Spree Commerce

Try It Now

Now Using Authlogic for Authentication

Posted on April 02, 2009 by Sean Schofield

Thanks to the industrious efforts of Dale Hofkens we are no longer using restful_authentication to handle authentication. We have now switched to the very promising authlogic gem. This gem is by the same author of search_logic and also has a very extensive README explaining how it works.

Authlogic supports a ton of nifty features, including password reset and optional email confirmation for new accounts. It also uses the much stronger SHA-512 hashing algorithm to store passwords and will work with existing restful_authentication SHA-1 passwords by upgrading these users after their first return login. It also has a cool ability to bind UserSessions to a controller so that the current_user could be retrieved outside of the typical controller/helper context that was previously required.

Be sure to run the new migrations and expect to make minor tweaks to your custom login forms, etc. The default admin user now has a login of spree@example.com (instead of the old admin.) Of course you will also need to install the auth_logic gem itself (rake gems install). This functionality will be part of the upcoming 0.8.0 release.