Refactor code related to authentication:

* User model
* SessionsController

spec/models/user_spec.rb

@@ -16,49 +16,39 @@ describe User do
     it { should_not be_valid }
   end
 
-  context 'when password empty' do
-    before do
-      user.password = ''
-    end
-
-    it { should_not be_valid }
-  end
-
   context 'when password_confirmation does not match password' do
     before do
-      user.password_confirmation = 'WRONG'
+      user.password_confirmation = user.password + 'INVALID'
     end
 
     it { should_not be_valid }
   end
 
-  describe '#hash_password' do
-    it 'is received when #save is sent' do
-      user.should_receive(:hash_password)
-      user.save
+  context 'when password_hash empty' do
+    before do
+      user.password_hash = ''
     end
 
-    it 'stores a bcrypt hash of the password' do
-      user.save
+    it { should_not be_valid }
+  end
+
+  describe '#password=' do
+    it 'stores a bcrypt hash of the password in password_hash' do
       BCrypt::Password.new(user.password_hash).should == user.password
     end
   end
 
-  describe '.authenticate' do
-    let (:user) { Factory.create(:user) }
-
-    it 'returns the user with valid credentials' do
-      User.authenticate(
-        user.email,
-        user.password
-      ).should == user
+  describe '#authenticate?' do
+    context 'with a valid password' do
+      it 'returns true' do
+        user.authenticate?(user.password).should be_true
+      end
     end
 
-    it 'returns false with invalid credentials' do
-      User.authenticate(
-        user.email,
-        'WRONG'
-      ).should be_false
+    context 'with an invalid password' do
+      it 'returns false' do
+        user.authenticate?(user.password + '_INVALID').should be_false
+      end
     end
   end
 end