About "Rails Recipes", Fowler, 2006

Hi,

I’m following Chad’s Recipe 31, “Authenticating your Users”. After
getting some of it working, I noticed that he had put some of his
models and controllers under a separate Authentication directory under
the directory created originally with, say, a “rails MyApp” command.

Question: Am I likely to run into trouble if I ignore creation of an
Authentication dir. and issue a command like
ruby script/generate model User username:string password_salt:string
password_hash:string
with my working directory set to “MyApp”?

Thanks in Advance,
Richard

RichardOnRails wrote:

Hi,

I’m following Chad’s Recipe 31, “Authenticating your Users”.

Beware of following any Rails book that old.

And don’t bother writing your own authentication code. Just use
Authlogic and have done with it.

–Â
Marnen Laibow-Koser
http://www.marnen.org
removed_email_address@domain.invalid

Sent from my iPhone

RichardOnRails wrote:

Hi Marnen,
Â
Thanks for your response (especially since you posted with an
iphone :BG)
Â

Beware of following any Rails book that old.
But I should be able to adapt old stuff to run in a fairly current
Rails version (mine’s 2.3.5)

Do you really want that hassle? Â Particularly since you’re still a
relative beginner in Rails? Â I’d really advise against this – you’ll
probably get shown obsolete ways of doing things.Â

Â

And don’t bother writing your own authentication code. Â Just use Authlogic and have done with it.
I’d rather add code to my app that I can test rather than blindly add
code that hasn’t been perused as carefully as code bless by the core
Rails team.

What makes you think it hasn’t been tested? Â What makes you think the
Rails core team has a monopoly on good testing? Â In fact, Authlogic has
been well tested and is very widely used. Â If you want to check its test
suite, you are welcome to do so.Â

Don’t reinvent the wheel.Â

[…]Â

Do you care to offer me any suggestions? Â I’d be most appreciative.

Part of being a good Rails developer is knowing when to use a plugin and
save yourself some work. Â In your case, since there’s a good plugin for
the exact things you’re doing, you should absolutely use it. Â

Â
Best wishes,
Richard

Best,
–Â
Marnen Laibow-Koser
http://www.marnen.org
removed_email_address@domain.invalid

Sent from my iPhone

Richard,

Marnen is absolutely right about his suggestion.

One of the most beautiful aspects of developing in RoR is the fact that
there’s almost a plugin/gem that you can install and use very easily for
every need you may have for a webapp.
(among other features/advantages) RoR is know for the development speed
you
can achieve. Using the right plugin/gem for a specific task is one of
the
multiple factors that allows you to develop at an amazing speed.
Authlogic, in this case, is VERY well tested and uses in many sites.
I used to use RestfulAuthentication, but I switched to Authlogic since
is
much cleaner and easy to understand.

If you’re learning RoR and you want to explore possibilities, install
Authlogic and try to understand it’s inner workings.
You’ll be gaining a lot of time and also you’ll see how a very good
plugin
is developed.


Mis mejores deseos,
Best wishes,
Meilleurs vœux,

Juan P.

http://www.twitter.com/eljuanchosf

2010/7/5 Marnen Laibow-Koser removed_email_address@domain.invalid

Hi Juan & Marnen,

Marnen is absolutely right about his suggestion.

You guys may be right about the best way to add authentication to a
Rails app. But that may not be the best way for me to learn Rails
development. I’ll take a look at AuthLogic in due time. But right
now I’d like some help in fixing a routing problem, so I’m going to
post that question on a separate thread without the context of
authentication.

Thanks for your respponses.

Best wishes,
Richard

On Jul 5, 5:06 pm, Juan P. Genovese removed_email_address@domain.invalid

Hey guys,

On top of my other problems, I inadvertently clicked a link labeled
“Report as spam” to Google G… I’m going to see if there’s a way
to undo that. I apologize for that mistake.

Best wishes,
Richard

On Jul 5, 8:47 pm, RichardOnRails

RichardOnRails wrote:

Hi Juan & Marnen,

Marnen is absolutely right about his suggestion.

You guys may be right about the best way to add authentication to a
Rails app. But that may not be the best way for me to learn Rails
development.

It probably is: you can do the easy stuff yourself while learning from
plugins for the hard stuff. You can look at the plugin code, but in the
meantime you know your app works. Where’s the downside?

I’ll take a look at AuthLogic in due time. But right

now I’d like some help in fixing a routing problem, so I’m going to
post that question on a separate thread without the context of
authentication.

Thanks for your respponses.

Best wishes,
Richard

On Jul 5, 5:06�pm, Juan P. Genovese removed_email_address@domain.invalid

Hi Marnen,

Thanks for your response (especially since you posted with an
iphone :BG)

Beware of following any Rails book that old.
But I should be able to adapt old stuff to run in a fairly current
Rails version (mine’s 2.3.5)

And don’t bother writing your own authentication code. Just use Authlogic and have done with it.
I’d rather add code to my app that I can test rather than blindly add
code that hasn’t been perused as carefully as code bless by the core
Rails team.

