alsmola / nopassword Goto Github PK

Tried to login from http://nopassword.alexsmolen.com/ page, got "We're sorry, but something went wrong." from http://nopassword.alexsmolen.com/send_login_email

Thanks for the work here. Excited to try it out.

Thoughts on not requiring Passw3rd? With a Heroku deploy, passwords can be managed easily through the ENV vars https://devcenter.heroku.com/articles/config-vars. On first look the only effected file would be engine.rb.

What's the difference between these fields?

• requesting_ip vs. activating_ip
• requesting_user_agent vs. activating_user_agent
• requesting_geo vs. activating_geo

I'm using nopassword as a gem, which means it's not integrated into my rails project, and I'd like to keep the two separate so that updating the gem when new pulls are made is as simple as possible. But I'd also like to edit the email that gets sent, so that I can format it to fit other emails my app sends, as well as do simple things like make the activate URL an actual hyperlink (some of the email clients I use don't automatically hyperlink it). Is there a way to supersede the template built into this engine? Or is that something that could be added?

I'm new to Ruby,
does nopassword, being a rails engine, require the use of RoR? Or can it be used independently alongside Sinatra routing?

I apologize if I'm being an obnoxious newbie over here with these potentially-misinformed Issues, but it looks like this engine uses session which, unlike cookies, I don't believe I can extend the expiration time for? I can't find anything in the source that dictates when the session expires, and it appears to be expiring – at least in IE – nightly, when the browser has been closed for the evening. Nothing in the Rails documentation for session seems to tell me how to extend, only to shorten it.

Looking at my own session data in Chrome, it looks like the cookies set (presumably by the rails session manipulation? I'm not setting any other cookies myself) expire "When the browsing session ends." I'd like to set it to essentially never expire, if it's regularly accessed.

This isn't a highly-secure system, I understand, but it's not highly-sensitive information. Is there a way to do that currently, or is that something that could be added?

The library has been deprecated/declared unsafe by the author:

https://twitter.com/alsmola/status/594932549622726656

Instead, nopassword engine users must configure their own email. For the dummy application, we'll use dotenv.

Seems that a few forks have done this. Haven't tested, but assuming the APIs this uses have been stable, would you accept a PR to relax that constraint?