Its actually pretty simple to implement on your own. I am not big of device. I feel it does too much magic. It should have been just a api layer and not touching views.
It's simple to write a password-based auth system. Then you must clear session appropriately.
Then you must create the login page.
Then the controller for authenticating. And then you need to ensure that the flow works with a test.
Then you need the email that actually activates the account, with the activation hash. So now you're setting up a mailer system, which Phoenix does not have by default.
Then people will want to recover passwords. So you need to write the logic for that. Oh, and the controllers and views. And routes.
And of course, you need to hash the password using some kind of encryption. Excrypt, comeonin, what have you. Choices choices choices.
You'll need a plug to act as the bouncer for your routes too, so nobody gets in where they shouldn't. So you'll have to write that.
You have to end-to-end test this, of course. And probably, if your business depends on it, get a couple other people to review the security of your system.
Simple. And takes a long time.
HTTP is pretty simple, but we use frameworks. SQL is pretty simple too, but we use Ecto now.
It's simple in its pieces, but I really don't wanna do all that work on every app. I'm lazy.
bphogan|10 years ago
Then you must create the login page.
Then the controller for authenticating. And then you need to ensure that the flow works with a test.
Then you need the email that actually activates the account, with the activation hash. So now you're setting up a mailer system, which Phoenix does not have by default.
Then people will want to recover passwords. So you need to write the logic for that. Oh, and the controllers and views. And routes.
And of course, you need to hash the password using some kind of encryption. Excrypt, comeonin, what have you. Choices choices choices.
You'll need a plug to act as the bouncer for your routes too, so nobody gets in where they shouldn't. So you'll have to write that.
You have to end-to-end test this, of course. And probably, if your business depends on it, get a couple other people to review the security of your system.
Simple. And takes a long time.
HTTP is pretty simple, but we use frameworks. SQL is pretty simple too, but we use Ecto now.
It's simple in its pieces, but I really don't wanna do all that work on every app. I'm lazy.