Forum: Rails Engines development SignToken

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
800d1b1a837e996f233d209ba650315f?d=identicon&s=25 nelson (Guest)
on 2006-03-06 21:12
(Received via mailing list)
hi,
I'm working in extending the login engine to use a signed token to login
in addition to user and password.
The idea is that a random token is presented, the user click the 'sign &
login' button, choose the
certificate to use (X509 Certificate), sign the token and present it to
the login engine, validate it and if all is ok, you are logged in....
At this time a proof concept is working with Firefox 1.5 and the changes
in the LoginEngine are little and integrate very well.
I have two questions about the LoginEngine at this time:
1- LoginEngine don''t have a :login_page config like UserEngine to
change the default page, but UserEngine don't have a ui to login, that
LoginEngine have.... why this option is in UserEngine and not in
LoginEngine ??
2- I need a couple support functions (generate random tokens, signature
validation, etc), where is the best place to put then ?

TIA
--
:: Nelson ::
05d703f649ef1d07e78d7b479fb4c4ac?d=identicon&s=25 James Adam (Guest)
on 2006-03-23 02:30
(Received via mailing list)
On 3/6/06, nelson <nelson@netflux.com.ar> wrote:
> I have two questions about the LoginEngine at this time:
> 1- LoginEngine don''t have a :login_page config like UserEngine to
> change the default page, but UserEngine don't have a ui to login, that
> LoginEngine have.... why this option is in UserEngine and not in
> LoginEngine ??

The LoginEngine represents the minimum amount of work to transform the
SHLG into an engine, and as such leaves something to be desired in
terms of it's design. The UserEngine in particular *needs* to know
where the login page is because it has a more sophisticated 'nu-uh you
can't do that unless you're logged in' mechanism, but also because it
was developed with a bit more freedom than the LoginEngine.

The short answer is that there is *no* good reason for this, and
future versions may correct this.

> 2- I need a couple support functions (generate random tokens, signature
> validation, etc), where is the best place to put then ?

Probably in the AuthenticatedSystem module...

- james

--
* J *
  ~
This topic is locked and can not be replied to.