When does Devise actually send reconfirmation emails? - ruby-on-rails

I'm trying to add email confirmation to a model called "Project" in a Rails app: users should be able to set an email address for a project, which is not saved until they click a confirmation link sent to the email address provided.
Although I have no need for its authentication features, I thought the Devise gem might be useful. I was hoping to use :reconfirmable to implement the feature: when the user tries to save an email to the project, it instead is saved to the unconfirmed_email column until they confirm.
It appears, partly, to be working -- the database is updated correctly, a token is generated, the "confirmation_sent_at" field is set. But no email template is rendered (and no email is sent). Looking at the code path in lib/devise/models.rb I can see how, before the email field is saved to, a method is called that intercepts that save and instead saves to unconfirmed_email. But where is the email send actually triggered? What do I have to do to activate it?

Assuming that you have correctly configured Devise to use the :confirmable feature and configured your email properly (as described in this answer). Then it should be as simple as calling this:
user.send_confirmation_instructions # where user is one of your Devise users
At the very least, making the send_confirmation_instructions call should show that the email is sending in the Rails log. If that is the case but you don't ever receive an email then you have your email configured incorrectly.

Related

Override Devise sessions controller to trigger "confirm your email" email when signing in with unconfirmed account

I am using the confirmable feature in Devise. When someone tries to sign in to an account that has not been confirmed, Devise automatically redirects them back to the sign in page with the error message:
×You have to confirm your email address before continuing.
Is there a way (possibly overriding the sessions controller with my own) to (1) trigger another "Confirm my email" email to be sent to the user at that point?; and (2) change the translation language to add the words A confirmation email has just been sent to you. to the alert message?
For the first question, I have previously used #user.send_confirmation_instructions in another controller, but don't know how to get it working in the Sessions Controller without potentially breaking the rest of the Devise sign in code.
You don’t have to override the whole controller, or even a method in that. You should only use a custom controller if you want to make more significant changes.
custom flash messages
The messaging rendered by devise is all defined in the locale. See https://github.com/heartcombo/devise/blob/master/config/locales/en.yml for all of the strings devise uses.
You can override each of these strings in your own English locale. Will that be enough customisation?
custom email content
You can create custom views for any device method. See the guide at https://github.com/heartcombo/devise#configuring-views
This will allow you to generate the default view files for the email which is sent and then you can edit those. It only gets tricky if you want to pass additional data to the email. Let us know if you stumble on that.

Devise 3.2, Confirmation without Login, and Password Creation for New Accounts

I've upgraded to Devise 3.2.1 and Rails 4.0, and I'm trying to figure out my signup now that one doesn't login on confirmation.
I allow users to create a message and specify the recipient of the message via an email address. Then I send emails notifying the recipient that they've received a message on the service. If the recipient doesn't have an account on the service, I create the account without a password, and the email I send to the recipient acts a confirmation email. With prior versions, the recipient would then click on the link, thus confirming, and then be taken to a password creation stage and then finally, they'd have a confirmed account created with password and can go see the message.
With Devise 3.1, they no longer allow login via confirmation as they consider it a security risk, however I fear it may greatly increase the complexity of my sign up process. I can no longer redirect to a password creation page as they aren't logged in. I'm toying with the idea of taking them to a special signup page or creating the account and then sending a special form of password reset.
I don't want to notify them via email, then send them a second email as a confirmation. That adds unnecessary complexity to my signup.
I wondered if anyone else has dealt with this issue and how they handled it. I'd like to avoid using:
config.allow_insecure_sign_in_after_confirmation = true
as that will go away soon and is really not the right way.
Is there a secure, yet fast way to do this with Devise 3.2?
Thanks!
I'm switching to using sorcery ( https://github.com/NoamB/sorcery ) for greater control over authentication and building my flow with that.
This is precisely the problem that devise invitable gem solves in a secure manner. I would recommend using this tool, rather than trying to hand-roll your own solution which is more likely to contain security flaws.
The gem workflow is basically:
An admin invites a new user.
The new user is created with a random password. (I actually helped write this bit!)
The user is sent an invitation email. (This is fully customisable in how it works, but has some simple default settings.)
The user receives a link, which contains a URL with a unique invitation_token.
After clicking this link, the user must choose their real password.

How to associate multiple emails for a single user in rails Devise gem

I am developing an application which uses Devise for user authentication. It performs all standard task that Devise handles (e.g.: Email verification during user sign up). But a user may have multiple email addresses to access his account and I want to verify all those addresses too.
My design is: user will get a email field in his profile page to add another email address to access his account along with his existing email address. After clicking submit, an email verification will occur like first time sign up process and user will be able to use both of this email address after successful verification.
Is there any gem available for this? If I need to implement it by myself, how can I do this without breaking the existing system?
It's very late to reply but recently I faced similar issue and found one gem which lets user have many emails, user can login with any email, set one email as primary, and provides support for confirmable, authenticable and validatable for each email.
Here is the link to gem:
https://github.com/allenwq/devise-multi_email
Hope it helps someone facing same situation :)

Preventing Devise/ActionMailer from sending confirmation email

I am using Devise with ActionMailer. I would like to allow users to create an account without email if they use Twitter. But I still need devise:confirmable if they choose to add email later on.
However, Devise automatically send confirmation email when an user create a new account, even if user does not supply it. Therefore, I got error when deploy my Rails app to Heroku:
ArgumentError (At least one recipient (To, Cc or Bcc) is required to send a message):
How can I prevent Devise or ActionMailer from sending confirmation email when there's no email address?
Thank you.
Devise has a skip_confirmation! method that should allow you to accomplish this, check out the confirmable.rb

Does devise work with multiple email_id with same account ??

Devise is a fantastic gem available for basic or omniauth authentication sign_up and other things like sessions maintenance, resend confirmation password etc .
But is it possible using devise to map multiple email addresses to same user ?
Like I have 3,4 email ids such as
sahil#abc.com
sahil#xyz.com
sahil#mno.com
Use Case and Example
I have already registered with my first email id i.e. sahil#abc.com using an automated system and account is created. But i always prefer to use my other email_id i.e. sahil#xyz.com. So, i want to build a system where user can login using any one of the above email adresses with the same/different password. But there should be one single account for the user.
I'd say:
you've one email field
you have other emails stored somewhere
You could tell Devise that you allow login based on different fields.
I think the cooler way is to give a try to override the 'authentication_keys' method, as it allows you to define the keys.
But how ever , following link has a working solution :)
HTH
Here is what i exactly needed RoR Devise: Sign in with username OR email
def self.find_for_database_authentication(conditions={})
(self.find_by_email(conditions[:email])) || (AuthorizedEmail.confirmed.find_by_email(conditions[:email]).user if AuthorizedEmail.confirmed.find_by_email(conditions[:email]).present?)
end
What it does is :
Firstly tries to find the user record for authentication by searching with email id.
If it gets the record it returns the record else we go to next part.
It finds in the authorised emails table if there exists any validated and confirmed email in the table. If there is such an entry, it tries to find the user related to that particular authorised email and returns that.

Resources