Newbie q: acts as authenticated or login engine?


#1

I’m trying to create a basic web page where people can register. Before
they are approved they are emailed a link where that they must click in
order to verify their info is correct (or at least their email).

Should I use acts as authenticated or the login engine for this?

http://technoweenie.stikipad.com/plugins/show/Acts+as+Authenticated
http://rails-engines.org/login_engine

TIA


#2

On 4/15/06, Vince W. removed_email_address@domain.invalid wrote:

I’m trying to create a basic web page where people can register. Before
they are approved they are emailed a link where that they must click in
order to verify their info is correct (or at least their email).

Should I use acts as authenticated or the login engine for this?

http://technoweenie.stikipad.com/plugins/show/Acts+as+Authenticated
http://rails-engines.org/login_engine

I highly recommend writing your own. It’s much easier than you might
think, and it will then work exactly the way you want.
If you have the ‘Rails Recipes’ book, there are some helpful pointers
in there about doing this.
If you absolutely had to use one of the two libraries you mentioned,
I’d recommend acts_as_authenticated.


#3

Wilson B. wrote:

I highly recommend writing your own. It’s much easier than you might
think, and it will then work exactly the way you want.
If you have the ‘Rails Recipes’ book, there are some helpful pointers
in there about doing this.
If you absolutely had to use one of the two libraries you mentioned,
I’d recommend acts_as_authenticated.

I’m a total newbie to programming and ruby… nothing is easier than I
might think. :o)

Is there a particular reason why you feel it would be better to write my
own? It’s intimidating just to think about it. Does the rails recipe
book you mention have a pretty straight forward walkthrough or does it
specifically address this problem? I’m terrible at learning things
quickly… It usually takes months for me to figure out how things all
work together…


#4

If you’re a newbie to programming, you might want to start by grabbing
the agile book and working through the examples there. The issue with
pulling someone else’s code of the net is that to use it, it doesn’t
require you to understand it. And then the temptation is to never try
and understand it.

Best to work from the ground up with these things when you’re starting
out. The Agile & Recipes books should be able to walk you through step
by step, and that way you’ll learn the purpose of every line of
code, even if that’s not an initially deep understanding.

Best of luck!

  • james

On 4/15/06, Vince W. removed_email_address@domain.invalid wrote:

might think. :o)


Rails mailing list
removed_email_address@domain.invalid
http://lists.rubyonrails.org/mailman/listinfo/rails

  • J *
    ~

#5

On 4/15/06, Vince W. removed_email_address@domain.invalid wrote:

might think. :o)

Is there a particular reason why you feel it would be better to write my
own? It’s intimidating just to think about it. Does the rails recipe
book you mention have a pretty straight forward walkthrough or does it
specifically address this problem? I’m terrible at learning things
quickly… It usually takes months for me to figure out how things all
work together…

I have fully-functional login systems in Rails that are fewer than 15
lines of code. I’m sure you can learn to build one quickly. The
easiest problems are the ones that you fully understand, and you’ve
probably logged into so many systems that you know it like the back of
your hand.

However, that wasn’t really my point; sorry. It’s that if you
download someone’s login generator/engine/plugin/thing, and you have a
problem with it… you’ll be starting from scratch, looking at code you
didn’t write.

If you write your own, and have trouble, you’ll at least know what the
code looks like. It’s much easier to debug your own code.

–Wilson.


#6

On 4/15/06, Vince W. removed_email_address@domain.invalid wrote:

need some hints and thought that either login or acts_as_authenticated
could be my hint book.

Does that make sense? Otherwise I’d be really happy to give this a shot
myself if I could get a few hints (say… 15 lines of code? heh -just
kidding)

Thanks for your help

Sorry, hopefully I’m not coming off as pedantic. I’m just trying to
dispel some of the fear surrounding login code.

If you’re open to picking up another book, the Rails Recipes book has
a complete walkthrough of building your own authentication system, and
it’s written so that newcomers to Ruby should be able to follow it.

If not, then taking a look at acts_as_authenticated is a good starting
point.

–Wilson.


#7

Vince,

I haven’t put it into production yet but in my development environment
the SaltedHashLogin plugin worked great. Someone signs up, gets and
email, and they click the link and are verified. I will look at the code
as there was something I have to modify to get the verification part to
work. It doesn’t give you role based security but you can see if someone
is logged in or not. Hope this helps.

  • Robert D.

http://wiki.rubyonrails.com/rails/pages/SaltedHashLoginGenerator


#8

Wilson B. wrote:

Sorry, hopefully I’m not coming off as pedantic. I’m just trying to
dispel some of the fear surrounding login code.

If you’re open to picking up another book, the Rails Recipes book has
a complete walkthrough of building your own authentication system, and
it’s written so that newcomers to Ruby should be able to follow it.

No need to apologize – I absolutely appreciate your input. I found the
rails book and will download the pdf and see how it goes.

If I run into trouble after that I’ll let you know. :o)

cheers,
Vince


#9

Your opinions are fair enough and I appreciate them. To me it’s kind of
like trying to solve a math problem yourself. You try and try but then
if you can’t get it you look in the back of the book for the solution.
In doing that you learn the correct answer and a little about problem
solving too.

That’s what I’d like to do… I’ve been through the agile book already.
(I’ve extended that shopping cart application and so now I understand it
better.) But with this login generator I’m just not sure where to
start. I’ve created fields in my users table but then… well let’s say I
need some hints and thought that either login or acts_as_authenticated
could be my hint book.

Does that make sense? Otherwise I’d be really happy to give this a shot
myself if I could get a few hints (say… 15 lines of code? heh -just
kidding)

Thanks for your help


#10

On Saturday 15 April 2006 04:57 pm, Wilson B. wrote:

Sorry, hopefully I’m not coming off as pedantic. I’m just trying to
dispel some of the fear surrounding login code.

Don’t do that. Above all, people should fear (OK, not fear, have a
healthy
respect) for the compexity in writing a secure
authentication/authorization
system. Is NOT simple and straightforward, and it’s made even worse in
a web
environment.

It still amazes me some of the security holes people will introduce.

David