Sentry is no longer being supported/maintained, and I think it would be best to move away from it. We need to rid ourselves of the multiple DB libraries and this move will allow that. My suggestion is to move to something like: https://github.com/jasongrimes/silex-simpleuser

I would love to hear some feedback on this topic.

I'd like to add a thought that if we do work on auth, we set it up such that whatever library we use becomes an authentication provider / backend so as to not couple with the rest of the system.

This would open the door for other authentication providers that might be useful if/when we build an API for OpenCFP.

I can't comment on the package above but as long as we decouple auth provider from the rest, I think it's a good idea. This was work I had in mind regardless of whether we used sentry or not.

It'd be nice to get out of storing passwords, in general. But that's a more drastic suggestion.

Oh, this change would require existing installs to force a password reset for all accounts. This probably is not a big deal considering the domain.

@mdwheele We could create a check to see if the password needs to be rehashed: http://php.net/manual/en/function.password-needs-rehash.php

Definitely! I didn't know if both libraries were using the same hashing algorithms. I probably should read through te suggested package before claiming things that "have to be done" 😄

Okay, I'm taking this over and making all the necessary changes to support it.

Cartalyst released Sentinel as FOSS as well since we started this. It's basically Sentry, but supported. May be worth consideration if you hit friction implementing silex security.

Forgot link https://github.com/cartalyst/sentinel

Closing because I feel a better upgrade path is to move to Sentinel