Thanks to the industrious efforts of Dale Hofkens we are no longer using restful_authentication to handle authentication. We have now switched to the very promising authlogic gem. This gem is by the same author of search_logic and also has a very extensive README explaining how it works.
Authlogic supports a ton of nifty features, including password reset and optional email confirmation for new accounts. It also uses the much stronger SHA-512 hashing algorithm to store passwords and will work with existing restful_authentication SHA-1 passwords by upgrading these users after their first return login. It also has a cool ability to bind
UserSessions to a controller so that the current_user could be retrieved outside of the typical
helper context that was previously required.
Be sure to run the new migrations and expect to make minor tweaks to your custom login forms, etc. The default admin user now has a login of
firstname.lastname@example.org (instead of the old
admin.) Of course you will also need to install the auth_logic gem itself (
rake gems install). This functionality will be part of the upcoming 0.8.0 release.