So I’m working on my differently-opinionated version of LoginEngine, and
I’ve come across something I don’t quite get.
LoginEngine declares two public class methods (authenticate and
authenticate_by_token) on module ClassMethods, which then get mixed into
class User via AuthenticatedUser. However, the protected methods that
they
rely - ahshed and salted_password - on aren’t similarly brought into
User;
they’re kept in AuthenticatedUser, and called explicitly.
Is there any reason they shouldn’t be mixed into User like the public
ClassMethods are? Was it just an implementation choice? I haven’t
played
much with access control in Ruby, so maybe there’s something I’m
missing.
Jay L.