To comply with a WAST security report I need to switch off autocomplete in the activeadmin devise views for the admin user email and password.
I can do this easily on my user login views as I've generated the html.erb files from devise and modified them, can't see an easy way to do this with the activeadmin views though.
I've checked for a setting and can't find one, any ideas?
You can add the attribute directly from the register block:
form(html: { autocomplete: :off })
or for the individual fields:
f.input :email, input_html: { autocomplete: :off }
You can create a new form by overriding the old one.
Create
/views/active_admin/devise/sessions/new.html.erb
The current file can be seen here
Related
I'm on Rails 7 and using Devise and Rolify...
I have a create an account page and earlier this week users were signing up just fine (I was dealing with some spam accounts) but I noticed that those spam accounts always chose the roles that were available to non-admin users which are the non-admin roles.
But today I noticed a spam account created that had the role of superadmin and I was thinking how is that possible and I found that all of my roles were visible to everyone.
This is also happening locally as well as my deployed site.
Luckily through Devise the user has to confirm their account before they can have access but unfortunately actual users are able to choose the superadmin role and then have access to do superadmin things, I'm keeping an eye on it now, but this is not safe at all!
In my roles.rb I have:
ADMIN_ROLES = %w[SuperAdmin Admin Moderator Editor]
scope :admin, -> { where(name: ADMIN_ROLES)}
scope :not_admin, -> { where.not(name: ADMIN_ROLES)}
The scope is working in my Rails console when I enter Role.admin or Role.not_admin the appropriate roles show up.
On my registration page when I click on the role collection select dropdown all of my roles show up despite have the scope filter applied in my form:
<%= f.select :role_ids, Role.not_admin.sorted.pluck(:name, :id),
{ label: "What roles does this user have??",
},
{ multiple: true, id: "select-dancestyle" } %>
<% end %>
I did make a change to the page to make sure I'm editing the right form, I even tried removing the roles from the form and re-adding them, I also tried on a different browser just to make sure I wasn't running into any weird cookie issues, and I'm still getting all the roles appearing.
I'm not really sure what I'm missing of why that not_admin scope is not
registering on my form view. I am using the bootstrap form for gem for this form as well!
The answer was in the order of the attributes I tagged, I was able to fix the issue by switching the code from:
<%= f.select :role_ids, Role.not_admin.sorted.pluck(:name, :id),
{ label: "What roles does this user have??",
},
{ multiple: true, id: "select-dancestyle" } %>
<% end %>
to
<%= f.select :role_ids, Role.sorted.not_admin.pluck(:name, :id),
{ label: "What roles does this user have??",
},
{ multiple: true, id: "select-dancestyle" } %>
<% end %>
I am using Rails 4 and Simple Form to create a form where I ask users for a bunch of data. I am including a dropdown selector to a model association in the following way:
<%= f.association :location, collection: Location.order("LOWER(name)").all, required: true, include_blank: false, prompt: "Choose location..." %>
However, I get a undefined method 'name' for nil:NilClass error when the user doesn't actively choose anything and leaves the default prompt message selected in the dropdown.
How can I make the app send the user back to the form and highlight that he needs to choose a location in the dropdown? Just like it happens when you have a required input field and no data is provided...
Thanks!
Adding the required: true in your form doesn't actually make the :location a required attribute on your model.
You need to add the following to your model:
validates :location, presence: true
I am currently using devise for user registration and will like to restrict signups based on domains like #company.com or #work.com. The aim is for users to only provide the first part of their email address for example "lucy.dale" then select their domain from a drop-down menu such as #company.com. Please see the code I have generated so far..
<div><%= f.label :email %><br />
<%= f.text_field :first_email, :autofocus => true %><%= f.select :domain, options_for_select([["Select One", ""], "#company.com", "#work.com", "#office.com"]) %>
As i don't have access to the Devise controller or mailers, please can you advise me on how I can join the :first_email & :domain attributes to give (lucy.dale#company.com) before passing it to the default :email attribute in Devise.
Thanks for your help in advance
I hope this help someone out there. Instead of extending the devise registration controller, i decided to use a Regex to validate the domains. This will allow me restrict the domains as shown below
validates_format_of :email, :with => /\A([^#\s]+)#(company\.com)|(work\.com)\z/
The regex was added to the model for validation.
I'm new to ruby on rails, and I installed devise on my application. I was wondering where I can customize the values if a value is given in views/devise/registrations/new.html.erb
for example:
<%= f.input :password_confirmation, :required => true %>
this gives out an input and a label, the label is * Password confirmation. How do I customize this label and the input field?
Thanks
<%= f.input :password_confirmation, :required => true, :label => 'something', :class => 'something' %>
Define the something class in CSS and you'll be fine.
And of course, generate the partials via copying from devise directly or using its generators. I usually copy them from devise repo since I am not that much fan of generators, sometimes they generate files I don't even need or want.
rails generate devise:views users
You will need to generate the partials first. After that you can use those generated files to override the default ones. Also, it might be good to build the authentication from scratch the first time in order to better understand the process.
http://railscasts.com/episodes/250-authentication-from-scratch
I know that the RoR can do the validation in the models. But I want to confirm the user's password in the views. I means, it show two textfield for user to type password twice to ensure the user type the password correct, but in the database I only store one value. How can I handle it in the RoR?
In your model do:
validates_confirmation_of :password
In your view do:
<%= form.password_field :password %>
<%= form.password_field :password_confirmation %>
This is using the built in rails confirmation validation. It's will add the virtual accessor for you.