diff --git a/app/controllers/clearance/sessions_controller.rb b/app/controllers/

1. diff --git a/app/controllers/clearance/sessions_controller.rb b/app/controllers/clearance/sessions_controller.rb
2. index 41bffa5..94bc1ba 100644
3. --- a/app/controllers/clearance/sessions_controller.rb
4. +++ b/app/controllers/clearance/sessions_controller.rb
5. @@ -31,7 +31,7 @@ class Clearance::SessionsController < ApplicationController
6. def destroy
7. sign_out
8. flash_success_after_destroy
9. - redirect_to(url_after_destroy)
10. + redirect_back_or(url_after_destroy)
11. end
12.  
13. private
14. diff --git a/app/views/sessions/new.html.erb b/app/views/sessions/new.html.erb
15. index 8f540b0..03c6a6e 100644
16. --- a/app/views/sessions/new.html.erb
17. +++ b/app/views/sessions/new.html.erb
18. @@ -1,6 +1,6 @@
19. <h2>Sign in</h2>
20.  
21. -<% form_for :session, :url => session_path do |form| %>
22. +<% form_for :session, :url => session_path(:return_to => params[:return_to]) do |form| %>
23. <div class="text_field">
24. <%= form.label :email %>
25. <%= form.text_field :email %>
26. diff --git a/generators/clearance_views/templates/formtastic/sessions/new.html.erb b/generators/clearance_views/templates/formtastic/sessions/new.html.erb
27. index 440d03e..b1d9f64 100644
28. --- a/generators/clearance_views/templates/formtastic/sessions/new.html.erb
29. +++ b/generators/clearance_views/templates/formtastic/sessions/new.html.erb
30. @@ -1,6 +1,6 @@
31. <h2>Sign in</h2>
32.  
33. -<% semantic_form_for :session, :url => session_path do |form| %>
34. +<% semantic_form_for :session, :url => session_path(:return_to => params[:return_to]) do |form| %>
35. <% form.inputs do %>
36. <%= form.input :email %>
37. <%= form.input :password, :as => :password %>
38. diff --git a/shoulda_macros/clearance.rb b/shoulda_macros/clearance.rb
39. index 582222d..3fb747c 100644
40. --- a/shoulda_macros/clearance.rb
41. +++ b/shoulda_macros/clearance.rb
42. @@ -206,10 +206,13 @@ module Clearance
43. end
44. end
45.  
46. - def should_display_a_sign_in_form
47. + def should_display_a_sign_in_form(&block) # block produces either a return_to value or nil
48. warn "[DEPRECATION] should_display_a_sign_in_form: not meant to be public, no longer used internally"
49. should 'display a "sign in" form' do
50. - assert_select "form[action=#{session_path}][method=post]",
51. + return_to = instance_eval(&block)
52. + submit_url = session_path
53. + submit_url << "?return_to=" << ERB::Util::url_encode(return_to) if return_to
54. + assert_select "form[action=?][method=post]", submit_url,
55. true, "There must be a form to sign in" do
56. assert_select "input[type=text][name=?]",
57. "session[email]", true, "There must be an email field"
58. diff --git a/test/controllers/sessions_controller_test.rb b/test/controllers/sessions_controller_test.rb
59. index 63a6e33..dfeb1b1 100644
60. --- a/test/controllers/sessions_controller_test.rb
61. +++ b/test/controllers/sessions_controller_test.rb
62. @@ -5,13 +5,25 @@ class SessionsControllerTest < ActionController::TestCase
63.  
64. should_filter_params :password
65.  
66. - context "on GET to /sessions/new" do
67. + context "on GET to /sessions/new without a request return url" do
68. setup { get :new }
69.  
70. should_respond_with :success
71. should_render_template :new
72. should_not_set_the_flash
73. - should_display_a_sign_in_form
74. + should_display_a_sign_in_form {nil} # no return_url
75. + end
76. +
77. + context "on GET to /sessions/new with a request return url" do
78. + setup do
79. + @return_url = "/url_in_the_request"
80. + get :new, :return_to => @return_url
81. + end
82. +
83. + should_respond_with :success
84. + should_render_template :new
85. + should_not_set_the_flash
86. + should_display_a_sign_in_form {@return_url}
87. end
88.  
89. context "on POST to #create with unconfirmed credentials" do
90. @@ -207,4 +219,35 @@ class SessionsControllerTest < ActionController::TestCase
91. end
92. end
93.  
94. + context "on DELETE to #destroy given a signed out user with a request return url" do
95. + setup do
96. + sign_out
97. + @return_url = '/url_in_the_request'
98. + delete :destroy, :return_to => @return_url
99. + end
100. + should_set_the_flash_to(/signed out/i)
101. + should_redirect_to("the return URL") { @return_url }
102. + end
103. +
104. + context "on DELETE to #destroy with a cookie and a request return url" do
105. + setup do
106. + @user = Factory(:email_confirmed_user)
107. + @user.update_attribute(:remember_token, "old-token")
108. + @request.cookies["remember_token"] = "old-token"
109. + @return_url = '/url_in_the_request'
110. + delete :destroy, :return_to => @return_url
111. + end
112. +
113. + should_set_the_flash_to(/signed out/i)
114. + should_redirect_to("the return URL") { @return_url }
115. +
116. + should "delete the cookie token" do
117. + assert_nil cookies['remember_token']
118. + end
119. +
120. + should "reset the remember token" do
121. + assert_not_equal "old-token", @user.reload.remember_token
122. + end
123. + end
124. +
125. end