Establishing good module practices and examples

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Establishing good module practices and examples

EvanDotPro
Hi all,

I spent some time brainstorming on how a moderately complex
application could be broken up into into discrete ZF2 modules and came
up with this (the example is an eventual ZF2 e-commerce platform):

https://github.com/speckcommerce/speck/wiki/Module-Separation-Strategy

I also took some time to write down my plans for the EdpUser module:

https://github.com/EvanDotPro/EdpUser/wiki/EdpUser-Concepts

I'd be interested to get feedback from the community on my general
direction I'm trying to go with modules in real-world scenarios. Also
if anyone has any cool ideas for making the authentication layer in
EdpUser more dynamic to allow for some of the things in that wiki
page, I'd be all ears.

What I'd like to accomplish is to set a high bar for a few quality
modules built with input from the community, and use the experience as
an opportunity to start putting together some best practices based on
actual experience. Basically I'm just looking for generic feedback and
ideas from the community, as I think the above ideas are a pretty
clear illustration of what my vision is on how the module system would
ideally be leveraged.

---
Evan Coury
http://blog.evan.pro/

--
List: [hidden email]
Info: http://framework.zend.com/archives
Unsubscribe: [hidden email]


Reply | Threaded
Open this post in threaded view
|

Re: Establishing good module practices and examples

Wil Moore III
Evan,

I like where this is headed. I've got some initial thoughts written below:

EdpUser *must* provide...such as forgot password, etc) out of the box.


As for things like "forgot password", this is where I would expect extreme
extensibility as this is an area that differs greatly between applications.
Also, I wonder how much of this should be handled by the user module itself
vs. a service...then again, you are probably thinking to bundle related
services with the module. If that is your thinking, I'd certainly be happy
with that.


> Authentication


Are you thinking of using and extending Zend\Authentication (or whatever it
will be named going forward)  and integrating it into EdpUser? Just
wondering if EdpUser will be providing all of this or if it will be using
something that is extracted which could be used even outside of EdpUser.


Overall, I love this concept. I'm looking forward to seeing this in action
(in my own apps going forward). I'd also love to see something that works
well in a _semi_ stateless arena. In other words, authenticating REST
clients.


What I'd like to accomplish is to set a high bar for a few quality modules
> built with input from the community, and use the experience as an
> opportunity to start putting together some best practices based on
> actual experience.


This is awesome.
--
Wil Moore III

Best Practices for Working with Open-Source Developers
http://www.faqs.org/docs/artu/ch19s02.html

Why is Bottom-posting better than Top-posting:
http://www.caliburn.nl/topposting.html

DO NOT TOP-POST and DO trim your replies:
http://linux.sgms-centre.com/misc/netiquette.php#toppost
Reply | Threaded
Open this post in threaded view
|

Re: Establishing good module practices and examples

Mike A
This post has NOT been accepted by the mailing list yet.
In reply to this post by EvanDotPro
EvanDotPro wrote
Basically I'm just looking for generic feedback and ideas from the community,
You may like to consider how the module would cope with rapid commercial growth.

For example, you begin a website in the UK but its user baser grows rapidly. An executive decision is made to split servers: one in the UK, and one in the US. Then another in China, which rapidly grows to require 10 servers there. Could EdpUser and siblings handle this scenario without referring to third-party providers or requiring multiple logins?
Reply | Threaded
Open this post in threaded view
|

Re: Establishing good module practices and examples

EvanDotPro
In reply to this post by Wil Moore III
Hey Wil,

On Mon, Dec 5, 2011 at 11:06 PM, Wil Moore III <[hidden email]> wrote:

> Evan,
>
> I like where this is headed. I've got some initial thoughts written below:
>
>> EdpUser must provide...such as forgot password, etc) out of the box.
>
>
> As for things like "forgot password", this is where I would expect extreme
> extensibility as this is an area that differs greatly between applications.
> Also, I wonder how much of this should be handled by the user module itself
> vs. a service...then again, you are probably thinking to bundle related
> services with the module. If that is your thinking, I'd certainly be happy
> with that.

Yeah, my thought was that EdpUser would bundle some related services.
You're right that stuff like forgot password will vary greatly between
apps. My ideas are (and I should/will add these to that wiki page):

A) EdpUser should out of the box provide a fairly complete user
registration/authentication experience that works for "most" common
scenarios.
B) EdpUser should be flexible enough that it can be overridden or
extended so that the cases it doesn't support out of the box can
easily be supported without the need for developing more redundant
user modules.
C) Using the provided features like forgot password would be
completely optional, and of course could easily be overridden by third
party modules or simply disabled. For example, a site that simply
performs all of its authentication via GitHub like travis-ci.org would
have no forgot password feature. However, maybe a two-factor SMS
authentication module (as descried on the wiki page) could provide a
setting to override the default 'forgot password' behavior which
e-mail a password reset link, and instead send an SMS code after
answering security questions if the user has two-factor authentication
enabled.

>>
>> Authentication
>
>
> Are you thinking of using and extending Zend\Authentication (or whatever it
> will be named going forward)  and integrating it into EdpUser? Just
> wondering if EdpUser will be providing all of this or if it will be using
> something that is extracted which could be used even outside of EdpUser.

Yeah, right now EdpUser is using Zend\Authentication. I'm thinking
that in the spirit of re-usability that I'd like to make any
authentication adapter used by EdpUser simply be a Zend\Authentication
adapter so that the adapter itself could be freely used outside of
EdpUser.


> Overall, I love this concept. I'm looking forward to seeing this in action
> (in my own apps going forward). I'd also love to see something that works
> well in a _semi_ stateless arena. In other words, authenticating REST
> clients.

Yep, I'd like this too. Generally with REST API's, I've seen this
happen via an OAuth provider which I covered in the doc. Typically the
flow is something like this: http://developer.github.com/v3/oauth/

Is that sort of like what you'd be looking for?

>> What I'd like to accomplish is to set a high bar for a few quality modules
>> built with input from the community, and use the experience as an
>> opportunity to start putting together some best practices based on
>> actual experience.
>
>
> This is awesome.

Glad I'm not the only one who thinks so. :)

--
Evan Coury

--
List: [hidden email]
Info: http://framework.zend.com/archives
Unsubscribe: [hidden email]


Reply | Threaded
Open this post in threaded view
|

Re: Establishing good module practices and examples

Wil Moore III
>
> flow is something like this: http://developer.github.com/v3/oauth/

 Is that sort of like what you'd be looking for?


This would actually work well. I agree on everything else you've mentioned.

Thanks.
--
Wil Moore III

Best Practices for Working with Open-Source Developers
http://www.faqs.org/docs/artu/ch19s02.html

Why is Bottom-posting better than Top-posting:
http://www.caliburn.nl/topposting.html

DO NOT TOP-POST and DO trim your replies:
http://linux.sgms-centre.com/misc/netiquette.php#toppost