I don’t understhand this thinking: “Am I the only Rails developer sick of repeating myself, cobbling together auth for each new project?”. If you’re making the same authentication code each time, why are you not just abstracting this for yourself?
What I’m saying is that what works for you won’t work for me. At 37signals, every single application has a different way of doing users and authentication. That’s not because we’re sloppy or don’t know how to abstract, but because the business objectives and mechanics of the applications differ.
So when we at 37signals can’t even find a way to abstract users and authentication for our own applications, I hold little faith in the notion of a generic model that’s supposed to be what “most people need most of the time”.
In conclusion: If you’re seeing repetition in your application, abstract. Just don’t assume that the repetition you see is a widespread syndrom.