On Thu, Oct 30, 2008 at 4:57 AM, Jon Hancock <[EMAIL PROTECTED]> wrote:
> > Daniel, > I spent quite a bit of time today hacking through this. Your notes as > well as Yehuda's were very useful if for nothing else but to give me > the courage to hack apart many hundreds of lines of my existing code. > Its important to know that some of us have early production merb > apps. Mine is one and about half my code base contains session, auth, > flash, and other such stuff that didn't have such full solutions in > earlier merb. As a result, just dropping in merb-auth isn't so easy > as it required many changes. But so far so good. I have more testing > to do and probably a few hacks. After that I can give a meaningful > report and howto for other migrators. > > thanks again, Jon > Hey Jon, Good news. If you want to overwrite the flash behavior of the merb-auth-slice-password you should rake the stubs rake -T | grep stub (to find the actual rake task) This will put the parts of the controller into the slices/merb-auth-slice-password/app/controllers/sessions.rb file that you should overwrite. Good luck... Looking forward to seeing your report. Cheers Daniel > > > On Oct 29, 6:24 am, "Daniel N" <[EMAIL PROTECTED]> wrote: > > On Wed, Oct 29, 2008 at 5:28 AM, Yehuda Katz <[EMAIL PROTECTED]> wrote: > > > After just a few minutes looking through, it looks like the salted user > > > gets added in merb/merb-auth/setup.rb in the generated app. You can > just > > > comment out lines 17 and 18 to remove the functionality (it's not > actually > > > in the slice or merb-auth at all). > > > All you need to do is implement an authenticate method on your > user_class > > > (which is defined via Merb::Authentication.user_class = Whatever, > defaults > > > to User in setup.rb) and the slice will do all the work for you. > > > > > How's that for some granular opt-out :P > > > > > -- Yehuda > > > > Hi Jon, > > > > There are very little assumptions made about your user model in the slice > at > > all. You can tell the slice to completely not even load any > Authentication > > strategies at all and completely define your own. Effectively the slice > > only implements a login and logout action for you. When you want to > > customize the login form. Put it at > > > > app/views/exceptions/unauthenticated.html.erb > > > > Whenever you fail to login, and Unauthenticated exception is raised this > > mehtod is called, and it's template rendered. Just replace it. It's not > > actually part of the slice, the slice just happens to provide a default > one. > > > > As Yehuda pointed out the configuration for your application happens in > > > > Merb.root/merb/merb-auth/* > > > > Where setup.rb has the configuration for which user model to use in the > > default strategies, session serialization, the salted user mixin. These > > things are included in the generated application so that you can easily > see > > what is being done to your models and your app. What assumptions are > being > > made and you can add, modify or remove as needed. > > > > The Strategies are listed in the strategeis.rb file of the generated app. > > You can see that there is an option there to tell the slice not to load > it's > > default strategies (the only "configuration" option) and then it > activates a > > couple of default strategies for you app that most ppl would use. Again, > > they're part of the generated app so that you can add, modify or comment > > them out. > > > > To make use of the default strategies you should have your user model > > provide a class level "authenticate(name, key)" style method that returns > > nil if not authenticated, or the user object if it does. This is _only_ > a > > _requirement_ of the default strategies. Your own strategies need no > such > > requiements and you're free to implement them as you wish. You don't > need > > to use Merb::Authntication.user_class at all, and neither do you need to > > impose any of merb-auths "default" requirmenets on it if you choose not > to. > > > > I hope this clears it up a bit. I know documentation is a bit sparce on > the > > ground at the moment and I appologize. I'll get some up as soon as I can > > but it won't be