LoginEngine vs. LoginGenerator?


#1

I just saw a mention here of LoginEngine, which I hadn’t heard of
before. Last week when I was digging for user-account sample code for
my web-app, I instead found the LoginGenerator and started using that:
http://wiki.rubyonrails.com/rails/pages/LoginGenerator

Is one of these preferred over the other? From skimming the API docs,
it does seem that LoginEngine has more features, like email-based
verification, that I’ve been hacking into LoginGenerator myself. If
LoginGenerator is deprecated, or if LoginEngine is seeing more active
development, then I should probably switch over before deploying my app.

Thanks,

–Jens


#2

As found in the Book of Rails, Chapter 13, Verse 26-28:

“26. In The Beginning there was the LoginGenerator, whom didst spawn
many working Rails applications. But the peoples of Railtopia were
unsettled after a time. And, lo, LoginGenerator did eventually beget
SaltedHashLoginGenerator, which included better salting and
localization, and email verification, singing like heralds upon high.
27. And the children of SaltedHashLoginGenerator where fruitful, and
partied like it was 1999. Except it was 2005.
28. Then, some weirdo developed Rails engines, and was particularly
lazy in the eyes of the Lord, totally ripping off
SaltedHashLoginGenerator as an example of his wicked way…”

In a nutshell, there’s the original LoginGenerator, on which lots of
authentication systems are based. One of these is the
SaltedHashLoginGenerator, which adds a few features including
localization and email verification. I believe Deirdre SM has stepped
in to maintain this - she’ll know better where it’s future lies.

The LoginEngine is an example of a development technique
(http://rails-engines.org) which is heavily based on the SHLG.
Feature-wise they are pretty much identical, although email is now
optional, and the localization was totally removed. It continues to be
developed and refined, and is very much open to public scrutiny and
patching.

Your choice between using a generator and using an engine (any engine,
the LoginEngine isn’t the only possible authentication system possible
using engines) should be based on how you evaluate the merits of
either mechanism for sharing/reusing code. My personal view/propaganda
is here: http://rails-engines.org/wiki/pages/Engines+vs.+Generators

Whichever you choose, be prepared to get intimate with the code -
there’s no excuse for not working to understand how this code is going
to function within your application! Good luck :slight_smile:

  • James

#3

There’s also Bruce P. ModelSecurity, which is more than just login:

http://perens.com/FreeSoftware/ModelSecurity/

which takes the multiple “layers of defense” approach.

Haven’t tried it yet, but meaning to…

Although, I’m sorely tempted to completely ignore it and even
start dissing it
simply because of the obnoxious ads on the page (when I just went to
verify the url, the
ad was for smileys and it includes a loud “heeelllllooo…” over and
over!) C’Mon Bruce,
save the ads for your home page!

b

PS: great (and amusing) summary James…