Hello I am trying to fix up my user sign up so if a user is already registered with the site with the same email, they cannot sign up. So far this is the code in my controller I am trying to implement.
User controller
class UsersController < ApplicationController
def create
unless User.exists?(:email => params[:email])
#user = User.new(user_params)
if #user.save
#user.cart = Cart.create
#user.save
session[:user_id] = #user.id
redirect_to #user
else
render 'new'
end
end
end
I figured that in the users controller I would have an unless conditional so if a user already exists it would prevent that user from signing up and just render the new page again. However the user is still able to sign up. Any ideas on how to do this properly would really help out.
Instead of validating this in your controller, move the validation to the User model, and add this line:
validates :email, uniqueness: true
Related
I have an auth system from scratch, and when a user clicks on 'edit profile' it has to input the current password no matter the field he wants to edit.
def update
if params[:user][:password].present?
authenticated = #user.authenticate(params[:user][:current_password])
if authenticated && #user.update(user_params)
redirect_to root_url
flash[:notice] = "Your profile was successfully updated!"
else
#user.errors.add(:current_password, 'is invalid') unless authenticated
render :edit
end
elsif #user.update(user_params)
redirect_to root_url
flash[:notice] = "Your profile was successfully updated!"
else
render :edit
end
end
How can I call authenticate or use some context model validation only for the scenario when the user wants to change his password?
I wouldn't recommend mixing this logic into the model because you end up with complexity that is hard to follow as your application grows over time.
Try taking a look into form objects:
Form-backing objects for fun and profit
Railscast #416 Form Objects [paid subscription required]
I'd implement something like this:
class UserUpdateForm
include ActiveModel::Model
# Attributes
attr_accessor :user, :new_password, :new_password_confirmation
# Validations
validates :current_password, if: :new_password
validate :authenticate, if: :current_password
validates :new_password, confirmation: true, allow_blank: true
def initialize(user)
self.user = user
end
def submit(params)
self.new_password = params[:new_password]
self.new_password_confirmation = params[:new_password_confirmation]
if self.valid?
# Set other attributes as needed, then set new password below.
self.user.password = self.new_password if self.new_password.present?
self.user.save
else
false
end
end
private
def authenticate
unless self.authenticate(self.current_password)
self.errors.add(:current_password, 'is invalid')
end
end
end
Then you can call it from your controller like so:
def update
#user_update_form = UserUpdateForm.new(#user)
if #user_update_form.submit(params)
flash[:notice] = "Your profile was successfully updated!"
redirect_to root_url
else
render :edit
end
end
See the links above for how to handle the view and such. This is just to get you started.
You may create a nested if-else in this action statement that will check for existence of new_password and new_password_confirmation (or whatever the new password and confirmation fields are called) in the params[:user] object. If they are present - you may redirect to some king of page with request to enter existent password.
Another way is to use ajax to show asynchronously the dialog box with the same request (like respond_with self-invoking javascript function that handles that). Then handle submit button in of the dialog in the other action of the controller.
Update (considering use of validators):
Considering validation you may write your own validator (for password) and condition to check when the new password field come with some data from the client.
I think it could look like this:
validate :password_update?
def password_update?
if new_password.present?
if current_password !== self.password
errors.add(:current_password, "must be supplied!")
else
# update data and password
end
else
# do your regular update
end
end
So after the user signs up, i redirect them to my additional info page where i collect some more information. However, something is wrong with my design/implementation as rails is saying im missing users/create template
this is my users controller
class UsersController < ApplicationController
def show
#user = User.find(params[:id])
end
def new
#user = User.new
end
def additional_info
#user = User.new(user_addinfo)
if #user.save
redirect_to show_path
end
end
def create
#user = User.new(user_params)
if #user.save
# UserMailer.welcome_email(#user).deliver
sign_in #user
redirect_to additional_info_path
flash[:success] = "Welcome to InYourShoes!"
#return #user
else
render'new'
end
end
private
def user_params
params.require(:user).permit(:name, :email, :password, :password_confirmation)
end
def user_addinfo
params.permit(:year)
end
end
def show is the user profile page i want to show after redirecting to the additional_info page
def additional_info is just take additional info from the private method def user_addinfo
def create is the sign up process.
After entering the basic user info, it gets redirected to additional which is fine. but after the additional, it says im missing the users/create template, but my code i attempted to redirect to show_path and #usersshow, still doesnt work
any suggestions? sorry if this seems intuitive but Im new to rails.
I think your problem is in the additional_info method, as i said in the comment. What you're doing is:
creating a user
creating a session for the user (sign_in #user) - storing somewhere the user_id in the session
redirecting to your additional_info page
And here comes the problem. As the user is already signed in you don't have any need to create a new user with additional params. You should have some helper to retrieve the current signed in user (like current_user) and in additional_info method, just update it.
