Hello,
I am quite new to rails and I am implementing authlogic as authentication system in my first project.
I want to have username optional during signup, is there any configuration options to set this?
I just want to have email & password during signup…
Thanks, Madhu
Leaving aside all the Ruby, Rails, authlogic, and so forth questions... I advise you not to do this. It means you're using email addresses as the primary person-identifier (as opposed to ID in the database, which I ass-u-me will be numeric). That's perfectly fine from a technical point of view, but not for user convenience.
People often have multiple email addresses. People change email addresses, for numerous reasons. People leave sites for a long time, try to come back, and forget what email address they used when they signed up. Been there, done that, couldn't log in to get the T-shirt.
But they usually have a preferred username. (Maybe two, one for places that insist on "real" names and one for everything else. Plus maybe variations, if someone beat them to their preferred name, or some benighted site insists on very short usernames.) They may go away for a while and come back, and their "old" user ID will be obvious to them, at least after a small number of tries.
Also, before people know your site well enough to trust it, they may be reluctant to reveal an email address. They will probably not, however, have any problems telling you what username they want to use.
-Dave
I'd suggest the OP research this point, then, because my personal
opinion is diametrically (and vehemently) opposed to yours. 
In general I *despise* being asked to pick a "username". My email address uniquely identifies me, and that should be good enough. (Yes, I have more than one, but only a couple that are used for the purpose under discussion.)
YMMV!
Hassan Schroeder wrote:
Marnen Laibow-Koser wrote:
I agree with Hassan here. I actually don't *mind* being asked to pick a username, but e-mail address should be fine. On a site I don't use much, I'm less likely to forget my e-mail address than an arbitrary username.
What happens when the user doesn't remember their password?
Site designers often assumes the user has access to the email address used to setup the account. The site will then send a password reset link to that email address. Oops, now the user has a problem, since they may have no way to access a cancelled email account.
At this point the chances are probably greater that the user will abandon using your site over going though the hassle of trying to convince you that they are who they say they are. And you may have no way to prove that they are who they say they are.
Just make sure you provide alternate means of resetting passwords than simply using the email address used to sign up.
We really need to migrate away from the username/password INSANITY. Work is being done to resolve this, but we have a long way to go. OpenID, OAuth, etc. are the path forward. Let all help to get there so we can get out of this username/password hell.
Robert Walker wrote:
Marnen Laibow-Koser wrote:
I agree with Hassan here. I actually don't *mind* being asked to pick a username, but e-mail address should be fine. On a site I don't use much, I'm less likely to forget my e-mail address than an arbitrary username.
What happens when the user doesn't remember their password?
Site designers often assumes the user has access to the email address used to setup the account. The site will then send a password reset link to that email address. Oops, now the user has a problem, since they may have no way to access a cancelled email account.
That is true whether or not the e-mail address is the username. In fact, I'd argue that if you're typing your e-mail address as the username all the time, you're *more* likely to keep it current.
[...]
We really need to migrate away from the username/password INSANITY.
What insanity? What the heck is wrong with the current system, other than that it's worked for decades and can no longer be considered shiny and new? What problems are there that need fixing, in your opinion?
Work is being done to resolve this, but we have a long way to go. OpenID, OAuth, etc. are the path forward.
Not really; they solve different problems. OpenID is basically SSO, and
OAuth appears to be mainly for API authentication (and annoying
developers ). Neither provides a general solution.
Let all help to get there so we can get out of this username/password hell.
I'm not in hell. Why are you?
Best,
The fact that I have to remember 145 username/passwords is a bit of an issue. Many of the non-critical ones are the identical, but even so it seems there aught to be a better way.
Colin
Colin Law wrote:
Robert Walker wrote:
[...] We really need to migrate away from the username/password INSANITY.
What insanity? �What the heck is wrong with the current system, other than that it's worked for decades and can no longer be considered shiny and new? �What problems are there that need fixing, in your opinion?
The fact that I have to remember 145 username/passwords is a bit of an issue. Many of the non-critical ones are the identical, but even so it seems there aught to be a better way.
OK, fair enough. And that's one reason to use an e-mail address as username: you're less likely to forget it. This may also be where an SSO solution like OpenID comes in handy.
Colin
Best,
Keep up to date with Rails on Twitter and This Week in Rails
Policies: Conduct, License, Maintenance, Security, Trademarks