Add authentication and User model

* Add User model
* Add SessionsController
* Add password authentication on User
* Request authentication for all actions except sign in
* Add some helpers for ApplicationController
* Update features to work with mandatory authentication

app/controllers/application_controller.rb

@@ -1,3 +1,19 @@
 class ApplicationController < ActionController::Base
   protect_from_forgery
+
+  before_filter :authenticate!
+
+  def current_user=(user)
+    session[:user_id] = user.id
+  end
+
+  def current_user
+    @current_user ||= User.find(session[:user_id]) if session[:user_id]
+  end
+
+  protected
+
+  def authenticate!
+    redirect_to new_session_path if current_user.nil?
+  end
 end

app/controllers/sessions_controller.rb

@@ -0,0 +1,16 @@
+class SessionsController < ApplicationController
+  skip_before_filter :authenticate!, :only => [:new, :create]
+
+  def create
+    user = User.authenticate(
+      params[:session][:email],
+      params[:session][:password]
+    )
+    if ! user
+      render 'new'
+    else
+      self.current_user = user
+      redirect_to :root
+    end
+  end
+end

app/models/session.rb

@@ -0,0 +1,2 @@
+class Session < ActiveRecord::Base
+end

app/models/user.rb

@@ -0,0 +1,11 @@
+class User < ActiveRecord::Base
+  validates_presence_of :email
+  validates_presence_of :password
+
+  def self.authenticate(email, password)
+    user = find_by_email(email)
+    return false if user.nil?
+    #FIXME use bcrypt
+    return user if user.password == password
+  end
+end

app/views/sessions/new.html.haml

@@ -0,0 +1,6 @@
+= form_for(:session, :url => sessions_path) do |f|
+  = f.label :email
+  = f.text_field :email
+  = f.label :password
+  = f.password_field :password
+  = f.submit 'Sign in'