Without making a custom Sessions controller that inherits from the hidden devise controller, I want to figure out a way of adding the parameter, "g-recaptcha-response" to be included in the authenticating process from the default devise view.
Here's my view with the recaptcha figure included. When I click on it I do get a response when my app calls the SessionController#create method. I'm trying to figure out how to make this process detect that the captcha form has been clicked and authenticates the user logging in because of it.
<h2>Log in</h2>
<%= form_for(resource, as: resource_name, url: session_path(resource_name)) do |f| %>
<div class="field">
<%= f.label :email %><br />
<%= f.email_field :email, autofocus: true, autocomplete: "email" %>
</div>
<div class="field">
<%= f.label :password %><br />
<%= f.password_field :password, autocomplete: "off" %>
</div>
<% if devise_mapping.rememberable? -%>
<div class="field">
<%= f.check_box :remember_me %>
<%= f.label :remember_me %>
</div>
<% end -%>
<div class="g-recaptcha" data-sitekey="6LeeL5gUAAAAADbq0vt4d9biAs8oegkPx9ttUkKb"></div>
<div class="actions">
<%= f.submit "Log in" %>
</div>
<% end %>
<%= link_to 'Sign Up', new_user_registration_path %>
In essence, if a bot were to attempt automatically signing in repeatedly, the devise controller would see that the captcha was not clicked and stops them from trying to log in.
Related
I am using Devise for authentication, but I want to use my own form input.
I have checked that Devise's sign_in works. I was able to login with this on localhost:3000/users/sign_in :
<h2>Log in</h2>
<%= form_for(resource, as: resource_name, url: session_path(resource_name)) do |f| %>
<div class="field">
<%= f.label :email %><br />
<%= f.email_field :email, autofocus: true %>
</div>
<div class="field">
<%= f.label :password %><br />
<%= f.password_field :password, autocomplete: "off" %>
</div>
<% if devise_mapping.rememberable? -%>
<div class="field">
<%= f.check_box :remember_me %>
<%= f.label :remember_me %>
</div>
<% end -%>
<div class="actions">
<%= f.submit "Log in" %>
</div>
<% end %>
<%= render "devise/shared/links" %>
I created on index page this form, but I could not get it to work (I was not able to login with the code below):
<form class="form-inline">
<div class="form-group">
<input type="email" class="form-control" id="user_email" placeholder="email?">
</div>
<div class="form-group">
<label for="exampleInputPassword2">/</label>
<input type="text" class="form-control" id="user_password" placeholder="password?">
</div>
<button type="submit" class="btn btn-primary">Sign In</button>
</form>
I read formhelper on rubyonrails.org website and bootstrap's css page but it still did not clear up how to use bootstrap's form.
Here are some of the things I don't understand:
The following code <input type="email" class="form-control" id="user_email" placeholder="email?">, what should I put for type= and id=? How can I tell bootstrap's form to submit a post request for my session? I can somewhat read and interpret Devise' form: <%= form_for(resource, as: resource_name, url: session_path(resource_name)) do |f| %> by looking at it: resource is :user, the url is being sent to user's session. I could not find information online about bootstrap's form. How can I integrate my own custom form using bootstrap with Devise' session?
Your problem has not really something to do with Bootstrap at first. I would try to get the form working, before you add bootstrap.
The from could be created like this:
<%= form_for(:user, :url => session_path(:user)) do |f| %>
<%= f.text_field :email %>
<%= f.password_field :password %>
<%= f.check_box :remember_me %>
<%= f.label :remember_me %>
<%= f.submit 'Sign in' %>
<%= link_to "Forgot your password?", new_password_path(:user) %>
<% end %>
Now you add some bootstrap flavor to this form:
<%= form_for(:user, :url => session_path(:user)) do |f| %>
<div class="form-group">
<%= f.text_field :email, placeholder: 'example#example.com' %>
</div>
<div class="form-group">
<%= f.password_field :password %>
<%= f.check_box :remember_me %>
<%= f.label :remember_me %>
</div>
<%= f.submit 'Sign in', class: 'btn btn-primary' %>
<%# link_to "Forgot your password?", new_password_path(:user) %>
<% end %>
Most of the information I is from this page of the devise wiki.
I am sending one parameter ("designer" or "developer") to register form prepared by Devise and I want to add this parameter to devise model.
My question is if assigning parameter to hidden_field is appropriate solution.
