#9 new

forgot password?

Reported by Danimal | August 22nd, 2008 @ 01:03 AM

I noticed that RA doesn't include hooks for reset password or forgot password.

It seems that it could handle it almost the same as activation but without a state.

I've actually coded up a working example for myself that seems to get the job done. It's mostly just an extension of the StatefulRolesInstanceMethods in aasm_roles.rb

Then, I can hook into it on the user observer, ala:

UserMailer.deliver_reset_password(user) if user.recently_reset_password?

Comments and changes to this ticket

  • mrflip

    mrflip August 22nd, 2008 @ 01:54 AM

    • Tag changed from feature, request to feature, request, vote

    The short answer is:

    On the one hand, we'd all benefit -- new users esp. -- from having a turnkey solution, and so it would be nice if authenticate_by_password showed up with password recovery, password changing, and more complete views.

    On the other hand, the amount of generated code and creeping featurism is becoming a problem, and (whether it's this plugin or another) we need to have one slim, slick security subsystem that is non-generated, and all these doodads built atop it. So I vote against taking any patches that add functionality until we've solved this issue.

    I haven't looked carefully at the github proj linked to in

    but if you (or some other dynamic person of destiny) are up for it, either help vet that app or create a similar sample app. At worst, we'll point to it from the restful_authentication wiki.

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

Restful Authentication Generator

This widely-used plugin provides a foundation for securely managing user
* Login / logout
* Secure password handling
* Account activation by validating email
* Account approval / disabling by admin
* Rudimentary hooks for authorization and access control.


People watching this ticket