Send devise confirmation instructions using SMS or email - ruby-on-rails

Hi I have used devise for the authentication purpose and also made few changes in it such I have provided sign in using both email and mobile number. Refereed this link.
Here is my code
def self.find_for_database_authentication(conditions={})
find_by(mobile_number: conditions[:email]) || find_by(email: conditions[:email])
end
I am using confirmable module for sending confirmation instructions and they are working fine for email.
Now if user doesn't enter this email (only enters the mobile number) then he has to send the SMS (Confirmation instruction in SMS).
So I have following doubts
How can I achieve this functionality?
How can I generate the same confirmation link for the same.
EDIT (I tried following solutions for generating confirmation link)
As I have to send the confirmation link in SMS also, so I tried to generate the given link using following
http://localhost:3000/admin_users/confirmation?confirmation_token=#{#user.confirmation_token}"
it generates the follwing type of link
http://localhost:3000/admin_users/confirmation?confirmation_token=00b2880c9662c65dc6d276db08532ea42d4333e6b7d2357d036cb9233eed41e8
when I tired to use this link it gives me Confirmation token is invalid error. After searching I found this. So how can I generate the confirmation link out side the devise scope.

As for sending the instructions via SMS you might want to take a look at tropo service or restcomm if you want to setup your on server.
Tropo is particularly easy to use, you will need a small deposit (like $10) to enable the SMS sending feature.
Regarding the generation of the url, you might have to create a controller that extends Devise::ConfirmationsController and override the create method to add the logic to check for the existence of email or phone number and react properly.

Related

How to implement email verification through OTP in Rails?

In my rails app, im implenting mobile verification, through OTP. (Using active_model_otp).
now my customer requirement is he want the Email verification also through OTP(means an email with 6 digit otp needs to send to the email. if he enters it, the email verification should happen.)
currently the email verification is happening, through a confirmation link, that is getting sent to the user at the time of user registration(Devise default email verification functionaly)
now my question is how can implement the OTP verification in this context, can i use the same gem to accomplish it ? when i checked the gem document i did not found any info related to email verification using otp though this gem(active_model_otp)
do i need to change these gems (devise, active_model_otp) to implement it or we need to implement it manually.
He John, i am doing the same, yet not finished it dough, so can't share the code right now. Essentially, my idea is to make additional /mfa/otp_qr and /mfa/otp_mail controllers (and views) and a parent view for users to select either mail or qr authentication, ie in /users/registrations/edit.html.erb (and route it after, accordingly).
Active_model_otp gem just handles sec.codes generation/comparision, not how to display those to user (ie with QR code) or send it via email (i guess SMS is also doable).

Ability for users to sign up via SMS (Rails)

I am working on a rails application where the main user model is authenticable by mobile number and a password. This all works fine through the website.
What I would like to do is enable a user to access all the same functions of the web app using solely an old school cell phone - that is purely via SMS. I have already enabled some of the web app functions via SMS using Twilio but I was unsure how to go about handling the creation of a user password via SMS in a secure manner.
What I would like:
User sends the word "LOAN" to our Twilio number.
This creates an account on our system based on their mobile_number. However, a password is required in order to persist a user in the DB so this will need to also be generated here.
An SMS is sent to the user with their password in a secure manner.
I imagine my TwilioController action will look something like this:
def sign_up
if params["Body"] == "LOAN"
user = User.create(mobile_number: params["From"], password: __?__)
user.sms_sign_up # method to send the sms to the user
else
send_failure_sms(params["From"])
end
end
I am already familiar with how to set this up on my Twilio account using TwiML apps - I am only interested in understanding how to manage the password aspect of this problem! Thanks
EDIT: I have seen that Devise provides the method #friendly_token. Is this something that would be useful in this case?
Twilio developer evangelist here.
I think your edit is the answer! I've found other Stack Overflow answers that advocate the use of Devise.friendly_token as well as this How to on generating passwords in Devise.

