login_engine is good. But there are two things about that I "dislike". I've been thinking of develop a patch for them, but I'd like some sense that the patch goals are agreed with, and thus making it likely to be accepted?
1) Sending out the password in email is just plain bad. I know I can probably replace the view, but I'd rather see it as an configuration option. 2) When a password is forgotten, a secondary authentication token is email to the user. As near as I can tell, that authentication token does general authentication, until it expires. I much prefer a model where that token is necessary to change the password, and that's all it is good for. And when the password is changed the token is invalidated. Should I make patch, or just fork it? David _______________________________________________ engine-users mailing list [email protected] http://lists.rails-engines.org/listinfo.cgi/engine-users-rails-engines.org
