In Devise, when confirmation instructions are resent and the email doesn't exist in the database, we get the error
Email not found
However, due to security, I want to remove this specific error.
I'm using custom controllers but the confirmation#create method is just invoking super.
Under that, I've removed the email field from the errors using
resource.errors.delete('email')
Printing out the errors (in the controller) after the fact shows nothing for email. However, when the request goes through and I print the resource.errors object in the shared errors partial, the error is still there.
Is there any way to remove this error completely? I'm assuming some other action is happening after the #create method that's injecting the error again.
Full method
def create
super
resource.errors.delete('email')
end
Confirmation of deletion:
Confirmation that error persists after redirect:
Related
I am making a rails5 blog app with devise. In the comments controller, I check if the user exists using "before_action :authenticate_user!".
So, if the user is logged in then create comment method gets executed and the server response gets send back to the client via AJAX. However, if the user is not logged in then "before_action :authenticate_user!" check creates a 401 authentication error in the response ( can be seen in the browser log).
I want to just display the flash message just above the comment box or somewhere on the page so that user knows that he/she can not enter a comment without logged in.
There are many similar questions I have found but they seem very confusing and none of the solutions worked for me. Most of them talk about the changing the devise confg (e.g. config.http_authenticatable_on_xhr = false) or override the authenticate_user method etc.
Can someone just explain is it possible to show a flash message warning to the user to login to add comment (ajax call). I don't want automatic redirect for AJAX calls.
Create a flash method then catch the unauthorized error in jQuery and show your flash message :
#flash = (content, type) ->
content = "<div class='container'><div class=\"alert alert-#{type}\">#{content}</div></div>" if type?
$('#flash').clearQueue().hide().html(content).fadeIn('slow').delay(3000).fadeOut('slow')
$(document).ajaxError (e, xhr, settings) ->
flash("Unauthorized", "danger") if xhr.status == 401
First of all: I have already tried googling this under a few terms: "remember token different from cookie rails", "current_user nil:nilClass", "remember_token not working rails", and "current_user is nil rails" (you can probably see I have two different problems here, but I think one is caused by the other). This question, this one, and this one didn't answer my problem; there are numerous others that didn't either.
When I try to register a new user, I get an error of "NoMethodError: undefined method 'name' for nil:nilClass" after it goes through. Now, the user is being created, but it isn't getting signed in. The remember_token attribute in the database is not the same as (and also is longer than) the remember_token cookie. When I attempt to log in, the flash appears with a message of 'you must log in to do that' (the message I have set for restricted access) and I get directed to the /login page again. The most recent thing I did was add a terms_of_service checkbox and a validation for it; I removed this and the problem persists.
You can see my code here.
The cookie remember token: EEBlz7wM_-9jo-YQ47D8-g
The digested cookie remember token: 7c96d144956bbbaa6294137555a709b0cfefdd1d
And finally, the remember token in the database (already digested): ddebfafb628ab141a6db84d42fb13355fad83fb1
I know this is said a lot, but I have been trying to figure this out for a few hours.
Never mind about this--got it done on my own. It turned out that I was using before_save instead of before_create with the whole :create_remember_token thing. Somehow not using update_attributes fixed it; update_attribute twice works.
I'm trying to implement the override method outlined here Devise- Override Confirmation. My version of rails is 4 and ruby is 2.0. My implementation involves multiple resources, so i'm coding this override to a specific resource, a rider.
The show action is rendering correctly, and i can enter my password. But when i submit the form i get the following error message
First argument in form cannot contain nil or be empty
I walked through the code with a debugger with watches for #confirmable and self.resource which are set in the with_unconfirmed_confirmable and do_show methods of the controller respectively, and it seems that while rendering the show template in the do_show method both #confirmable and self.resource are set to the user trying to confirm. However both are set to nil when updating the confirmation.
Since the code is rather long, i've put my controller, show template, and the devise related code in a gist.
EDIT in Response to the Comment
I am storing the confirmation token in the form as a hidden field. It's set to the correct value (when i use it to query the db i get the user i expect).
Once again walking through it with a debugger, I noticed that the value of the confirmation token seems to be regenerated to a different toke during the update action, but it's correct in the request parameters.
{"rider"=>{"confirmation_token"=>"92f786e5270e3562aa48589cc6c36e083cc7a23a41bb55f92c338f381050ec8b"}, "commit"=>"Activate", "controller"=>"riders/confirmations", "action"=>"update"}
Because of that #confirmable is being set to nil.
So now i'm wondering why
#confirmation_token = Devise.token_generator.digest(User, :confirmation_token, #original_token) generating a brand new token on update, when the value of #original_token seems to be the same (based on the watches in my debugger).
I got this working for the non-default user by setting the confirmation token in a hidden field using the hidden_field_tag instead of f.input. Doing this prevented the confirmation_token from being overwritten during the update. I've updated the gist to reflect the changes.
I want to create a PageMailer which emails users when someone interacts with one of their pages.
The User has_many pages, and so the page email is defined as user.email
I have tried attr_reader in the Page model, and also I've declared an email method, neither are currently working
I'm getting an error message which states: undefined method 'email' for <Page:0x512000d4>
Can anyone suggest a simple workaround?
thanks
Paul
send_fb_like_email(user, page)
undefined method 'email' for <Page:0x512000d4>
The error says it's trying to find the "email" of a "page".
Looks like you've accidentally switched the user and page params in one of the calls to the method. Go check all the places where you call this email method and see if you've done that.
I am using the facebooker authlogic plugin. I have it working pretty well now. However, any attempt to set the email address in User.before_connect(facebook_session) is causing a Apache to throw the following error:
Premature end of script headers: person_session, referer:
(person_session is my user_session).
Here is the code for before_connect:
def before_connect(facebook_session)
self.name = facebook_session.user.name
self.login=facebook_session.user.first_name
self.points=Person.default_points
Rails.logger.debug("*********email: "+facebook_session.user.email)
self.email=facebook_session.user.email
end
Note that the email address that is logged before the error occurs is valid.
My guess is that adding the '#' is causing it to fail. Another possibility is that it's trying to do some validation of the email address which causes the http error.
Any ideas would be appreciated.
Thanks.
Apparently you can also get the email from the facebook_session in your application. But you have to put the following in your application_controller to access the facebook_session (this was non-obvious and only discovered from another person's obscure post):
before_filter :set_facebook_session
helper_method :facebook_session