Add authentication and User model

* Add User model
* Add SessionsController
* Add password authentication on User
* Request authentication for all actions except sign in
* Add some helpers for ApplicationController
* Update features to work with mandatory authentication

app/controllers/application_controller.rb

@@ -1,3 +1,19 @@
 class ApplicationController < ActionController::Base
   protect_from_forgery
+
+  before_filter :authenticate!
+
+  def current_user=(user)
+    session[:user_id] = user.id
+  end
+
+  def current_user
+    @current_user ||= User.find(session[:user_id]) if session[:user_id]
+  end
+
+  protected
+
+  def authenticate!
+    redirect_to new_session_path if current_user.nil?
+  end
 end

app/controllers/sessions_controller.rb

@@ -0,0 +1,16 @@
+class SessionsController < ApplicationController
+  skip_before_filter :authenticate!, :only => [:new, :create]
+
+  def create
+    user = User.authenticate(
+      params[:session][:email],
+      params[:session][:password]
+    )
+    if ! user
+      render 'new'
+    else
+      self.current_user = user
+      redirect_to :root
+    end
+  end
+end