Ruby on rails app using Devise for authentication. Successfully added lockable devise module, migrations, etc. However, I want the user to be given a warning when they are one attempt away from being locked out and when they are locked out. What is the best strategy for implementing this without interfering too much with devise?
Devise should add the field failed_attempts to your model.
You could check that field for the user on Devise's redirect and insert your own flash message if you'd like. See https://github.com/plataformatec/devise/wiki/How-To:-Redirect-to-a-specific-page-when-the-user-can-not-be-authenticated
Related
I am using facebook authentication for logging in to my app. I did exactly as in this link http://willschenk.com/setting-up-devise-with-twitter-and-facebook-and-other-omniauth-schemes-without-email-addresses/#conclusion
First signup is always successful. But when trying to signup with a second account. I am getting the following error.
I think (not sure) i have to use allow_blank: true. Any help? Thanks in advance.
If you don't intend to use Devise's password authentication you could simply create a migration to remove the index:
rails g migration RemoveEmailIndexFromUsers
And then in the migration:
def change
remove_index :users, :email
end
And get rid of the :database_authenticatable module from your User model (remove it from the devise call).
But IMHO I would not use Devise for a pure OAuth app. The main draw of Devise is that it is a ready made auth solution for password auth. It tries to fill a lot of shoes and is quite complicated as a result.
Sure you can use it with OmniAuth but overriding Devise's controllers, views and params sanitation is almost as much work as rolling your own with Warden.
I have Rails 3.2.11 application that i need to hook up with login. The Devise Database Authenticatable would have been ok except:
I can't create table/fields and need to use existing fields(Devise wants to create user model).
Instead of user model, i have to use "existing model (student) with email and password fields.
Would any of you Rails guru tell me how to customize Devise or if to use something different.
Basic requirement is: use login system where someone has to register but use existing table/fields.
Thank you
The quick answer if you can't add fields to your table, Devise is not a authentication choice. It needs certain basic specific fields to work.
You can set Devise with a specific model name, as Peter de Ridder points out. But, without these required fields, several wild errors will show up (like "missing column" among others more cryptic).
Note that in this Devise's wiki article refers to these fields as required:
https://github.com/plataformatec/devise/wiki/How-To:-change-an-already-existing-table-to-add-devise-required-columns
You can customize devise as much as you want. Railscasts #210 gives information about customization options. You can create a devise model with any name you want btw. For example, you can do:
rails generate devise Student
If you want a Student model. Pretty much everything in Devise can be customized, altough some changes are easier then others. You could also get all the controllers from devise at github and customize or just override them in your own application. The devise wiki has a lot of information about customizing:
https://github.com/plataformatec/devise/wiki
I can also recommend the revised railscast #250 authentication from scratch (also railscasts available for authorization from scratch), if you want full control on all your authentication options.
I am having a Rails app for personal use and it uses Devise for authentication. I want there is only one user for my app. In other words, how do I disable registration in Devise after there is already 1 user registered ?
I am thinking about creating a custom method in controller. But is there any good way to do this ?
You want to remove the :registerable option in the model. Then create your single account in your seed.rb and then just seed your app. No need to complicate things just for your own use.
I know that in the config/locales I can change the text used with the Rails Devise gem for various flash messages (sign_in/sign_out/etc).
My question is, can I make that conditional based on perhaps a variable or something.
Currently during sign_out process, Devise will automatically put a flash message for a successful sign out. There are times in my app when I force the user to logout (e.g. their membership expired). I currently force the logout, but then it's popping up with the "Signed out successfully." I want keep that message when in fact they do sign out themselves, but put a notice up about their membership if the app forces them out.
I think there is a better idea is you should need to override controller of devise and then set any flash message as you wish.
this will help you
Override devise registrations controller
I am currently working on application that is build on rails 3.0.9. All of a sudden the client decided that there should be a place to create a user and edit a user in the admin section of the website.
Now here is the case. The authentication and registration in the web application is handled by devise. If I try to implement a custom USER create method in my controller how should I hash the password in the very same way devise is doing so that I can store that in the database. This also applies to editing the already registered users as well.
I have tried to find the solution but no use. Any help in resolving this would be appreciated.
That's easy. You can setup another controller and form but set it up on your User model. Your form will need to include :email, :password, and :password_confirmation. When you do #user.save in your controller's create action, this will have devise take care of all the hashing requirements under the hood.
If you want to check that your save works (just for testing), add a bang at the end like #user.save! - this is only for testing. Either drop into rails console and you can see the newly added records or tail your log file.
Editing should work along the same lines and you can do #user.update_attribute() in your edit action, or #user.update_attributes() if you prefer mass assignment (this will be subject to any attr_accessible restrictions in your model)