I am allowing users to register/login via facebook and username/passwd.
So if a user registers via fb, then how do I save the "User" instance without username and password ?
Well you have two options:
First: allow null value in both fields.
Second: override some methods like this:
There is a function called create_user in pipeline which calls create_user of your user model's manager. You can override that method and create password by yourself:
def create_user(self, email, username, password, is_staff, is_superuser,
*args, **extra_fields):
"""
Creates and saves a User with the given username and password.
"""
now = timezone.now()
if not username:
username = '' # or randomly generated string
user = self.model(username=username, is_staff=is_staff, email=email,
is_active=True, is_superuser=is_superuser,
last_login=now, date_joined=now)
user.set_password(password) # this generates password
user.save(using=self._db)
return user
This will save a user with generated username and password. You can change it however you want.
Related
I am developing an application through Rails.
I need the ability to login to another user with admin account in devise token auth gem
When user log in, authHeaders are stored in the browser cookie.
Determine user by authHeaders value.
ex)
{ %22access-token%22:%22"access-token value"%22%2C
%22token-type%22:%22Bearer%22%2C
%22client%22:%22"client value"%22%2C
%22expiry%22:%"expiry value"%22%2C
%22uid%22:%22"uid value"%22}
in my controller
returns a new token value when admin clicks user id
def login_as
user = User.find(params[:user_id])
user_new_token_data = user.create_new_auth_token
## return new access-token, token-type, client, expiry, uid in browser cookies format same value
end
I want to change the return value to a browser cookie value and log in as another user, but I do not know how to put it in the cookie.
I would appreciate your help. Thank you
I'm using dj-allauth on my django app. When people sign up to my django project/app, I want to check that the domain on their email matches mydomain.com. Is this possible? I think I can do it by changing the signup form. I've tried the following which doesn't seem to do anything when I submit the signup form. There aren't any errors. It isn't checking for the domain, it's prompting for the user's nickname and then appending the domain automatically.
forms.py
class VSBSignupForm(SignupForm):
def save(self, request):
# Ensure you call the parent classes save.
# .save() returns a User object.
user = super(VSBSignupForm, self).save(request)
user.email_address = user.username + "#mydomain.com"
user.save()
# You must return the original result.
return user
settings.py
ACCOUNT_FORMS = {'signup': 'myapp.forms.VSBSignupForm'}
I changed the template for the signup.html such that it asks for the nickname and password, but not the email address.
edit I tried putting a print statement in the form save method and it didn't print anything in the shell, which makes me think the form isn't being used.
I'm trying to make an api for resetting password, I made devise handle the part when the user press on forgot password and sending him an email with a token but I tried to change it in the other part I needed to look up user using that token when he reset his password but Devise reset_password_token of the user (in the DB) is not like the token sent in the email, I only receive token, password, password_confirmation to make that API work, So I need to find that user using token sent in the email(User.where(reset_password_token: TOKEN)), Is there a way to convert token in the email to the one I have in the DB.
You have to check the reset_password_by_token class method which contains the logic. But you can use it directly:
User.reset_password_by_token({
reset_password_token: token,
password: password,
password_confirmation: password_confirmation
})
Link to current master code here
Is there any way to fetch the password and password_confirmation field of a Model object in Rails.? Say for example, I have an user object
user = User.find(1)
Now, I want to fetch the value of the password field like this.
password = user.password
confirmation = user.password_confirmation.
I tried this, but it is returning nil.
I know, this is a security issue if they allow these fields to be accessible., But, I want to fetch these values for a feature to be implemented in our application.
Assuming you are using Devise, the only attribute related to the user's password is encrypted_password, it will return the BCrypt encrypted password. You can also read the password_salt User attribute.
You can see all Devise User Model attributes with: User.column_names
I have the need to let the user change their password. I'd like to switch the password in the session to reflect this new password, without logging them out.
def set_auth username, password
# test username and password here?
auth_object = AuthCookie.new
auth_object.set_username username
auth_object.set_password password
session[:user_login] = auth_object
end
I use something like the above, but it doesn't seem to work in changing the current session's password to the new one the use just entered.
What am I doing wrong?
Don't save your whole auth object in the session, the most important thing is you should not save password info in the session. Rails default session storage is cookie based, just base64 encode string. So if you save user password info in the session, there is security problem.
Just put the user identify in the session, for example, the user_id. session[:user_id] = user_id