> over complicate the user authentication, registration, lost password experience
As a SWE and infosec guy, please don’t just roll this stuff yourself. Maybe Devise is more complicated than it needs to be, but a lot of this stuff is far more subtle than people realize and trivially easy to get catastrophically wrong.
I’m absolutely certain a lot of the parts you think are unnecessarily complex are the result of having gotten it wrong before. How do I know? Because I’ve personally submitted vulnerabilities to Devise (specifically the lost password flow) that ended up getting a redesign to fix the vuln.
So even if you don’t use Devise, please use some other project which has already suffered through iterating over vulns so you don’t have to.
As a SWE and infosec guy, please don’t just roll this stuff yourself. Maybe Devise is more complicated than it needs to be, but a lot of this stuff is far more subtle than people realize and trivially easy to get catastrophically wrong.
I’m absolutely certain a lot of the parts you think are unnecessarily complex are the result of having gotten it wrong before. How do I know? Because I’ve personally submitted vulnerabilities to Devise (specifically the lost password flow) that ended up getting a redesign to fix the vuln.
So even if you don’t use Devise, please use some other project which has already suffered through iterating over vulns so you don’t have to.