After checking a few questions like:
rails 3.1, devise gem, :timeoutable is not working, why?
Devise - Timeout not working
devise config.timeout_in not working
How to configure time out using devise?
I have set my user model with :timeoutable
class User < ActiveRecord::Base
devise :rememberable, :demo_authenticatable, :api_authenticatable,:registerable,
:recoverable, :trackable, :validatable, :confirmable, :lockable, :timeoutable
And I have also uncomented the timeout_in line in the devise.rb file
config.timeout_in = 1.minutes
I also tryed setting the timeout_in property in the user model, but i keep beeing logged in
Any clues?
Thanks in advance, cheers!
If you're expecting it to present you with the login page when you refresh, remove the timeout part from your model and put it in devise.rb NOT development.rb & restart rails server.
config.timeout_in = 1.hour
Related
I am using rails occasionally, and first time using devise with trackable, and when i look into my table, the current_sign_in_ip and last_sign_in_ip are ::1 not my current ip, Cani know why? I already defined on user.rb model
class User < ApplicationRecord
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :validatable, :confirmable, :trackable
end
For Devise to record your public ip, you need to expose your local server to the internet and access it from the outside. The easiest way to achieve that is using ngrok.
Assuming your rails server is listening on the default port - 3000, you can generate a public URL using ngrok:
$ ngrok http 3000
And use that URL to access your Rails app and sign in. Devise will record your public ip as your current_sign_in_ip.
From a clean create-repack-app install. I add the following to my Gemfile then run bundle:
gem 'devise_token_auth'
Then I run:
rake db:create
rails g devise_token_auth:install
rake db:migrate
Databases (dev and test) are created and ruby files generated (including an addition to the config/routes.rb file). Trying any rake or rails command does the following right now:
rake routes
rake aborted!
NoMethodError: undefined method `devise' for User (call 'User.connection' to establish a connection):Class
Commenting out the following in the config/routes.rb file:
mount_devise_token_auth_for 'User', at: 'auth'
Removes this error. The code added to the User model doesn't contribute to this error. Do I need to run rails g devise:install also? The documentation doesn't mention anything extra. So I'm not sure what I'm doing wrong.
Add below code to the User model
extend Devise::Models
My User model looks like this.
# frozen_string_literal: true
class User < ActiveRecord::Base
extend Devise::Models
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable and :omniauthable, :trackable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :validatable
include DeviseTokenAuth::Concerns::User
end
I found my answer from another post: Devise_token_auth conflicts?
Adding the following Devise initializer:
config/devise.rb:
Devise.setup do |config|
# The e-mail address that mail will appear to be sent from
# If absent, mail is sent from "please-change-me-at-config-initializers-devise#example.com"
config.mailer_sender = "support#myapp.com"
# ==> ORM configuration
# Load and configure the ORM. Supports :active_record (default) and
# :mongoid (bson_ext recommended) by default. Other ORMs may be
# available as additional gems.
require 'devise/orm/active_record'
# If using rails-api, you may want to tell devise to not use ActionDispatch::Flash
# middleware b/c rails-api does not include it.
# See: https://stackoverflow.com/q/19600905/806956
config.navigational_formats = [:json]
end
Fixed the problem.
Using devise 3.2.4 with rails 3.2.13.
I am trying to expire auth token on session timeout therefore in my devise.rb file , I have made following changes :-
config.timeout_in = 1.minutes
config.expire_auth_token_on_timeout = true
The timeout works perfectly, user is logged out after 1 minute of inactivity period but the auth token is not expiring on timeout.
Here is the user model:-
devise :database_authenticatable, :async , :registerable, :confirmable,
:recoverable, :rememberable, :trackable, :validatable, :omniauthable, :timeoutable
Any idea what I am missing ?
This method was removed from this devise version.
See more here.
Best regards.
Rails Version: 5.0.0.1
Devise Version: 4.2
In my devise.rb file I define lifetime for password token to be 6 hours
# Time interval you can reset your password with a reset password key.
# Don't put a too small interval or your users won't have the time to
# change their passwords.
config.reset_password_within = 6.hours
When I opt for password reset through the Forgot Password link, I can see the timestamp and token generated
postgres=> select reset_password_token, reset_password_sent_at from users where email='email#gmail.com';
reset_password_token | reset_password_sent_at
------------------------------------------------------------------+----------------------------
89f51bce1bc6b495c16a50b015d03897d0520a8b58c300a5deef16b2c45cac82 | 2016-09-16 21:18:01.322362
Active record and application timezone are both set to 'Asia/Kolkata' but when I click on the link delivered in email and try changing password (which is within minutes of the email delivered) the password change fails with message
Reset password token has expired, please request a new one
Update One
I have recoverable enabled in the user model, but to no use here.
class User < ApplicationRecord
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable and :omniauthable
devise :database_authenticatable,
:recoverable, :rememberable, :trackable, :validatable, :lockable, :timeoutable
end
Update Two
Here are the logs from after implementing changes suggested in answer
Updated devise config to
# Time interval you can reset your password with a reset password key.
# Don't put a too small interval or your users won't have the time to
# change their passwords.
config.reset_password_within = 6.hours.from_now
The password update still fails, no real error in the logs neither.
