I'm creating a rails blog app.
No visitor can sign up.
The app will allow any visitor to post comment on a post.
However, this comment will be persisted if and only the visitors clicks on a unique confirmation email that said visitor receives when subimming the comment for review.
How could I do this?
Is there a gem for that?
You could do it many ways, but providing a unique token would be a standard way to do it.
So the Comment model would have a column called confirmation_token which you could set to be random when the comment is created and a column called active which is false by default. Then you send a confirmation email with a link that has that token as a param:
http://www.mysite.com/comment/85/?confirm=<insert confirmation_token>
When that page is visited, you pick up the confirmation_token in your controller and set the active column to true if the token in the url matches the token in the database.
This is how many different types of confirmation are done, including most plain vanilla registrations (e.g. through Devise).
Related
Guys in Rails how do I implement confirmation emails such that a nonuser can post only after confirming the email. So any regular person without an account views the site, submits post, verifies email and then the post is active. I already have devise installed but it seems its more for authenticating users. Whats the approach to take to implement the feature above and is there a specific gem to use?
i think you will need to think in a different way
in your posts list/show actions you can show posts for active users, so if users didn't confirm their account their posts won't be displayed and once they confirm their posts will be shown automatically.
I guess devise' confirmable module can be used for the same. Devise is not just for authenticating . Just like :database_authenticatable for authentication, :confirmable is to verify if an account is already confirmed.
More details on using confirmable can be seen here DeviseConfirmable
I cannot specify a gem (and that is off topic).
Typically you generate a unique and unguessable (long and random) token, store it along with the entity that it finalises, have a route in your app that can accept the token and set a flag in the associated entity (in your case the post). Then construct the confirmation link that invokes that route - including the token data that you just generated - to put in the email.
You might add two fields to the posts table (that you keep hidden from the web page):
email_confirm_token (indexed unique string)
email_confirmed (bool)
And only display posts that have email_confirmed set.
The Ruby standard lib SecureRandom class is a good source of token data.
If you want to verify more than one type of entity, you might want to factor this out. The concept is sometimes called a "nonce"
In my rails 4 app the user gets started by signing in via oauth which creates a new record in the users table. The next step the user enters keywords in a form which consists of five fields plus a sixth field for their email address. Upon submission, how do I tell rails to update their record in the users table with their email address and save their keywords to the keywords table? Is this possible because I don't think you can do a post and put request in the same submit. If not, do I create a separate table for user email addresses? What is the best solution?
See this PUT vs POST in REST
Why can't you do it all in the same request?
I will be seeding my database with real people's names and email addresses, and inviting them to join the site by sending an email to the address that's in the database, with the link back to the site. If I use Devise's 'database_authenticable' with the site, it creates an email column and a column for an encrypted password. However, since I'm only seeding the database with an email, and not a password, I'm not sure if this will create problems.
Should I leave the password column blank? Should I create a dummy password and invite them to change it? Any recommendations?
When answering this question, please take note of my username on this site and provide the level of detail required for someone with my username (and others of similar intelligence) to understand your answer. Thank you in advance.
The simplest way to do something like this (without having to muddy around with Devise itself) is to set the password as a hidden field on your signup form and set a default value for everyone (e.g password123)
You'll need to run
rails g devise:views
To allow you to customize the devise views and change the password field as a hidden field. Then in your User model, specify what you want to set the password to, e.g
before_validation: set_default_password
def set_default_password
self.password = 'password123'
self.password_confirmation = 'password123'
end
Then modify the devise emails to inform the user what their password is and advise them to change it ASAP.
NOTE: This is certainly not the best solution, but it is probably the simplest to run without messing with the Devise code.
One other option you could check out is the devise_invitable gem...
https://github.com/scambra/devise_invitable
This allows you to send invitations to users emails, and they then set their password from there. This may not fit your exact need, but I thought it was worth mentioning.
Related SO question can be found here....
Devise: Create User without Password then Require Password to Use Account?
I am coming to the end of my rails project now and I have done everything I wish to do apart from confirm the users account through email before creating it. I already have it to send an email to the user but I want the user to contain a link. It's far too late to add devise now as I already have a users table etc.
I have heard of having a confirmed field in the users table and having it set to false and then true on user confirmation, but I have no idea on how to implement this. Any ideas?
If anyone else has some other solutions or links to tutorials showing how to add such feature then that would be outstanding. The end is so close yet so far.
It's never too late to add devise. If I were you, I'd do exactly this.
But, if I were to implement confirmation functionality myself, this is how I would go about this:
For each user, make a hash (as in MD5 hash). There are many ways: 1) for each user generate its own and store in a dedicated table column; 2) make one out of password salt, user id and (optionally) some static strings; 3) something else.
Send a user an email with a link, which contains his id and that hash.
When someone hits your confirmation url, you extract user id and hash from query string, and compare them with what you have. If they match, then you mark user as confirmed.
I'm working on this alerting service in Rails. And really, all I need to do is, when a user signs up, send a confirmation email to the user. And upon confirmation from the user, activate the user. I tried playing around with Matt Hooks' Authlogic email activation tutorial, but its really leading nowhere. So , any ideas how I can do this with minimum fuss ?
Thanks !
UPDATE
So how i got devise to do the job for me is :
Install the gem.
Create a migration for devise's confirmable fields.
Specify
devise :confirmable
in your model.
Create a confirm method in the relevant controller(and a route for that method) which would update the confirmed_at attribute of the relevant model.
The devise generator creates a few views for you, one which is confirmation_instructions.html.erb. Customize the path there.
I used Rails 2.3.2 and I 've used this method along with Authlogic's authentication and it worked well. I do plan to switch to devise completely.
In all honesty, I wanted to accept both answers (unfortunately I can't do that), but its just that the devise solution seemed a easier solution.
Assuming given the title that you definitely want to avoid Devise, Authlogic and friends, here's what I think you need to do:
Create 'confirmation code' and 'confirmed' attributes in your user model.
Create a new controller method on your user controller that expects a user id and confirmation code, looks up the user and then checks if the code in the parameter matches the code stored in the DB. If so, it clears the code and sets confirmed = true.
Create a route that maps e.g. /users/1/confirm/code to your new controller method.
Create an ActionMailer template for the e-mail you want to send. This should accept a user as a parameter, and use the confirmation code of the user to send a mail containing a link to your new route.
Create an observer for your user model. If the record is created or the e-mail address modified, then generate a random confirmation code, set it into the model and clear the confirmed flag. Then trigger your ActionMailer.
Create a helper method which allows views to check if the current user is confirmed.
Use this method to enable/disable functionality as appropriate. Remember to protect your controller methods as appropriate as well as your view logic.
You could also make use of scopes for selecting users.
class User < ActiveRecord::Base
scope :certified, where(:certified => true)
end
And then in your code:
#user = User.certified.find_by_username(foo)
Devise is an other excellent authentication gem that comes with email activation build in, perhaps you could give it a go.