search

drhenner / ror_ecommerce

Ruby on Rails Ecommerce platform, perfect for your small business solution.
www.ror-e.com
MIT License
1.21k stars 409 forks source link

Move to Devise for authentication? #56

Closed deanpcmad closed 11 years ago

deanpcmad commented 12 years ago

I feel Devise would be a much better way of authenticating users. What are your thoughts? Also are user roles required? Maybe have a separate admin user model for authenticating admins into the admin backend and then the user model for normal users. What do you guys think?

My main reason for either moving to Devise or custom authentication, is because I've noticed that some of the code for authenticating users is quite large, especially in the application controller:

###  Authlogic helper methods
def current_user_session
  return @current_user_session if defined?(@current_user_session)
  @current_user_session = UserSession.find
end

def current_user
  return @current_user if defined?(@current_user)
  @current_user = current_user_session && current_user_session.record
end

def current_user_id
  return @current_user_id if defined?(@current_user_id)
  @current_user_id = current_user_session && current_user_session.record && current_user_session.record.id
end
deanpcmad commented 12 years ago

If I have to go ahead to move over to Devise or a custom solution, I'll get cracking straight away. I'm trying to move over to using FactoryGirl more in testing too.

I've noticed that there is an Account model but I don't think this is required for this application because there are no paid accounts?

drhenner commented 12 years ago

I'd say no matter what you choose (device, authlogic, sorcery) some people will like it and other's won't. I personally was frustrated with device but I started looking at it when was first released. It might be time to take a peak again.

deanpcmad commented 12 years ago

Sure, well I suppose that's like anything really. I think that moving over to Devise would be a good idea and it would make the code alot cleaner too for authentication as it seems to be a bit too much at the moment :) When would you like the new admin to go live? Have you had a look through at all?

drhenner commented 11 years ago

I'll add this to the wish list but I actually prefer to remove external dependancies not add them... I'm more of the liking to create our own authentication more then adding devise which IMO has been gaining a lot of bloat.

deanpcmad commented 11 years ago

Sure custom authentication sounds good to me. Also I see you're having a cleanup of the issues. Hope you had a good Christmas and happy new year! :)