build using rails_apps_composer 2.4.6

Gemfile

@@ -1,6 +1,6 @@
 source 'https://rubygems.org'
 ruby '2.0.0'
-gem 'rails', '3.2.13'
+gem 'rails', '3.2.14'
 gem 'sqlite3'
 group :assets do
   gem 'sass-rails',   '~> 3.2.3'
@@ -16,7 +16,7 @@ gem 'rolify'
 gem 'simple_form'
 group :development do
   gem 'better_errors'
-  gem 'binding_of_caller', :platforms=>[:mri_19, :rbx]
+  gem 'binding_of_caller', :platforms=>[:mri_19, :mri_20, :rbx]
   gem 'quiet_assets'
 end
 group :development, :test do
@@ -26,7 +26,7 @@ end
 group :test do
   gem 'capybara'
   gem 'cucumber-rails', :require=>false
-  gem 'database_cleaner'
+  gem 'database_cleaner', '1.0.1'
   gem 'email_spec'
   gem 'launchy'
 end

config/initializers/devise.rb

@@ -76,6 +76,12 @@
   # passing :skip => :sessions to `devise_for` in your config/routes.rb
   config.skip_session_storage = [:http_auth]
 
+  # By default, Devise cleans up the CSRF token on authentication to
+  # avoid CSRF token fixation attacks. This means that, when using AJAX
+  # requests for sign in and sign up, you need to get a new CSRF token
+  # from the server. You can disable this option at your own risk.
+  # config.clean_up_csrf_token_on_authentication = true
+
   # ==> Configuration for :database_authenticatable
   # For bcrypt, this is the cost for hashing the password and defaults to 10. If
   # using other encryptors, it sets how many times you want the password re-encrypted.

features/step_definitions/email_steps.rb

@@ -175,8 +175,8 @@ def current_email_address
 # Interact with Email Contents
 #
 
-When /^(?:I|they) follow "([^"]*?)" in the email$/ do |link|
-  visit_in_email(link)
+When /^(?:I|they|"([^"]*?)") follows? "([^"]*?)" in the email$/ do |address, link|
+  visit_in_email(link, address)
 end
 
 When /^(?:I|they) click the first link in the email$/ do