I am using Devise and since my app is in Beta, I want to control which users who have signed up can sign in.
So, even if the confirmation email is sent, how can I make it so that just when an admin has confirmed the account they will be able to sign in? Is there any module in Devise that would let me do so?
All you need to do is add an "approved" attribute to your user table, use admin to change its status and before sign in you can check whether user is approved or not. You can find detailed information here: link
Related
I'm building a system using Devise as the gem responsible for handling users.
What I'm looking for it's a way to send the confirmation email always to the same email(it would be the admin), so that he can choose if the person should, or not, be allowed into the system.
You can refer to this How To to let admin confirm the user before signin, you probably won't need comfirmable module.
I was wondering if we can allow Admins to add Accounts for the Member Models? with out them having to confirm it if the Admin adds it?
I have two Devise Models
Admins
Members
To Launch the application i want to restrict Registration and Admins will create the Logins for Members from the Admin Scope. When he adds the Member i dont want them to confirm their account but just send a welcome Email may be with the login details.
I don't want them to confirm their account but just send a welcome Email may be with the login details
One way you could do this is by simply writing a new user form, saving the user and manually sending an email. If you are using Devise confirmable, then you must call confirm! on the built object, in order for them to log in.
However, sending a password in plain text is generally speaking a dodgy thing to do. Surely you'd then want to force each user to change their password anyway, for security reasons? As such, I'd recommend going for the more standard approach of Devise invitable - which will send an invitation token to the user, and ask them to set their initial password. You achieve this by calling invite! on the built user object.
Here are two RailsCast videos about Devise, which you may find helpful for further reference and examples:
http://railscasts.com/episodes/209-introducing-devise
http://railscasts.com/episodes/210-customizing-devise
Yes you can, just create the object and call confirm on it :)
However, as members will need a password to access their account, it could be nice to email them a link to enter this password, so this link could also confirm the account for you.
IMHO, It's a bad practice to send any password by email, a lot of email servers don't implement any secured protocol, better let your users chose it, with a one-time link
Within a rails app i'm working on. I'm trying to add the ability for users to signup simply by entering their email address and then confirming their account via the confirmation email. I don't want the user to have to enter in any password. How would I go about doing this?
This example is useful, but requires for the user to enter a password: https://github.com/plataformatec/devise/wiki/How-To:-Email-only-sign-up
Should I just automatically use one password for all users?
Devise is built for authentication, which is either a password, or a quick check with a social network that this is actually the person they claim to be. The email address is used as identification.
If you just want to identify a person by their email, I suggest you create your own system for it. You can even add some of the Devise features in if you like. First, create a User model with an email attribute:
rails generate model User email:string
Once you've migrated the database, create a controller for it:
rails generate controller users
Then create a Session model and let each User create sessions by logging in. There'll be plenty of great tutorials on the web of how to create a system like this. Writing helper methods like current_user or user_signed_in? should be quite easy too.
Now for the last point, if you want people to sign in after they signed up using the email confirmation, how will you make sure that it is actually the same person signing in as the person who confirmed the email? Any malicious user could simply use an already confirmed account to sign in, unless you have to do an email confirmation every time you sign in...
So while you can do the above, I would seriously recommend to have some kind of authentication, whether it be with a password, or using OmniAuth to connect to social networks. There's a railscast for that here.
Not sure if this would help you, but based on the simplicity of the authentication process, I would suggest not to use Devise at all. You can just create an action in your SessionsController, which will compare the params[:email] (or however you are calling it in your app) against the emails listed in the UsersTable.
I am using Devise for registration of a site with confirmable. However, I have two different roles for this site. The first role is the "main" role that uses the regular Devise signup procedure. Accounts in a second role are supposed to be created after the original user confirms their account, logs in for the first time and saves a certain model. For example, if a user signs up for the site (as role type 1) the get a confirmation email from Devise as normal. Next, they visit the confirmation link, verify their account and then fill out a form where they specify some friends that should also get accounts. The friends are role type 2 and they should get a different confirmation email than the original person who signed up their friends for the account. The accounts for the friends are created when the form filled out by the original user is saved. In addition, a person can edit and add more friends later so accounts might also need to be created on the update method of the relevant form/object and those new users will need to be sent the correct email. To be clear, I do not want to skip confirmation - I just want to send different confirmation emails to the user depending on their roles. I cannot figure out how to handle this properly. If I try to create the friends accounts in code when the form is saved with User.new, calling user.skip_confirmation! will automatically confirm them. However, I do not want anyone automatically confirmed - I just want to select a different customizable confirmation email to send depending on various conditions. Can someone point me in the right direction?
Check out send_on_create_confirmation_instructions method and comments for it in your /gems/devise-x.x.x/lib/devise/models/confirmable.rb
How can I use both registerable and omniauthable modules in Devise?
Specifically I'd like to be able to let users do the following:
Register/login with email and password
Register/login with Facebook (via omniauth)
Attach or remove a Facebook account to their account so they can login with either their email or their Facebook account.
I don't know how to do 3 at all.
1 and 2 are done, but where it gets weird is if the user registered with a Facebook account, I don't need to show (or require) them to enter a password to update their profile.
So, how can I...
Let users attach a Facebook account to their current account so they can login with either.
If the user only signed up with a Facebook account, how do I hide (and not require) the password fields when editing their settings.
Let users attach a Facebook account to their current account so
they can login with either.
in the user setting page add a link to "link to Facebook account"
the link just drive the user through the normal Facebook authentication processes using the OmniauthCallbacksController, just make sure in your OmniauthCallbacksController facebook method you add some code to see if the user is already logged in and if he is you just add an authentication token for the user (I have a table that stores the authentication token for each user)
If the user only signed up with a Facebook account, how do I hide
(and not require) the password fields when editing their settings.
Take a look at this: https://github.com/plataformatec/devise/wiki/How-To:-Allow-users-to-edit-their-account-without-providing-a-password
Hope this help.
You might find this article interesting:
http://www.ruby-on-rails-outsourcing.com/2011/05/06/how-to-merge-facebook-account-into-existing-user-account-using-devise/
Just ran through this myself as I was looking into the same thing, and it worked great for me, but one additional note that is incredibly easy to overlook as it's barely mentioned in a single paragraph; don't forget to generate a migration to add facebook_uid to the user model.