Forum: Ruby on Rails newbie q: acts as authenticated or login engine?

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
26ca684555abbdb44f01bd1e165e649b?d=identicon&s=25 Vince W. (vince)
on 2006-04-15 20:36
I'm trying to create a basic web page where people can register.  Before
they are approved they are emailed a link where that they must click in
order to verify their info is correct (or at least their email).

Should I use acts as authenticated or the login engine for this?

http://technoweenie.stikipad.com/plugins/show/Acts...
http://rails-engines.org/login_engine

TIA
25e11a00a89683f7e01e425a1a6e305c?d=identicon&s=25 Wilson Bilkovich (Guest)
on 2006-04-15 20:45
(Received via mailing list)
On 4/15/06, Vince W. <vince71@gmail.com> wrote:
> I'm trying to create a basic web page where people can register.  Before
> they are approved they are emailed a link where that they must click in
> order to verify their info is correct (or at least their email).
>
> Should I use acts as authenticated or the login engine for this?
>
> http://technoweenie.stikipad.com/plugins/show/Acts...
> http://rails-engines.org/login_engine
>

I highly recommend writing your own.  It's much easier than you might
think, and it will then work exactly the way you want.
If you have the 'Rails Recipes' book, there are some helpful pointers
in there about doing this.
If you absolutely had to use one of the two libraries you mentioned,
I'd recommend acts_as_authenticated.
26ca684555abbdb44f01bd1e165e649b?d=identicon&s=25 Vince W. (vince)
on 2006-04-15 21:13
Wilson Bilkovich wrote:

> I highly recommend writing your own.  It's much easier than you might
> think, and it will then work exactly the way you want.
> If you have the 'Rails Recipes' book, there are some helpful pointers
> in there about doing this.
> If you absolutely had to use one of the two libraries you mentioned,
> I'd recommend acts_as_authenticated.

I'm a total newbie to programming and ruby.. nothing is easier than I
might think. :o)

Is there a particular reason why you feel it would be better to write my
own? It's intimidating just to think about it.  Does the rails recipe
book you mention have a pretty straight forward walkthrough or does it
specifically address this problem?  I'm terrible at learning things
quickly.. It usually takes months for me to figure out how things all
work together..
05d703f649ef1d07e78d7b479fb4c4ac?d=identicon&s=25 James Adam (Guest)
on 2006-04-15 21:35
(Received via mailing list)
If you're a newbie to programming, you might want to start by grabbing
the agile book and working through the examples there. The issue with
pulling someone else's code of the net is that to use it, it doesn't
require you to understand it. And then the temptation is to never try
and understand it.

Best to work from the ground up with these things when you're starting
out. The Agile & Recipes books should be able to walk you through step
by step, and that way you'll learn the *purpose* of every line of
code, even if that's not an initially deep understanding.

Best of luck!

- james

On 4/15/06, Vince W. <vince71@gmail.com> wrote:
> might think. :o)
> _______________________________________________
> Rails mailing list
> Rails@lists.rubyonrails.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>


--
* J *
  ~
25e11a00a89683f7e01e425a1a6e305c?d=identicon&s=25 Wilson Bilkovich (Guest)
on 2006-04-15 22:02
(Received via mailing list)
On 4/15/06, Vince W. <vince71@gmail.com> wrote:
> might think. :o)
>
> Is there a particular reason why you feel it would be better to write my
> own? It's intimidating just to think about it.  Does the rails recipe
> book you mention have a pretty straight forward walkthrough or does it
> specifically address this problem?  I'm terrible at learning things
> quickly.. It usually takes months for me to figure out how things all
> work together..
>

I have fully-functional login systems in Rails that are fewer than 15
lines of code.  I'm sure you can learn to build one quickly.  The
easiest problems are the ones that you fully understand, and you've
probably logged into so many systems that you know it like the back of
your hand.

However, that wasn't really my point; sorry.  It's that if you
download someone's login generator/engine/plugin/thing, and you have a
problem with it.. you'll be starting from scratch, looking at code you
didn't write.

If you write your own, and have trouble, you'll at least know what the
code looks like.  It's much easier to debug your own code.

--Wilson.
26ca684555abbdb44f01bd1e165e649b?d=identicon&s=25 Vince W. (vince)
on 2006-04-15 22:31
Your opinions are fair enough and I appreciate them.  To me it's kind of
like trying to solve a math problem yourself.  You try and try but then
if you can't get it you look in the back of the book for the solution.
In doing that you learn the correct answer and a little about problem
solving too.

That's what I'd like to do.. I've been through the agile book already.
(I've extended that shopping cart application and so now I understand it
better.)  But with this login generator I'm just not sure where to
start. I've created fields in my users table but then.. well let's say I
need some hints and thought that either login or acts_as_authenticated
could be my hint book.

Does that make sense?  Otherwise I'd be really happy to give this a shot
myself if I could get a few hints (say... 15 lines of code? heh -just
kidding)

Thanks for your help
25e11a00a89683f7e01e425a1a6e305c?d=identicon&s=25 Wilson Bilkovich (Guest)
on 2006-04-15 22:58
(Received via mailing list)
On 4/15/06, Vince W. <vince71@gmail.com> wrote:
> need some hints and thought that either login or acts_as_authenticated
> could be my hint book.
>
> Does that make sense?  Otherwise I'd be really happy to give this a shot
> myself if I could get a few hints (say... 15 lines of code? heh -just
> kidding)
>
> Thanks for your help

Sorry, hopefully I'm not coming off as pedantic.  I'm just trying to
dispel some of the fear surrounding login code.

If you're open to picking up another book, the Rails Recipes book has
a complete walkthrough of building your own authentication system, and
it's written so that newcomers to Ruby should be able to follow it.

If not, then taking a look at acts_as_authenticated is a good starting
point.

--Wilson.
Cf17040cecb2618506f5ca4c14957957?d=identicon&s=25 Robert Dempsey (flatekmonkey)
on 2006-04-15 23:05
Vince,

I haven't put it into production yet but in my development environment
the SaltedHashLogin plugin worked great. Someone signs up, gets and
email, and they click the link and are verified. I will look at the code
as there was something I have to modify to get the verification part to
work. It doesn't give you role based security but you can see if someone
is logged in or not. Hope this helps.

- Robert Dempsey

http://wiki.rubyonrails.com/rails/pages/SaltedHash...
26ca684555abbdb44f01bd1e165e649b?d=identicon&s=25 Vince W. (vince)
on 2006-04-15 23:05
Wilson Bilkovich wrote:

> Sorry, hopefully I'm not coming off as pedantic.  I'm just trying to
> dispel some of the fear surrounding login code.
>
> If you're open to picking up another book, the Rails Recipes book has
> a complete walkthrough of building your own authentication system, and
> it's written so that newcomers to Ruby should be able to follow it.

No need to apologize -- I absolutely appreciate your input.  I found the
rails book and will download the pdf and see how it goes.

If I run into trouble after that I'll let you know. :o)

cheers,
Vince
37c332966b49eeb1d54eeefd3bc5ce97?d=identicon&s=25 David Corbin (Guest)
on 2006-04-15 23:31
(Received via mailing list)
On Saturday 15 April 2006 04:57 pm, Wilson Bilkovich wrote:
> Sorry, hopefully I'm not coming off as pedantic.  I'm just trying to
> dispel some of the fear surrounding login code.

Don't do that. Above all, people should fear (OK, not fear, have a
healthy
respect) for the compexity in writing a secure
authentication/authorization
system.  Is NOT simple and straightforward, and it's made even worse in
a web
environment.

It still amazes me some of the security holes people will introduce.

David
This topic is locked and can not be replied to.