forgot password?
Reported by Danimal | August 22nd, 2008 @ 01:03 AM
I noticed that RA doesn't include hooks for reset password or forgot password.
It seems that it could handle it almost the same as activation but without a state.
I've actually coded up a working example for myself that seems to get the job done. It's mostly just an extension of the StatefulRolesInstanceMethods in aasm_roles.rb
Then, I can hook into it on the user observer, ala:
UserMailer.deliver_reset_password(user) if user.recently_reset_password?
Comments and changes to this ticket
-
mrflip August 22nd, 2008 @ 01:54 AM
- Tag changed from feature, request to feature, request, vote
The short answer is:
On the one hand, we'd all benefit -- new users esp. -- from having a turnkey solution, and so it would be nice if authenticate_by_password showed up with password recovery, password changing, and more complete views.
On the other hand, the amount of generated code and creeping featurism is becoming a problem, and (whether it's this plugin or another) we need to have one slim, slick security subsystem that is non-generated, and all these doodads built atop it. So I vote against taking any patches that add functionality until we've solved this issue.
I haven't looked carefully at the github proj linked to in
but if you (or some other dynamic person of destiny) are up for it, either help vet that app or create a similar sample app. At worst, we'll point to it from the restful_authentication wiki.
Please Sign in or create a free account to add a new ticket.
With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป
Restful Authentication Generator
This widely-used plugin provides a foundation for securely managing user
authentication:
* Login / logout
* Secure password handling
* Account activation by validating email
* Account approval / disabling by admin
* Rudimentary hooks for authorization and access control.
http://github.com/technoweenie/restful-authentication/tree