So your additional_info method would become something like:
def additional_info
user = User.find session[:user_id]
user.update params[:user]
redirect_to user_path #show action
end
So basically I have wrote my own authentication instead of using a gem so I have access to the controllers. My user creation works fine but when my users are created I want to also create a profile record for them in my profile model. I have got it mostly working I just cant seem to pass the ID from the new user into the the new profile.user_id. Here is my code for the user creation in my user model.
def create
#user = User.new(user_params)
if #user.save
#profile = Profile.create
profile.user_id = #user.id
redirect_to root_url, :notice => "You have succesfully signed up!"
else
render "new"
end
The profile is creating it is just not adding a user_id from the newly created user. If anyone could help it would be appreciated.
You should really do this as a callback in the user model:
User
after_create :build_profile
def build_profile
Profile.create(user: self) # Associations must be defined correctly for this syntax, avoids using ID's directly.
end
end
This will now always create a profile for a newly created user.
Your controller then gets simplified to:
def create
#user = User.new(user_params)
if #user.save
redirect_to root_url, :notice => "You have succesfully signed up!"
else
render "new"
end
end
This is now much easier in Rails 4.
You only need to add the following line to your user model:
after_create :create_profile
And watch how rails automagically creates a profile for the user.
You have two errors here:
#profile = Profile.create
profile.user_id = #user.id
The second line should be:
#profile.user_id = #user.id
The first line creates the profile and your are not 're-saving' after the assignment of the user_id.
Change these lines to this:
#profile = Profile.create(user_id: #user.id)
I want the user to click on an activation link before being "activated" or before they can log in with the email/password.
I am not using an gems and want to keep it that way. My problem is that after the user registers, they can login in without clicking on the activation code. I have an confirmation_token line and a confirmed line to the model.
user controller:
def create
#user = User.new(params[:user])
if #user.save
render "root_path"
else
render "new"
end
end
def confirmed
user = User.find(:first, :conditions => {:confirmation_token => params[:confirmation_token]})
if (!params[:confirmation_token].blank?) && user && !user.confirmed?
user.confirmed!
self.current_user = user
flash[:notice] = "Thank you. You account is now activated."
redirect_to account_preference_path(current_user)
else
flash[:notice] = "Sorry we don't have your email in our database."
redirect_to root_path
end
end
user model:
def confirmed!
self.confirmed = true
self.confirmation_token = nil
save(false)
end
Am I missing anything? Thanks!
I know there are gems like devise, auth-logic, etc out there but I want to learn how to write it from scratch. Thanks.
EDIT:
session controller
def create
user = User.authenticate(params[:email], params[:password])
if user && user.confirmed == true
cookies.permanent.signed[:remember_token]
redirect_to account_path(user.id), :notice => "Welcome, #{user.first_name}"
else
flash.now.alert = "Invalid email or password."
render "new"
end
end
Of course, after much trial and tribulation, I figured it out. Before, I was redirecting the routes to a new controller where they can edit their password instead of just sending them to the route that just confirms the code. Silly mistake that cost me a lot of headache, but live and learn. Thanks everyone who looked into it.
You might want to search for some tutorials to at least guide you through the process, you'll get a better feel for coding rails correctly.
Basically your problem is that your not doing a check to see if the user is confirmed or not on login. One way would be to add this inside your session create method.
if user && user.confirmed?
The best solution though is probably to use filters like this
before_filter :authenticate, :only => [:new, :create, :edit, :destroy]
Then you have an authenticate method that checks for a current user, and then have logic that says the current_user can only be a confirmed user. This will check that the user is valid on all the pages that they need to be, instead of only on login.
In my update user profile form, the first field asks the user to enter her current password. When she submits the form, I verify the password before accepting the changes in other fields. Here's how I'm currently doing this in the users controller:
def update
#user = User.find(params[:id])
if #user.has_password?(params[:user][:password])
if #user.update_attributes(params[:user])
flash[:success] = "Profile updated."
redirect_to #user
else
render 'edit'
end
else
flash[:failure] = "Password does not match!"
render 'edit'
end
end
I feel like there's a better way to do this. For instance I could make password matching a validation in the user model. Then formtastic would automatically handle the error message for me (as opposed to my ugly flash approach above). I tried doing this with
validate :password_match?, :on => :update
And
def password_match?
has_password(params[:user][:password])
end
But as suspected params is not accessible from the model.
I searched SO for 20 minutes for a way to do this, couldn't find anything that did not involve Devise or Authlogic. I'm doing authentication from scratch (everything works fine: signin, sessions, etc.).
Please, show me the light on the better way!
You don't need devise, just use a before filter on your controller on update
On your profile controller.
before_filter password_match, :only => :update
then on the bottom as private.
private
def password_match
#user = User.find(params[:id])
#user.has_password?(params[:user][:password])