Devise 3.2, Confirmation without Login, and Password Creation for New Accounts

I've upgraded to Devise 3.2.1 and Rails 4.0, and I'm trying to figure out my signup now that one doesn't login on confirmation.
I allow users to create a message and specify the recipient of the message via an email address. Then I send emails notifying the recipient that they've received a message on the service. If the recipient doesn't have an account on the service, I create the account without a password, and the email I send to the recipient acts a confirmation email. With prior versions, the recipient would then click on the link, thus confirming, and then be taken to a password creation stage and then finally, they'd have a confirmed account created with password and can go see the message.
With Devise 3.1, they no longer allow login via confirmation as they consider it a security risk, however I fear it may greatly increase the complexity of my sign up process. I can no longer redirect to a password creation page as they aren't logged in. I'm toying with the idea of taking them to a special signup page or creating the account and then sending a special form of password reset.
I don't want to notify them via email, then send them a second email as a confirmation. That adds unnecessary complexity to my signup.
I wondered if anyone else has dealt with this issue and how they handled it. I'd like to avoid using:
config.allow_insecure_sign_in_after_confirmation = true
as that will go away soon and is really not the right way.
Is there a secure, yet fast way to do this with Devise 3.2?
Thanks!
I'm switching to using sorcery ( https://github.com/NoamB/sorcery ) for greater control over authentication and building my flow with that.
This is precisely the problem that devise invitable gem solves in a secure manner. I would recommend using this tool, rather than trying to hand-roll your own solution which is more likely to contain security flaws.
The gem workflow is basically:
An admin invites a new user.
The new user is created with a random password. (I actually helped write this bit!)
The user is sent an invitation email. (This is fully customisable in how it works, but has some simple default settings.)
The user receives a link, which contains a URL with a unique invitation_token.
After clicking this link, the user must choose their real password.

Sending a signup confirmation email with having to confirm using Devise

I'm using devise to handle user authentication with my rails app. I'd like to allow my users to sign up and be instantly logged in and receive a confirmation email.
Devise has the Confirmable module which sends out an email but requires the user to open up their mail application, find the email and click a link which then leads them to the site again.
I'd like to just email the user a confirmation that they signed up and that's it.
Is there a way for devise to do this or do I need to resolve to handling ActionMailer myself (if so, is there a quick and non-complex example)?
Many thanks!
-Tony
I'm pretty new to devise and rails, but I have set it all up in may app (rails 2.3.5) and got it working in it's basic functionality. I'm guessing some advanced devise users may teach you a trick to handle this in devise, but I'm going to say that you could easily handle this in a controller action, using some plain rails ActionMailer coding...
Here's a link that I ran across that will show you the basic approach. At the end of the tutorial, they gather the email parts from a simple web page, but you should easily see how to use the class to do it in code.
http://www.tutorialspoint.com/ruby-on-rails/rails-send-email.htm
check out #user.skip_confirmation!
it sets a user as confirmed but doesn't generate the confirmation_token or send the email.

Email Verification plugin for rails?

I'd like to verify a user's email address by sending them a verify-email-message. Do you know of a good Rails plugin that they've used or seen?
Since I didn't see anything good via Google, at this point, my thought is:
Add a verified boolean field to the user model. Default false.
After user is added (unverified), combine email with a salt (a secret), and create the sha1 hash of the email/salt combo. The result is the verification.
Send a welcoming / verification email to the user. Email includes a url that has the email address and verification as GET args to a verify action on my server.
The verify action recomputes the verification using the supplied email and checks that the new verification matches the one in the url. If it does, then the User rec for the email is marked 'verified'
Also will provide action to re-send the verification email.
Any comments on the above?
Thanks,
Larry
Devise
https://github.com/plataformatec/devise
Confirmable: sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in.
Recoverable: resets the user password and sends reset instructions.
Authlogic
https://github.com/binarylogic/authlogic
Also take a look at this Stackoverflow thread
Email confirmation in Rails without using any existing authentication gems/plugins
Hope this helped!
Devise is an amazing gem that can do this with very little effort.
Dont know of a plugin, but the Action Mailer guide covers some of what you want to do: http://guides.rubyonrails.org/action_mailer_basics.html
It shouldnt be too hard to build on the Guide example for your exact use case.

Resources