Modern day auth


#1

It’s been quite a while since I last rolled out a rails app, and now I
have to start on another. I’m wondering what is the currently accepted
method for implementing authentication and authorisation.

My last apps used a fairly well modified version of
restful_authentication, which as I remember was a right PITA to install
into a new application. It mainly consisted of several hours of copying
and pasting from existing apps (installing it from scratch was even
slower due to my modifications).

Has anyone got any advice for making my life a little easier? I don’t
have any wild requirements:

  • Session based login/logout with forms
  • Ability for users to reset passwords with email tickets
  • Possibility to switch between admin-only or open registration (with
    email confirmations)
  • Maybe a nice management interface

All that was implemented with my modified restful_auth, but as I keep
moaning, it took far too long to redo for each app.

Any tips greatly appreciated.

~Matt


#2

Check Authlogic (http://www.binarylogic.com). But I advise you to
take a very good look at the code and docs because it makes a lot
of trade-offs in order to make it a “plug-and-play” gem instead of
a generator.