Forum: Rails Engines Integrating login engine with other apps

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Piers (Guest)
on 2006-05-03 19:46
Hi
I've got a general problem, and as ever am running up against the
problem of having a small brain.

I've got an app using login engine, but I need to add some forum
functionality.
Ideally, I'd want to use Opinion (http://home.leetsoft.com/opinion), but
I've no clue how to go about tieing it in to my app without having to
make the user login twice.

Is there a way to merge the two apps under one controller so that I can
use the one user table, and be reasonably resilient against any upgrades
to Opinion and not have a load of namespace clashes?

Same applies in general - how to run two apps side by side

Thanks for any help

Piers
Jon B. (Guest)
on 2006-05-03 21:08
(Received via mailing list)
In the same boat as Ive had to port phpBB users over and had to
switch between MD5 keys and SHA1 keys, and after looking @ Opinion
the passwords are not even encrypted @ all .. I wish the
authentication method on the Login Engine was more 'plugable' to work
w/ other apps.  From a security standpoint the method used in the
Login Engine is by far the right way to go but there is no way to get
users to port without having to capture the password and create new
keys (there is no method for this).

Im under the assumption that as long as the session[:user] is filled
@ login + nilified @ logout you should be good to go.

I too would like to know what a more official Rails method of doing
this would be.

- Jon
James A. (Guest)
on 2006-05-03 21:08
(Received via mailing list)
There is no 'rails official' way of authenticating, or storing
passwords, as this is logic specific to your application. Maybe hashed
passwords aren't important? It's quite possible.

The login engine isn't meant to be mashed into other applications
which make their own assumptions about some kind of user model. It
does try to be flexible where it can, but to some extent it's like
asking a spanner to be a hammer. It's going to get ugly.

I'd recommend that you pick one of these systems (login engine, or
opinion) and then add whatever is missing from the other, within your
application.

- james

On 5/3/06, Jon B. <removed_email_address@domain.invalid> wrote:
> @ login + nilified @ logout you should be good to go.
> > problem of having a small brain.
> > use the one user table, and be reasonably resilient against any
> > Posted via http://www.ruby-forum.com/.
> http://lists.rails-engines.org/listinfo.cgi/engine...
>


--
* J *
  ~
Paul R. (Guest)
on 2006-05-03 22:46
(Received via mailing list)
On 3 May 2006, at 17:45, James A. wrote:

> There is no 'rails official' way of authenticating, or storing
> passwords, as this is logic specific to your application. Maybe hashed
> passwords aren't important? It's quite possible.

I'm currently playing with the idea of building a load of tools to
make a Rails application OWASP compliant out of the box, and then try
talking the Rails core into making it 'standard'. This stuff is so
standard, there is no reason why we shouldn't be making it as
standard-orientated as connecting to a database, and then give hooks
for legacy authentication.

> The login engine isn't meant to be mashed into other applications
> which make their own assumptions about some kind of user model. It
> does try to be flexible where it can, but to some extent it's like
> asking a spanner to be a hammer. It's going to get ugly.

I've been able to get it to do some pretty weird stuff, but I agree
it looks horrendous. My code is *ugly*, which isn't nice.

> I'd recommend that you pick one of these systems (login engine, or
> opinion) and then add whatever is missing from the other, within your
> application.

Alternatively, perhaps login_engine could have a webservices
interface, and then opinion (and others) could talk to it via that?
I'm happy to look at putting some code up for that...

--
Paul R.
This topic is locked and can not be replied to.