#7 ✓resolved
Peter Zingg

Best practice for password strategies

Reported by Peter Zingg | November 16th, 2008 @ 02:15 PM

I am using authlogic in an application (just a shell right now). A couple of things I wanted to do, but not sure I did in the most efficient way:

  1. support for multiple openID identities
  2. support for case-insensitive passwords
  3. support for different strategy for generated passwords
  4. support for lost password, etc.
  5. support for tokens shorter then 128 characters, especially when used in email activation messages

To get things working I did what I think are a couple of hacks: I had to create an empty "AuthenticatedSystem" module and had to stub out a few method in my user class to get the open_id_authentication plugin to load.

And I had a little frustration in the case-insensitive password. Ideally I would just use authlogic's configuration to override the valid_password method, but I also want to take control of the storing of the password at create time. Please see:


for my user class, with very non-DRY overrides of

User#valid_password? and

and what I did to truncate authlogic's unique_token in


The other thing I did was alias_method :make_token, :unique_token to be name-compatible with the restful_authentication stubs.

I'm sure you could add configuration options that would make this password stuff configurable, or maybe I missed a clean way of doing it with the existing configuration possibilities.

Comments and changes to this ticket

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

Object based authentication solution that handles all of the non sense for you. It's as easy as ActiveRecord is with a database.

People watching this ticket