It was also a complex enough problem that it seemed a good way to learn Rails. Because it was my first Rails project I was as yet unfamiliar with many Rails idioms and practices. I reinvented a few wheels that really should have been patterns.
I am now going back and spending time cleaning up the code base and extending it to allow more than just the original group to use it, since several people have expressed interest in it.
One of the wheels I invented was authentication. Since a wider audience needs a much more robust authentication (and authorization, but that's a separate issue) system, now is a good time to rip out my simple implementation and use one of the off-the-shelf solutions with far more features, and far fewer bugs.
And here's the rub. By far, the most popular solution, acts-as-authenticated (and its REST-ful progeny: restful-authentication) are primarily code generators. The expectation is that you'll use them in a new project to generate the models, views & controllers that make up your authentication system. This has presented two problems, one practical, and one philosophical.
The practical: since my system already has all of these things, I tried to carefully shoehorn the generated code into my existing framework. It was a mess, I felt I'd painted myself into a corner, and the project stagnated.
The philosophical: while I was despairing and frustrated over the shoehorning, I began to wonder: why is the Rails community as a whole, which has “DRY” (“Don’t Repeat Yourself”) as a mantra so enamored with code generation? Even if it's not you writing the code, it is still repetition that makes the project harder to maintain, makes it harder to incorporate fixes and features from later version of the tool, and seems to fly in the face of not only DRY but good object-oriented design as well.
I set the project aside. In returning to it (now that I need to amuse myself on the train again occasionally.) I decided to once again look for alternatives.
I have stumbled upon Authlogic, a plugin that seems to be written by someone who shares my misgivings. It's also extremely well documented, highly configurable, and has a complete API for extension.
Fair warning: I haven't actually started moving my project to Authlogic, and I may yet find some fatal flaw. But I'm very much looking forward to trying it out, and if I do happen to find a flaw, perhaps I can patch it, and everyone using it can benefit immediately, not on their next project!
ETA: I just sent the author some fan mail, because it makes me that happy!