I've got a rails app with a functioning restful_authentication system but I need to add password reset (never got around to it before...). Also I'm going to be probably adding things like invitations and some features that don't require login. And to be honest I was never completely happen with the way that restful authentication invaded my code.
If I stick with restful authentication I'll need to snarf in some unofficial forgot password code from a forum or blog, which could be a bit risky in terms of having to write my own tests etc. On the other hand, if I upgrade, that means possibly more work and exposure from switching away from what's tested and working in my app. (It might also matter that I'm planning on allowing facebook authentication in the future.)
I often have this kind of quandary with Rails apps because the ecosystem moves so fast, so I'm also interested in what people think about this problem in general. With a "legacy" rails app, do you patch & upgrade old plugins or swap them out for newer sexier ones?