I, [2016-09-19T20:54:04.793217 #19146] INFO -- : Started PUT "/users/password" for ::1 at 2016-09-19 20:54:04 +0530
I, [2016-09-19T20:54:04.795888 #19146] INFO -- : Processing by Devise::PasswordsController#update as HTML
I, [2016-09-19T20:54:04.796108 #19146] INFO -- : Parameters: {"utf8"=>"✓", "authenticity_token"=>"hXJycHI8Xmwo5D1pTS6a+naO1aV6PUDoqNw1kLjxWksF1zf+dEJ/j2KnmlOt0JSSe4F53cVP4uyBw1Pe0G4u8Q==", "user"=>{"reset_password_token"=>"[FILTERED]", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}, "commit"=>"Change my password"}
D, [2016-09-19T20:54:04.803200 #19146] DEBUG -- : User Load (3.8ms) SELECT "users".* FROM "users" WHERE "users"."reset_password_token" = $1 ORDER BY "users"."id" ASC LIMIT $2 [["reset_password_token", "f278c026f607eea0f948e79e16861a90c9f1c73af271b2b803787f5fb68bdd04"], ["LIMIT", 1]]
Well, I don't think it's a time zone problem. You might wanna know the following about Devise.
This is the list of Devise modules for your model.
database_authenticatable – Users will be able to authenticate with a login and password that are stored in the database. (password is stored in a form of a digest).
registerable – Users will be able to register, update, and destroy their profiles.
recoverable – Provides mechanism to reset forgotten passwords.
rememberable – Enables “remember me” functionality that involves cookies.
trackable – Tracks sign in count, timestamps, and IP address.
validatable – Validates e-mail and password (custom validators can be used).
confirmable – Users will have to confirm their e-mails after registration before being allowed to sign in.
lockable – Users’ accounts will be locked out after a number of unsuccessful authentication attempts.
So, if you are having Reset Forgotten Password Problem, you might wanna make sure recoverable is enabled in your model.
For example if User model (user.rb), you will have
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable, :confirmable, :lockable
Enabling recoverable is important to deal with your reset forgotten passwords in Devise.
I have the same problem after change Rails time zone.
I can solve the problem setting to nil reset password fields on mi User model:
User.update_all(reset_password_token: nil, reset_password_sent_at: nil)
I am trying to set up Pageflow. Finally I managed to create DBs and install pageflow. I can run rails s but I get Migrations are pending; run 'bin/rake db:migrate RAILS_ENV=development' to resolve this issue. in my browser.
Anyway, typing bundle exec rake db:create db:migrate would give me this error:
== AddDeviseToUsers: migrating ===============================================
-- change_table(:users)
rake aborted!
StandardError: An error has occurred, all later migrations canceled:
undefined method `to_sym' for {:null=>false, :default=>""}:Hash/Users/user/.gem/gems/activerecord-4.0.2/lib/active_record/connection_adapters/abstract/schema_statements.rb:671:in `type_to_sql'
This line in schema_statements says.
def type_to_sql(type, limit = nil, precision = nil, scale = nil) #:nodoc:
if native = native_database_types[type.to_sym]
column_type_sql = (native.is_a?(Hash) ? native[:name] : native).dup
if type == :decimal # ignore limit, use precision and scale
scale ||= native[:scale]
if precision ||= native[:precision]
if scale
column_type_sql << "(#{precision},#{scale})"
else
column_type_sql << "(#{precision})"
end
elsif scale
raise ArgumentError, "Error adding decimal column: precision cannot be empty if scale is specified"
end
elsif (type != :primary_key) && (limit ||= native.is_a?(Hash) && native[:limit])
column_type_sql << "(#{limit})"
end
column_type_sql
else
type
end
end
I tried to solve this with the gem composite-primary-keys, but found out that there is no compatible version for rails 4.0.2.
Being an absolute noob, I found the issue here: https://github.com/composite-primary-keys/composite_primary_keys/issues/174 but it didn't helped me out.
Thanks!
//EDIT
Thats my user.rb:
class User < ActiveRecord::Base
# Include default devise modules. Others available are:
# :token_authenticatable, :confirmable,
# :lockable, :timeoutable and :omniauthable
devise :database_authenticatable,
:recoverable, :rememberable, :trackable, :validatable
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable and :omniauthable
devise :database_authenticatable,
:recoverable, :rememberable, :trackable, :validatable
include Pageflow::UserMixin
end
There is no extra comma at the end...