"session[email]", true, "There must be an email field"
	diff --git a/test/controllers/sessions_controller_test.rb b/test/controllers/sessions_controller_test.rb
	index 63a6e33..dfeb1b1 100644
	--- a/test/controllers/sessions_controller_test.rb
	+++ b/test/controllers/sessions_controller_test.rb
	@@ -5,13 +5,25 @@ class SessionsControllerTest < ActionController::TestCase

	should_filter_params :password

	- context "on GET to /sessions/new" do
	+ context "on GET to /sessions/new without a request return url" do
	setup { get :new }

	should_respond_with :success
	should_render_template :new
	should_not_set_the_flash
	- should_display_a_sign_in_form
	+ should_display_a_sign_in_form {nil} # no return_url
	+ end
	+
	+ context "on GET to /sessions/new with a request return url" do
	+ setup do
	+ @return_url = "/url_in_the_request"
	+ get :new, :return_to => @return_url
	+ end
	+
	+ should_respond_with :success
	+ should_render_template :new
	+ should_not_set_the_flash
	+ should_display_a_sign_in_form {@return_url}
	end

	context "on POST to #create with unconfirmed credentials" do
	@@ -207,4 +219,35 @@ class SessionsControllerTest < ActionController::TestCase
	end
	end

	+ context "on DELETE to #destroy given a signed out user with a request return url" do
	+ setup do
	+ sign_out
	+ @return_url = '/url_in_the_request'
	+ delete :destroy, :return_to => @return_url
	+ end
	+ should_set_the_flash_to(/signed out/i)
	+ should_redirect_to("the return URL") { @return_url }
	+ end
	+
	+ context "on DELETE to #destroy with a cookie and a request return url" do
	+ setup do
	+ @user = Factory(:email_confirmed_user)
	+ @user.update_attribute(:remember_token, "old-token")
	+ @request.cookies["remember_token"] = "old-token"
	+ @return_url = '/url_in_the_request'
	+ delete :destroy, :return_to => @return_url
	+ end
	+
	+ should_set_the_flash_to(/signed out/i)
	+ should_redirect_to("the return URL") { @return_url }
	+
	+ should "delete the cookie token" do
	+ assert_nil cookies['remember_token']
	+ end
	+
	+ should "reset the remember token" do
	+ assert_not_equal "old-token", @user.reload.remember_token
	+ end
	+ end
	+
	end