Hi
I’ve got a general problem, and as ever am running up against the
problem of having a small brain.
I’ve got an app using login engine, but I need to add some forum
functionality.
Ideally, I’d want to use Opinion (http://home.leetsoft.com/opinion), but
I’ve no clue how to go about tieing it in to my app without having to
make the user login twice.
Is there a way to merge the two apps under one controller so that I can
use the one user table, and be reasonably resilient against any upgrades
to Opinion and not have a load of namespace clashes?
Same applies in general - how to run two apps side by side
In the same boat as Ive had to port phpBB users over and had to
switch between MD5 keys and SHA1 keys, and after looking @ Opinion
the passwords are not even encrypted @ all … I wish the
authentication method on the Login Engine was more ‘plugable’ to work
w/ other apps. From a security standpoint the method used in the
Login Engine is by far the right way to go but there is no way to get
users to port without having to capture the password and create new
keys (there is no method for this).
Im under the assumption that as long as the session[:user] is filled
@ login + nilified @ logout you should be good to go.
I too would like to know what a more official Rails method of doing
this would be.
There is no ‘rails official’ way of authenticating, or storing
passwords, as this is logic specific to your application. Maybe hashed
passwords aren’t important? It’s quite possible.
I’m currently playing with the idea of building a load of tools to
make a Rails application OWASP compliant out of the box, and then try
talking the Rails core into making it ‘standard’. This stuff is so
standard, there is no reason why we shouldn’t be making it as
standard-orientated as connecting to a database, and then give hooks
for legacy authentication.
The login engine isn’t meant to be mashed into other applications
which make their own assumptions about some kind of user model. It
does try to be flexible where it can, but to some extent it’s like
asking a spanner to be a hammer. It’s going to get ugly.
I’ve been able to get it to do some pretty weird stuff, but I agree
it looks horrendous. My code is ugly, which isn’t nice.
I’d recommend that you pick one of these systems (login engine, or
opinion) and then add whatever is missing from the other, within your
application.
Alternatively, perhaps login_engine could have a webservices
interface, and then opinion (and others) could talk to it via that?
I’m happy to look at putting some code up for that…
There is no ‘rails official’ way of authenticating, or storing
passwords, as this is logic specific to your application. Maybe hashed
passwords aren’t important? It’s quite possible.
The login engine isn’t meant to be mashed into other applications
which make their own assumptions about some kind of user model. It
does try to be flexible where it can, but to some extent it’s like
asking a spanner to be a hammer. It’s going to get ugly.
I’d recommend that you pick one of these systems (login engine, or
opinion) and then add whatever is missing from the other, within your
application.