I need to add a second password field to devise. The original password will be used to login as usual. The second password will be used to "sign" documents.
Any ideas on how to implement this?
I would just generate a migration specifying the data type as string.
1)rails g migration AddPasswordToUser sign_password
2)rake db:migrate
3) update the user_params
I would also use the gem bcrypt to get encrypt the password
https://github.com/codahale/bcrypt-ruby
What do you mean by "signing documents" ?
Do you have a Document model ?
And a relation between User and Document ?
If yes, you should add the password on the Document model.
Related
I have a password policy need to apply at my ROR application.
Prohibit passwords from being the same as the account ID or user ID.
For example: System will prompt error if I use the wording contain of 'alex' if my username is
alex#google.com
Use custom validation, in your User model
validate :password_content
def password_content
self.errors.add(:password, "cannot contain username") if password.include?(user_name[/[^#]+/])
end
It will throw a validation error if password contains user_name. Hope this helps!
You can make use of include?
if password.inlcude? user_name[/[^#]+/]
do something
end
I want to make a change password in rails i want to enter the old password as a string and check it with the encrypted one in the database i am using Devise gem how can i do this
You want Devise's valid_password? method.
> user = User.find(1)
> user.valid_password?('invalidpassword')
=> false
> user.valid_password?('therealpassword')
=> true
Devise already provides you with this functionality. It should probably work out of the box using the edit_user_registration_path.
Have a look at https://github.com/plataformatec/devise/wiki/How-To%3a-Allow-users-to-edit-their-password to find some more information.
Im using RoR 3.2.3 and Devise and Active Admin is working great.
However, there is something I am not getting.
In my app, users cannot register themselves, only an Admin can register other users.
This is all working, the Admin goes into the Active Admin panel->Users->New and fills the username and email and clicks "Create".
In order to give the customer the option of clreating his new password I'm using in mt AA user model:
after_create { |user| user.send_reset_password_instructions }
def password_required?
new_record? ? false : super
end
However, I don't want the email to send the text that devise uses, but rather a welcoming text and not something like "A link to change your password has been requested..." as there was no password to begin with.
In short, I want to use the send_reset_password_instructionsdevise method without using it's devise/mailer/reset_password_instructions view for when a new user is created.
However if the user forgets his password then he clicks the "Forgot Password" link and an email is to be sent with that default text already provided by Devise.
Any tips on how to make this work?
Thanks in advance,
Regards
Its very simple actually, set config.scoped_views = true in config/initializers/devise.rb
Then run
rails g devise:views users
this will generate all the views files devise uses, you can make changes to the
app/views/users/mailer/reset_password_instructions.html.erb file to what you need or any other file you wish to change.
how can I make devise enforce getting correct password before canceling registration (deleting account)
You can either:
Do something along the lines of pst's answer: have a text box for :canceled in a form that when saved, cancels the account. Since it would be part of the user model, devise would force the password check upon the update action.
Do it yourself via a button that warns (similar to the delete buttons often in Rails). The controller that receives the request would simply do something like the following (I seem to remember that Devise uses MD5, maybe it's SHA1, SHA2, unsure- see documentation; the key is to use the same type):
if params[:password] == Digest::MD5.hexdigest(params[:password])
cancel_account(…)
…
end
Yeah, the key here is knowing how to encrypt params[:password] to be able to compare it to the current_user.encrypted_password
Older versions of Devise use a password_salt as well. My advice to you would be to look at how devise does this on sign in, and use the same method in your destroy action, or whatever user-facing page you have for that.
Specifically, I'm using Devise with Typus. But, I think my misunderstanding resides in my knowledge of Devise.
I'm trying to achieve the functionality of when you want to change an important model via form, you have to provide your current password to confirm you can change it, a la google.
Right now, I can log in and change any of the fields of my User model. Including the password, without having to confirm my password prior. Not good. So, I've added current_password to the form. But that didn't do anything. Then I tried to validate presence on current_password. Then it doesn't seem to accept any value for it.
Google didn't help me. All of the relevant posts were about removing current_password instead of confirming it. Which makes me think I'm misunderstanding the use of current_password.
Anyone care to share some insight? Thanks.
You should add the password field to the form, and then in your controller's action you can validate the password using:
user.valid_password?(params[:user][:password])
Note that probably you should change params[:user][:password] to the the name of the param for your password's field in the form (perhaps just params[:password]).
Hope it helps.
Actually, devise has a builtin method for this:
user.update_with_password(params, *options) you can read the rdoc here.
Update record attributes when :current_password matches, otherwise returns error on :current_password. It also automatically rejects :password and :password_confirmation if they are blank.