I am using Rails 4.0.2 and Devise 3.2.2 to handle user registration / authentication. I have enabled :confirmable but was wondering if there is a way to configure :confirmable?
eg: authentication key expiry...etc
Currently, when users sign up with email address: example#exmple.com, that email address stays taken/unavailable even when the user doesn't activate/verify that email address.
How do I configure Devise :confirmable so that the email address a user signed up with will becomes available again if the user does not activate in a period of time ?
Thanks!
check the following link it has enough information about confirmable module
[1]https://github.com/plataformatec/devise/wiki/How-To%3a-Add-%3aconfirmable-to-Users
I don't think the devise 'confirmable' will do that for you. However, you can use 'recoverable' to reset passwords for the account. It is very unlikely that someone different will now own an email account so your best bet is to add a "Forgot your password?" page using recoverable for your end users.
If you want to explicitly to remove the user entries, I think your best bet is to generate a rake task that checks when the user was created and that the account hasn't been confirmed. Then put that task on a cron so you run it say every night. Though I really don't see the need for it. I believe you're approaching the problem from the wrong angle, and I recommend recoverable as your approach.
Take care, and good luck!
Related
Playing with Devise and noticed that if I register an account but do not confirm it, the email address is made unavailable regardless - surely the whole point of confirming an email address is to ensure that the person registering owns it. I want to stop "malicious" users registerting email addresses and effectively rendering them unavailable.
Surely Devise has considered this so what am I missing?
I don't think this is something Devise is going to resolve for you, since it's focussed on authentication, not user management.
A solution might be to write a cronjob with whenever that runs a cleanup task. For example removing all unconfirmed email addresses after a certain period. This period should resemble your :confirmable settings for Devise in config/initializers/devise.rb
I'm using Devise in my Rails 3.0.10 app where the Users that sign up must reply to the email Devise generates automatically.
But I wonder, how can I make Devise ignore this option for the first user that will sign up, and request email confirmation for the n next users?
Thanks in advance.
I couldn't think for a good reason to do this. Normally the first user is the administrator (or the owner) and he/she should never have to register. What I usually do is create the first user through a seed:
# db/seeds.rb
...
User.create!(email: "first#user.com", password: "YayIAm1AndHaveADifficultPassword")
...
Then when I have to deploy (this probably will go into capistrano but anyway) you run:
rake db:seed
This way you don't have to hack Devise to not to send the first user a confirmation e-mail.
I already migrating from restful_authentification to devise.
I follow every steps. I succeed sign up new user, confirm it.
also login with it's user. Everything is going right.
Until I found a bugs. That some of current user who already able to login with restful_authentification,
cannot login. It returns "Invalid username and password".
It is possible the reason is coursed from different password encryption system between restful_authentification and devise?
Or Devise didn't allow some characters on password?
Please help me? Its already 2 days find ways to resolve the issue
Thanks
Did you configure Devise to use the :restful_authentication_sha1 encryptor, the correct pepper and stretches? See https://github.com/plataformatec/devise/wiki/How-To:-Migrate-from-restful_authentication-to-Devise
I do not know restful_authentication, but i think you will have to reset the passwords of all the users that existed before. It is safe to assume that devise uses a different algorithm to encode the password.
When resetting the password from the console, you need to specify the :password and the :password_confirmation, otherwise it will not work.
I'm using Devise to allow user signup as-well-as using my own user admin to create users manually. When I create a user in the admin, Devise sends a confirmation immediately to the new user. I believe this is due to the fact that both devise and my admin use the same model. How do I delay this email until the administrator is ready to send it?
Additionally, Devise's validation is requiring the admin set a password for the new user. I would much prefer the manually created users specify their own password when they respond the confirmation. Right now manually created users will not know their password unless I send it too them in a supplemental email.
#user.skip_confirmation! confirms the user, so the user can log in
without using the confirmation.
This works for me in devise 3.5
Stop devise to send confirmation email while creating user.
#user.skip_confirmation_notification!
Send confirmation instructions later
#user.send_confirmation_instructions
We do this in one of our apps. You can tell Devise NOT to automatically deliver the confirmation like this:
#user.skip_confirmation!
And then later, you can do
Devise::Mailer.confirmation_instructions(#user).deliver
For Rails 2.x you'd do something like:
DeviseMailer.deliver_confirmation_instructions(#user)
The solution is not so simple as #Ryan Heneise's answer. If you do #user.skip_confirmation! it confirms the user, so the user can log in without using the confirmation, so the confirmation letter in this case is useless. This solution does not allows the user to log in without the confirmation: Rails 3 with Devise for Authentication - How do I manually create a user?
There's now an easier way (was added back in v2.2.4)
Devise's confirmable module now includes the perfect skip_confirmation_notification! method which allows for a cleaner solution:
#user = User.new params[:user]
#user.skip_confirmation_notification!
#user.save
# ... do stuff, then later...
Devise::Mailer.confirmation_instructions(#user).deliver
I just spent some time looking into this, basically you just need to add this and setup delayed_job.
def send_confirmation_instructions
generate_confirmation_token! if self.confirmation_token.nil?
::Devise.mailer.delay.confirmation_instructions(self)
end
Add it in your user model as protected method to override the devise one in confirmable. Also, note the gem was just updated to add a new method to be overridden on create that sends the confirmation instructions.
There is now the devise-async project:
https://github.com/mhfs/devise-async
https://github.com/plataformatec/devise/wiki/How-To:-Send-devise-emails-in-background-(Resque,-Sidekiq-and-Delayed::Job)
Do you use delayed job ? It allows you to define single methods for delayed run.
As the title says: how can I use the Restful Authentication Plugin with Ruby on Rails. When I want to create a new user, it requires me to set the (wrong-named, confusing field) login (= username), email address and password. However, I want, like Facebook does, to require the user to enter only an email address and password, not a username. People will also login with this email address.
Can anyone help me?
Can you hash the email to a unique user-name and just never expose the field to the user?
Restful Authentication includes generators that set up your models and migrations. You're free to edit those as you see fit.
You would just need to edit the validations in the User model for the login field. I'm not sure if the default users table migration include :null=>false for the login field, but that's a simple fix as well.
Set the username and email to the same value?
What BlueRaja says, or use authlogic, which can easily be modified to support what you are trying to achieve.
Also, if you're going to do this, why not go the next step and support OpenId? It's available as an addon to authlogic.
I forked a version of restful auth and modified it to not use usernames. Not thouroughly tested with all options but it passes the tests. Check it out if you want: https://github.com/jamiequint/restful-authentication