With that said, my first problem is a link failing; I produce a Home
page that displays the following:

Receipts Tracking System
Library powered by Ruby on Rails
Please sign in here

where “here” is a link defined by:Please sign in <%= link_to
“here”, :controller=>“user”, :action=>“sign_in” -%>

I’ve got the User controller populated with:
def sign_in
end

I’ve got app\views\users\sign_in.html.erb defined with (just to see if
it’s working):
Signing in!

Instead of getting “Signing in!”, I get the error messages:
Routing Error
No route matches “/user/sign_in” with {:method=>:get}

I’ve got a route: map.resources :users

Do you care to offer me any suggestions? I’d be most appreciative.

Best wishes,
Richard

Hey Marnen,

Suppose someone posted on the Math Forum (if there is such a thing)
the question: what are the roots of the following equation:
6x^2 - 13x + 6 = 0,

I’d respond “3/2 & 2/3”, not:

  1. use the Quadratic Formula, nor
  2. factor the polynomial

After answering the question asked, I’d probably provide links to
factoring and the Quadratic Formula.

Where’s the downside?

For this app, we don’t want any plug-ins. Discussing AuthLogic is
secondary. No one seems interested in helping with the original
question. Is that because the question is unanswerable, or because
neither of you can answer it with the facts as I presented them?

As Hamlet said so eloquently, “That is the question.”

Best,.
Richard

RichardOnRails wrote:

I’m following Chad’s Recipe 31, “Authenticating your Users”. After
getting some of it working, I noticed that he had put some of his
models and controllers under a separate Authentication directory under
the directory created originally with, say, a “rails MyApp” command.

In Recipe 31? I just refreshed my memory of it. The code is split
between the model, view and controller directories with the majority
of it being in the model. I didn’t see any files located outside of
those directories and all of the directories in my copy of the book
are in the standard locations. So your statement confuses me.

Some other authentication schemes use code located in lib/somefile.rb
which I think may be what you are asking about. I wish you had said
exactly what file you were talking about because then a web search
would have helped me locate it. Those files in the lib directory are
loaded as additional library code.

Question: Am I likely to run into trouble if I ignore creation of an
Authentication dir. and issue a command like
ruby script/generate model User username:string password_salt:string
password_hash:string
with my working directory set to “MyApp”?

No. That should be okay. Your command above creates a model and that
is just standard behavior. (I am sure you are going to have other
fields too. Personally I find having a last_login_at field useful
along with an enabled boolean.)

Bob

Richard,

if you don’t want to use any plug in and you want to write all the code
for an authentication solution, but you can’t port a 2006 solution to a
2010 one, you need to get more into Rail’s inner workings and understand
deeply how Rails work. Taking a look at the question you ask at the end
of your original post, I’d say you’re in the right path.
On the other hand, you can try RestfulAuthentication, which generates a
lot of code (models, views, controllers, tests, and more) in your app
(on the contrary of Authlogic - which it doesn’t) and take a look at
that code to understand how it works.
Getting a gasp on Rails might be difficult at the beginning if you have
experience in other languages / frameworks because of how easy, well
structured and thought is, but believe me, understanding how Rails works
will save you a lot of time and work in the future.


Mis mejores deseos,
Best wishes,
Meilleurs voeux,

Juan P.

http://www.twitter.com/eljuanchosf

RichardOnRails wrote:

Hey Marnen,
Â
[irrelevant math analogy snipped]Â
Â

Where’s the downside?
Â
For this app, we don’t want any plug-ins. Â

Why on earth not? Â Do you have a reason for this, and if so, what is it?
 (I don’t think I’ve ever seen a nontrivial Rails app that didn’t have
at least one plugin or non-Rails gem dependency.)

Appropriate use of third-party libraries is an important development
skill. At some level, you know this, or you’d be writing your own Web
framework instead of using Rails. :slight_smile:

Discussing AuthLogic is
secondary.

Why, when it’s the appropriate solution in this case?

 No one seems interested in helping with the original
question. Â Is that because the question is unanswerable, or because
neither of you can answer it with the facts as I presented them?

It’s because it’s not a question you should be worrying about as a Rails
beginner. Â You should not be reinventing user authentication when there
is an excellent plugin that will do everything you’re asking for.

(In fact, the answer to your question is simple. Read the docs for the
resources method and all will become clear – sign_in is not one of the
7 default action names, and you didn’t declare it.)

Now, if you take a look at Authlogic and think you can do better, then
please do so! Â But do so in order to build a better mousetrap, not out
of “Not Invented Here” syndrome.Â

Â
As Hamlet said so eloquently, “That is the question.”

Programming is not a life-or-death matter (well, unless you’re in the
medical device industry…).Â

Â
Best,.
Richard

Best,
–Â
Marnen Laibow-Koser
http://www.marnen.org
removed_email_address@domain.invalid

Sent from my iPhone