From this view I'm redirecting to user registration form
<%= link_to "Register as Owner", new_user_registration_path(:role => 'owner') %>
<%= link_to "Register as Employee", new_user_registration_path(:role => 'employee' ) %>
User registration form
<%= form_for(resource, as: resource_name, url: registration_path(resource_name)) do |f| %>
<%= devise_error_messages! %>
<%= f.hidden_field :role, :value => params[:type]%>
<div class="field">
<%= f.label :email %><br />
<%= f.email_field :email, autofocus: true %>
</div>
<div class="field">
<%= f.label :password %>
<% if #minimum_password_length %>
<em>(<%= #minimum_password_length %> characters minimum)</em>
<% end %><br />
<%= f.password_field :password, autocomplete: "off" %>
</div>
<div class="field">
<%= f.label :password_confirmation %><br />
<%= f.password_field :password_confirmation, autocomplete: "off" %>
</div>
<div class="actions">
<%= f.submit "Sign up" %>
</div>
<% end %>
As long as the param doesn't contain sensitive information (passwords etc) as you say it doesn't, there isn't a problem with your implementation.
We're using the colorbox-rails gem to show a sign-up page to our users for our Rails 4 application. At the bottom of the popup, we have a link to that saysAlready a member? Login. The Login text redirects the user to our login page.
However, because Rails 4 is using turbolinks, the Login page's html is being loaded with AJAX in the background. This has the effect of loading the Login page behind the colorbox, while the colorbox still remains open.
Here is the html that triggers the colorbox:
<%= link_to 'Sign Up', '/blank/sign_in_helper', class: 'nav-link-box',
:id => 'sign-up-link', :data => {
:colorbox => true}
%>
And the HTML of the colorbox (sign_in_helper):
<h2>Sign Up</h2>
<%= form_for(:user, url: registration_path(:user)) do |f| %>
<div class="field">
<%= f.label :name, 'Display Name' %><br />
<%= f.text_field :name %>
</div>
<div class="field">
<%= f.label :email %><br />
<%= f.email_field :email, autofocus: true %>
</div>
<div class="field">
<%= f.label :password %>
<% if #minimum_password_length %>
<em>(<%= #minimum_password_length %> characters minimum)</em>
<% end %><br />
<%= f.password_field :password, autocomplete: "off" %>
</div>
<div class="field">
<%= f.label :password_confirmation %><br />
<%= f.password_field :password_confirmation, autocomplete: "off" %>
</div>
<div class="actions">
<%= f.submit "Sign up" %>
</div>
<p>Already a member? <%= link_to 'Login.', new_user_session_path, class: 'lightbox-close' %> </p>
<% end %>
I've tried binding a colorbox close event to the link (coffeescript), but for some reason it only works the second time the link is clicked:
$('.lightbox-close').click ->
$.colorbox.close()
Is there a way to do this while still using turbo-links? Or is the best way to disable turbo-links for that specific link?
Thanks!
If you want to disable turbolinks for a certain link add data-no-turbolinks attribute to it
<%= link_to 'Login.', new_user_session_path, class: 'lightbox-close', data: {no_turbolinks: true} %>
When using turbo links with javascript bindings it's better to execute the code that you used to on document.ready to page:load, for example (given that you're using jquery) in your application.js:
var ready;
ready = function(event) {
//code when the page is loaded
};
$(document).on('ready page:load', ready);
<%= form_for(resource, as: resource_name, url: session_path(resource_name)) do |f| %>
<% if alert %>
<p class="alert alert-danger"><%= alert %></p>
<% end %>
<div>
<%= f.email_field :email, autofocus: true, placeholder: 'Correo Electrónico' %>
</div>
<div class="m-t">
<%= f.password_field :password, autocomplete: "off", placeholder: 'Contraseña' %>
</div>
<% if devise_mapping.rememberable? -%>
<div class="m-t"><%= f.check_box :remember_me %> <%= f.label :remember_me, '¿Recordar?' %></div>
<% end -%>
<div><%= f.submit "LOG IN", class: 'custom-input-2' %></div>
<% end %>
I'm trying to make the alert show a custom message instead of the INVALID EMAIL OR PASSWORD default one.
Is there a documentation about this somewhere or can someone explain to me how this is done.
I have an application that I have been working on and have everything wired up to my liking but was wondering if this is possible:
I am displaying a users username in an edit.html.erb template. I want it to display the users username inside of the <%= f.text_field :username, :class=> "uneditable-input" %>. I am using Bootstrap and in the documentation, it states to add a class of uneditable-input, when I hove rover the username text field, it shows a little white stop sign but I am still able to click on the field and edit it. Any help?
<%= render 'shared_partials/errors', errors_object: #user %>
<div class="page-header">
<h2> Edit Your Profile<small> - <%= #user.username %></h2></small>
</div>
<div class="well">
<%= form_for #user do |f| %>
<%= f.label :username %>
<%= f.text_field :username, :class=> "uneditable-input" %>
<%= f.label :password %>
<%= f.password_field :password, :class=> "input", :placeholder=>"Password goes here" %><br/>
<%= f.submit "Update Changes", class: 'btn btn-primary' %>
<% end %>
</div>
Make the field disabled.
<%= f.text_field :username, :class=> "uneditable-input", :disabled => true %>
While submitting the form, browser will not send the value for the field username and thats correct, why it should be sent if it is un-editable.