On Wed, Oct 29, 2008 at 5:28 AM, Yehuda Katz <[EMAIL PROTECTED]> wrote:
> After just a few minutes looking through, it looks like the salted user > gets added in merb/merb-auth/setup.rb in the generated app. You can just > comment out lines 17 and 18 to remove the functionality (it's not actually > in the slice or merb-auth at all). > All you need to do is implement an authenticate method on your user_class > (which is defined via Merb::Authentication.user_class = Whatever, defaults > to User in setup.rb) and the slice will do all the work for you. > > How's that for some granular opt-out :P > > -- Yehuda > Hi Jon, There are very little assumptions made about your user model in the slice at all. You can tell the slice to completely not even load any Authentication strategies at all and completely define your own. Effectively the slice only implements a login and logout action for you. When you want to customize the login form. Put it at app/views/exceptions/unauthenticated.html.erb Whenever you fail to login, and Unauthenticated exception is raised this mehtod is called, and it's template rendered. Just replace it. It's not actually part of the slice, the slice just happens to provide a default one. As Yehuda pointed out the configuration for your application happens in Merb.root/merb/merb-auth/* Where setup.rb has the configuration for which user model to use in the default strategies, session serialization, the salted user mixin. These things are included in the generated application so that you can easily see what is being done to your models and your app. What assumptions are being made and you can add, modify or remove as needed. The Strategies are listed in the strategeis.rb file of the generated app. You can see that there is an option there to tell the slice not to load it's default strategies (the only "configuration" option) and then it activates a couple of default strategies for you app that most ppl would use. Again, they're part of the generated app so that you can add, modify or comment them out. To make use of the default strategies you should have your user model provide a class level "authenticate(name, key)" style method that returns nil if not authenticated, or the user object if it does. This is _only_ a _requirement_ of the default strategies. Your own strategies need no such requiements and you're free to implement them as you wish. You don't need to use Merb::Authntication.user_class at all, and neither do you need to impose any of merb-auths "default" requirmenets on it if you choose not to. I hope this clears it up a bit. I know documentation is a bit sparce on the ground at the moment and I appologize. I'll get some up as soon as I can but it won't be for a little while yet. Please let me know if you need any more info or discussion on how to opt-out / setup merb-auth. Cheers Daniel > > > On Tue, Oct 28, 2008 at 11:10 AM, Yehuda Katz <[EMAIL PROTECTED]> wrote: > >> Absolutely, >> I think this might be mostly a doc issue, but also a limitation of the >> slice issue. I'm going to spend some time looking at it today. >> >> Incidentally, are you on AIM, GTalk, or IRC? I'd love to chat. >> >> -- Yehuda >> >> On Tue, Oct 28, 2008 at 11:07 AM, Jon Hancock <[EMAIL PROTECTED]>wrote: >> >>> >>> ok, I may be able to hack at the slice and make it more configurable. >>> I would like to avoid having a whole slew of slices to chose from. I >>> think if this is factored well with the right options, you can have >>> both "opinionated" and "fully configurable" in the same slice. >>> thanks, Jon >>> >>> On Oct 29, 1:45 am, "Ahsan Ali" <[EMAIL PROTECTED]> wrote: >>> > Right .. I believe that hassox's (merb-auth author) intention was >>> initially >>> > to provide an example implementation of -core and -more in >>> > -auth-password-slice. So ... lookup the auth-password-slice source, and >>> if >>> > you think there's a better way to do it - do it ! (and share it with us >>> :D) >>> > >>> > Regards, highandwild >>> > >>> > On Tue, Oct 28, 2008 at 9:34 PM, Jon Hancock <[EMAIL PROTECTED]> >>> wrote: >>> > >>> > > ok, I'll try this. However, with a little more refactoring, I'm >>> > > guessing the slice approach would work if you can turn off or more >>> > > fully tune the "opinionated" stuff. >>> > >>> > > thanks, Jon >>> > >>> > > On Oct 29, 1:27 am, "Ahsan Ali" <[EMAIL PROTECTED]> wrote: >>> > > > Simply, don't use merb-auth-password-slice. Refer the READMEs >>> inside >>> > > > merb-auth-core and -more directories to implement your own stuff. >>> > > -auth-more >>> > > > and -auth-password-slice are optional. >>> > >>> > > > - highandwild >>> > >>> > > > On Tue, Oct 28, 2008 at 9:13 PM, Jon Hancock < >>> [EMAIL PROTECTED]> >>> > > wrote: >>> > >>> > > > > I have studied the latest 0.9.10 merb-auth, merb-auth-core, >>> merb-auth- >>> > > > > more, and merb-auth-password-slice. >>> > >>> > > > > I'm still confused as to how to get this to work for me. >>> > >>> > > > > The docs tell me that this new auth structure only authenticates >>> > > > > sessions and has not preference to how I write the auth logic. >>> > > > > However, the auth-password-slice goes forward and adds salt and >>> > > > > crypt_password fields to my User model. Its even so presumptuous >>> as >>> > > > > to see that I have datamapper running and use the dm form of >>> injecting >>> > > > > properties. I absolutely do not want this kind of magic going on >>> in >>> > > > > my app. >>> > >>> > > > > So the first question is: >>> > >>> > > > > 1 - How do I get the slice to keep its hands off my User model? >>> What >>> > > > > I want is a simple list of methods that my User should implement >>> and I >>> > > > > will implement those. The docs indicate that this is what I >>> should be >>> > > > > able to do, but the real world default behavior is different. >>> > >>> > > > > 2 - How do I tell this auth framework which erb file I want to >>> use for >>> > > > > my login form? The slice has its own forms. I do not want to >>> pass >>> > > > > lots of config directives to get the form to look almost correct. >>> I >>> > > > > want to completely replace the form and I want to do so without >>> > > > > monkeypatching the slice. How do I do this? >>> > >>> > > > > thanks, Jon >>> >>> >> >> >> -- >> Yehuda Katz >> Developer | Engine Yard >> (ph) 718.877.1325 >> > > > > -- > Yehuda Katz > Developer | Engine Yard > (ph) 718.877.1325 > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "merb" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/merb?hl=en -~----------~----~----~----~------~----~------~--~---