for a little while yet. > > > > Please let me know if you need any more info or discussion on how to > opt-out > > / setup merb-auth. > > > > Cheers > > Daniel > > > > > > > > > On Tue, Oct 28, 2008 at 11:10 AM, Yehuda Katz <[EMAIL PROTECTED]> > wrote: > > > > >> Absolutely, > > >> I think this might be mostly a doc issue, but also a limitation of the > > >> slice issue. I'm going to spend some time looking at it today. > > > > >> Incidentally, are you on AIM, GTalk, or IRC? I'd love to chat. > > > > >> -- Yehuda > > > > >> On Tue, Oct 28, 2008 at 11:07 AM, Jon Hancock <[EMAIL PROTECTED] > >wrote: > > > > >>> ok, I may be able to hack at the slice and make it more configurable. > > >>> I would like to avoid having a whole slew of slices to chose from. I > > >>> think if this is factored well with the right options, you can have > > >>> both "opinionated" and "fully configurable" in the same slice. > > >>> thanks, Jon > > > > >>> On Oct 29, 1:45 am, "Ahsan Ali" <[EMAIL PROTECTED]> wrote: > > >>> > Right .. I believe that hassox's (merb-auth author) intention was > > >>> initially > > >>> > to provide an example implementation of -core and -more in > > >>> > -auth-password-slice. So ... lookup the auth-password-slice source, > and > > >>> if > > >>> > you think there's a better way to do it - do it ! (and share it > with us > > >>> :D) > > > > >>> > Regards, highandwild > > > > >>> > On Tue, Oct 28, 2008 at 9:34 PM, Jon Hancock < > [EMAIL PROTECTED]> > > >>> wrote: > > > > >>> > > ok, I'll try this. However, with a little more refactoring, I'm > > >>> > > guessing the slice approach would work if you can turn off or > more > > >>> > > fully tune the "opinionated" stuff. > > > > >>> > > thanks, Jon > > > > >>> > > On Oct 29, 1:27 am, "Ahsan Ali" <[EMAIL PROTECTED]> wrote: > > >>> > > > Simply, don't use merb-auth-password-slice. Refer the READMEs > > >>> inside > > >>> > > > merb-auth-core and -more directories to implement your own > stuff. > > >>> > > -auth-more > > >>> > > > and -auth-password-slice are optional. > > > > >>> > > > - highandwild > > > > >>> > > > On Tue, Oct 28, 2008 at 9:13 PM, Jon Hancock < > > >>> [EMAIL PROTECTED]> > > >>> > > wrote: > > > > >>> > > > > I have studied the latest 0.9.10 merb-auth, merb-auth-core, > > >>> merb-auth- > > >>> > > > > more, and merb-auth-password-slice. > > > > >>> > > > > I'm still confused as to how to get this to work for me. > > > > >>> > > > > The docs tell me that this new auth structure only > authenticates > > >>> > > > > sessions and has not preference to how I write the auth > logic. > > >>> > > > > However, the auth-password-slice goes forward and adds salt > and > > >>> > > > > crypt_password fields to my User model. Its even so > presumptuous > > >>> as > > >>> > > > > to see that I have datamapper running and use the dm form of > > >>> injecting > > >>> > > > > properties. I absolutely do not want this kind of magic > going on > > >>> in > > >>> > > > > my app. > > > > >>> > > > > So the first question is: > > > > >>> > > > > 1 - How do I get the slice to keep its hands off my User > model? > > >>> What > > >>> > > > > I want is a simple list of methods that my User should > implement > > >>> and I > > >>> > > > > will implement those. The docs indicate that this is what I > > >>> should be > > >>> > > > > able to do, but the real world default behavior is different. > > > > >>> > > > > 2 - How do I tell this auth framework which erb file I want > to > > >>> use for > > >>> > > > > my login form? The slice has its own forms. I do not want > to > > >>> pass > > >>> > > > > lots of config directives to get the form to look almost > correct. > > >>> I > > >>> > > > > want to completely replace the form and I want to do so > without > > >>> > > > > monkeypatching the slice. How do I do this? > > > > >>> > > > > thanks, Jon > > > > >> -- > > >> Yehuda Katz > > >> Developer | Engine Yard > > >> (ph) 718.877.1325 > > > > > -- > > > Yehuda Katz > > > Developer | Engine Yard > > > (ph) 718.877.1325 > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "merb" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/merb?hl=en -~----------~----~----~----~------~----~------~--~---
