I figured I would post an update keeping everyone in the loop. I created a new branch for authlogic locally and I’ve been making some changes mentioned in this post. Some of the changes I’m making are still somewhat experimental and I’m playing around with the code to see if I like the end result. Figuring out a way to make this ORM agnostic has proven difficult, simply because there is no standard. They all follow a similar pattern, but the method naming conventions and some of the feature implementations are vastly different. I’m also not sure you could even set a standard. Regardless, I do think this is an important feature since there is a lot of movement around alternative storage solutions such as MongoDB, CouchDB, etc.
Splitting out some of the authentication code into “authenticators” has worked out great so far. More importantly, its more or less a blueprint for people to extend Authlogic and provide alternate authentication solutions (openid, facebook connect, oauth, etc.).
The last major change I’ve been making is removing validations in the acts_as_authentic module. Validations add some clutter to authlogic, some might say its a necessary clutter, but I’m leaning towards leaving it out. Validation is such an easy thing to do. ActiveRecord provides very simple methods for doing this, I also feel like its gets in the way for certain edge cases. Authlogic will still provide some nice methods to make your life easier, like validating the format of an email address, the main difference being that you have to explicitly implement this validation. No validations will be automatically added. Lastly, this makes ORM abstraction a little easier.
So that’s that. I’ll keep you updated when I start to push out some code and what not. I’m probably going to label this release as v3, because of the validation changes and some of the other major changes that might break backwards compatibility.
So I’ve been thinking about Authlogic lately and here are a few ideas I’ve been bouncing around:
The worst part about this idea are the views. Interfaces can be quite a bit different from application to application. How do I provide views that are suitable for every project? In my opinion you can’t. I could give you a million partials, tons of configuration, a lot of helpers, etc. This might add some flexibility, but this seems like a hack. It’s not a clean solution. This is the one thing that I just don’t like about rails engines. I prefer tools that help me create my views. Give me a set of tools so I can go easily create my interface, but don’t go create my interface for me. And I think rails does a pretty good job of this with things like form_for, etc.
The bottom line is that I want to keep Authlogic focused on the business logic behind authentication. You should be able to use Authlogic in a rails app, merb app, sinatra app, etc. All of the interface cruft should probably be in a separate gem or in a template. The thing is, this gem could be written a million different ways depending on your preferences. Maybe I can create a base rails engine that people can fork and modify to their liking. That’s the beauty of git.
To conclude, #1 is probably going to happen, I want to do #2 if I can figure out a good way to do this, #3 is still up in the air and more likely to be in a separate gem / plugin.
That’s it for now, I figured I would try to keep everyone in the loop. Maybe you can help me out or have some ideas of your own.
Lately I’ve been getting a lot of pressure to add a generator to Authlogic. One of the big things I “tout” about Authlogic is the fact that is does not need generators, not anymore than any other RESTful controller you create. Authlogic can pull this off because it’s intuitive, it works just like every other model you have in your application. Unless you want to customize how it works, there’s no learning curve. If you know how to set up a RESTful controller for an ORM model, then you know how to set up a RESTful controller for an Authlogic model.
I’ve been getting a lot of emails asking the best way to migrate from restful_authentication. Where it gets complicated is in the password encryption methods. Authlogic and restful_authentication use different methods. You don’t want to change this method because it will break backwards compatibility with your current passwords, meaning no one will be able to log into their account. Fear not, because I did all of the hard work for you…
I released Authlogic 1.3.3 which has some handy options for migrating passwords to a new and improved algorithm. Without Authlogic this is somewhat of a pain in the ass, because there has to be a transition period in which your users can upgrade their passwords. You can’t just upgrade the algorithm because then no one will be able to log in. Authlogic solves this problem and makes it dead simple:
Today is Saturday, which is “fun day”, and there is nothing more fun that talking about encryption algorithms. So let’s get started…
Part of Authlogic’s responsibility to is to keep you on the cutting edge when it comes to security. Afterall, that is part of the reason you use Authlogic, so you don”t have to deal with it. Your app can use the latest and great security techniques just by updating the Authlogic gem.
Please note this tutorial is outdated and has been deleted, please see the official Authlogic OpenID addon, which makes OpenID integration extrmely easy. The content that used to be in this tutorial was for Authlogic 1.x and will not work properly with Authlogic 2.x.
I’ve been getting emails asking me how to reset passwords with Authlogic, or how to confirm accounts. In this tutorial I’ll cover resetting passwords, since it is more complex, but after reading this tutorial there is no reason why you couldn’t set up account confirmation as well. In fact, my next tutorial will cover just that.
You are going to read a tutorial on how to reset passwords the RESTful way. I am going to pick up where I left off on the Authlogic basic setup tutorial, so if you have not read that I highly recommend doing so.
Want to see it in action before you start? Check it out for yourself:
Before we begin, let me walk you through the basic process of resetting a password as I see it:
Rails doesn’t have to hog all of the Authlogic love, it’s time to start sharing. So I decided to send a little love to the merb peeps and add in a merb adapter. Just install the Authlogic gem and include it as a dependency and you are good to go. Authentication in your app is as easy as setting up a resource for a model.
I think this is just the beginning though, here are my thoughts….
Please note this tutorial has been moved to the README in the authlogic_example respository. This tutorial is stored with the example app incase you are more of a hands on learner, you can play around with the resulting code.