I want to accomplish the following with email_addresses and users:
Allow users to sign up with an email address and password
Send a confirmation email to users
Allow users to log in with their email and password
Would this be best done by just having just an email address string attached to a user as a DB attribute? Or should I use a separate email_address table with user_id?
Also, is there a gem that works well for this, or should I just do it from scratch?
In order to easily manage the user authentication and sending of registration emails, you should check the sorcery gem:
https://github.com/NoamB/sorcery/wiki/Simple-Password-Authentication
Also need to mention devise here. Widely used for this kind of problem.
Related
I'm building a system using Devise as the gem responsible for handling users.
What I'm looking for it's a way to send the confirmation email always to the same email(it would be the admin), so that he can choose if the person should, or not, be allowed into the system.
You can refer to this How To to let admin confirm the user before signin, you probably won't need comfirmable module.
I was wondering if we can allow Admins to add Accounts for the Member Models? with out them having to confirm it if the Admin adds it?
I have two Devise Models
Admins
Members
To Launch the application i want to restrict Registration and Admins will create the Logins for Members from the Admin Scope. When he adds the Member i dont want them to confirm their account but just send a welcome Email may be with the login details.
I don't want them to confirm their account but just send a welcome Email may be with the login details
One way you could do this is by simply writing a new user form, saving the user and manually sending an email. If you are using Devise confirmable, then you must call confirm! on the built object, in order for them to log in.
However, sending a password in plain text is generally speaking a dodgy thing to do. Surely you'd then want to force each user to change their password anyway, for security reasons? As such, I'd recommend going for the more standard approach of Devise invitable - which will send an invitation token to the user, and ask them to set their initial password. You achieve this by calling invite! on the built user object.
Here are two RailsCast videos about Devise, which you may find helpful for further reference and examples:
http://railscasts.com/episodes/209-introducing-devise
http://railscasts.com/episodes/210-customizing-devise
Yes you can, just create the object and call confirm on it :)
However, as members will need a password to access their account, it could be nice to email them a link to enter this password, so this link could also confirm the account for you.
IMHO, It's a bad practice to send any password by email, a lot of email servers don't implement any secured protocol, better let your users chose it, with a one-time link
Within a rails app i'm working on. I'm trying to add the ability for users to signup simply by entering their email address and then confirming their account via the confirmation email. I don't want the user to have to enter in any password. How would I go about doing this?
This example is useful, but requires for the user to enter a password: https://github.com/plataformatec/devise/wiki/How-To:-Email-only-sign-up
Should I just automatically use one password for all users?
Devise is built for authentication, which is either a password, or a quick check with a social network that this is actually the person they claim to be. The email address is used as identification.
If you just want to identify a person by their email, I suggest you create your own system for it. You can even add some of the Devise features in if you like. First, create a User model with an email attribute:
rails generate model User email:string
Once you've migrated the database, create a controller for it:
rails generate controller users
Then create a Session model and let each User create sessions by logging in. There'll be plenty of great tutorials on the web of how to create a system like this. Writing helper methods like current_user or user_signed_in? should be quite easy too.
Now for the last point, if you want people to sign in after they signed up using the email confirmation, how will you make sure that it is actually the same person signing in as the person who confirmed the email? Any malicious user could simply use an already confirmed account to sign in, unless you have to do an email confirmation every time you sign in...
So while you can do the above, I would seriously recommend to have some kind of authentication, whether it be with a password, or using OmniAuth to connect to social networks. There's a railscast for that here.
Not sure if this would help you, but based on the simplicity of the authentication process, I would suggest not to use Devise at all. You can just create an action in your SessionsController, which will compare the params[:email] (or however you are calling it in your app) against the emails listed in the UsersTable.
I am developing an application which uses Devise for user authentication. It performs all standard task that Devise handles (e.g.: Email verification during user sign up). But a user may have multiple email addresses to access his account and I want to verify all those addresses too.
My design is: user will get a email field in his profile page to add another email address to access his account along with his existing email address. After clicking submit, an email verification will occur like first time sign up process and user will be able to use both of this email address after successful verification.
Is there any gem available for this? If I need to implement it by myself, how can I do this without breaking the existing system?
It's very late to reply but recently I faced similar issue and found one gem which lets user have many emails, user can login with any email, set one email as primary, and provides support for confirmable, authenticable and validatable for each email.
Here is the link to gem:
https://github.com/allenwq/devise-multi_email
Hope it helps someone facing same situation :)
Devise is a fantastic gem available for basic or omniauth authentication sign_up and other things like sessions maintenance, resend confirmation password etc .
But is it possible using devise to map multiple email addresses to same user ?
Like I have 3,4 email ids such as
sahil#abc.com
sahil#xyz.com
sahil#mno.com
Use Case and Example
I have already registered with my first email id i.e. sahil#abc.com using an automated system and account is created. But i always prefer to use my other email_id i.e. sahil#xyz.com. So, i want to build a system where user can login using any one of the above email adresses with the same/different password. But there should be one single account for the user.
I'd say:
you've one email field
you have other emails stored somewhere
You could tell Devise that you allow login based on different fields.
I think the cooler way is to give a try to override the 'authentication_keys' method, as it allows you to define the keys.
But how ever , following link has a working solution :)
HTH
Here is what i exactly needed RoR Devise: Sign in with username OR email
def self.find_for_database_authentication(conditions={})
(self.find_by_email(conditions[:email])) || (AuthorizedEmail.confirmed.find_by_email(conditions[:email]).user if AuthorizedEmail.confirmed.find_by_email(conditions[:email]).present?)
end
What it does is :
Firstly tries to find the user record for authentication by searching with email id.
If it gets the record it returns the record else we go to next part.
It finds in the authorised emails table if there exists any validated and confirmed email in the table. If there is such an entry, it tries to find the user related to that particular authorised email and returns that.