I have a project that is built on LocomtiveCMS, which already has reset password functionality built in. However, the reset password email it currently sends has just a basic skeleton wording.
How do I make a custom message to use in the email sent out for resetting a password?
Inside your main app, all you have to do is to add a new file at this location: /app/views/locomotive/devise_mailer/reset_password_instructions.html.haml.
After a restart of your server, Devise should use this file as the new template for the reset password instructions.
We did that for LocomotiveHosting.com (which is built on top on the LocomotiveCMS engine) and it works well.
Thanks!
Did
Related
Due to some data related issues,I imported dev database to my local database that is running via docker however I am not able to login a user with same credentials that are working on dev server/database. I noticed that fields like email etc are using rails encrypt database field.
I am not able to login user with same username password ,if some one knows what might be causing it and a solution to it,that would be wonderful. Thanks in advance.
We are creating an app that has a feature to reset their password respectively, since we are using keycloak so that thing will be featured via keycloak page itself, but our client need the forgot password will be provided in the app, so i need to hit the forgot password api like below flow.
App Forgot Password Page > Fill email only and proceed > User receive reset password link > Open link > Keycloak reset password page
But seems that api is not existed in the keycloak.
As far i only found below apis
PUT /{realm}/users/{id}/reset-password (need bearer, not possible since we are unable to use realm account user)
PUT /{realm}/users/{id}/execute-actions-email (don't know how to use it and need bearer, not possible since we are unable to use realm account user)
Any suggestion?
Thank you in advance
Hi there, this is 2021, my solution at this time was by using keycloak library in java service, so the service working as aggregator between my web app to keycloak, and still we are using above apis mentioned that need realm access. Good luck.
You can set required action for the user to UPDATE_PASSWORD and when user tries to log in, they will be prompted with Setting up their password.
Keycloak Admin APIs - UserResource
You can update the user and in the UserRepresentation you can set that required action.
I've upgraded to Devise 3.2.1 and Rails 4.0, and I'm trying to figure out my signup now that one doesn't login on confirmation.
I allow users to create a message and specify the recipient of the message via an email address. Then I send emails notifying the recipient that they've received a message on the service. If the recipient doesn't have an account on the service, I create the account without a password, and the email I send to the recipient acts a confirmation email. With prior versions, the recipient would then click on the link, thus confirming, and then be taken to a password creation stage and then finally, they'd have a confirmed account created with password and can go see the message.
With Devise 3.1, they no longer allow login via confirmation as they consider it a security risk, however I fear it may greatly increase the complexity of my sign up process. I can no longer redirect to a password creation page as they aren't logged in. I'm toying with the idea of taking them to a special signup page or creating the account and then sending a special form of password reset.
I don't want to notify them via email, then send them a second email as a confirmation. That adds unnecessary complexity to my signup.
I wondered if anyone else has dealt with this issue and how they handled it. I'd like to avoid using:
config.allow_insecure_sign_in_after_confirmation = true
as that will go away soon and is really not the right way.
Is there a secure, yet fast way to do this with Devise 3.2?
Thanks!
I'm switching to using sorcery ( https://github.com/NoamB/sorcery ) for greater control over authentication and building my flow with that.
This is precisely the problem that devise invitable gem solves in a secure manner. I would recommend using this tool, rather than trying to hand-roll your own solution which is more likely to contain security flaws.
The gem workflow is basically:
An admin invites a new user.
The new user is created with a random password. (I actually helped write this bit!)
The user is sent an invitation email. (This is fully customisable in how it works, but has some simple default settings.)
The user receives a link, which contains a URL with a unique invitation_token.
After clicking this link, the user must choose their real password.
Im really new to iOS development, but I have some experience in OSX. I am trying to make an app where the users fills out text fields with information and then presses a submit button. The contents of the fields that they filled out are then automatically sent to me via an email.
I built a similar OSX application that could do this, but I cannot figure out how to do it on iOS.
I do not want to use the MessageUI.framework because, as far as I can tell, the user must press the send button after it brings up the email form. I just want it to send in the background.
I have no problem hardcoding in the email address and password, or using the same email for send and receive. ex: to: me#gmail.com from: me#gmail.com
Any pointers would be sweet!
You have two options if you do not want to show the mail composer window to the user
Use an SMTP Client for iOS like this one and send the email from your app with the email id and password hard-coded in the app. But if you want to change the email id or change the password in the future, you'll need to update the app. So this is a less desirable solution
Create a web script on your server which accepts the form fields to be submitted by the user. Then from this web script, send the email to your email id (for instance, if you use a PHP script, use the mail function to send the email). Call this script in the app using NSURLConnection.
You are going to need to make a custom form and then send all of the fields in the form as POST parameters to a custom API that you make on some server. Then you can just redirect that as an email to yourself through something like SMTP
I am new to grails.
I create a grails application in netbeans 7.2.1.
I am using grails-1.3.4.
I need to implement ForgotPassword functionality.
So for that I download and install the dependencies of Spring Security UI plugin and install this plugin too.
I am able to register user, also able to verify it through email.
Now I am using ForgotPassword functionality of this plugin and It is sending mail with the request token.
On clicking the link sent in the mail I am able to see the reset password form.
But when I entered correct password in both i.e. New Password and Re-enter Password.
Its just staying on the same page, not giving any error and no message is being displayed just stays on the ResetPassword form.
and password is not getting changed.
I have create User and Role domain class using s2-quickstart command and added an email field to User class.
EDIT :
When I click the reset password link mentioned in the mail I got reset password form but also sees an error message as in attached image
Thanks in advance.
You're probably double-encoding the password. See the section "Password Encryption" in http://grails-plugins.github.com/grails-spring-security-ui/docs/manual/guide/10%20Customization.html for the configuration setting for this.
Btw - you're new to Grails but using 1.3.4? You should be using 2.1.x or 2.2.x
Along the same lines as Burt's response, are you by any chance using multiple data sources? If so, you may be running into this issue. The last comment on that page describes a possible workaround.