I want to let new users signup and browse my site without having to confirm their email addresses, until they try to do anything meaningful like create a new project, upload a video or leave a comment.
Does Devise have any hooks for doing this sort of thing?
Try to do it in combination of postponing email confirmation via allow_unconfirmed_access_for and confirmed? for specific actions, like described in similar question1 and question2.
BTW, starting from Devise 2.2.4 allow_unconfirmed_access_for accepts nil for unlimited access without confirmation.
Related
I've been asked to implement 2FA with email codes, like you get from Steam (and many banks), after you haven't logged in for awhile. I initially thought this would have been a flag I could turn on in the Devise config, but I can't find ANY place on the internet that talks about something like this. The desired process would be to generate and email a one-time pad to enter into a confirmation screen. Every reference I've found to 2FA with Devise refers to using things like SMS or an authenticator app.
Working within the framework of Devise, it seems like this might possibly boil down to unconfirming the user every so often, maybe like every other day. That way, the next time they log in, they get another email with a new link to "re-"confirm the login. The best I can find is Warden::Manager.after_authentication to set user.confirmed_at = nil, but this doesn't seem to be doing what I want.
Thanks to a friendly person on Github, I was directed to the Devise plugin, https://github.com/Houdini/two_factor_authentication, which does exactly what I wanted. I knew someone had to have already written it!
I am trying to customise the confirmation email in order to pass an extra variable than the resource and confirmation token.
In particular what I want is to get the existing (soon to be overridden) email of the user passed into the confirmation email so that when the user clicks on the confirmation link, the page he goes to will have the user's old email in the parameters.
I'm not sure where I will need to make this change exactly (maybe mailer view or devise mailer?) and also what is the best way to override this in my rails app without touching the devise gem at all?
Or maybe there is even a better way I can get the user's old email after he confirms on the link but, as far as I'm aware, once that happens the old email is gone for good.
Use rails generate devise:views.
This will generate all the views that Devise uses internally so you can make your modifications.
NOTE
This will generate erb templates. If you wish to use haml or anything else. Here is a tutorial on how you can go about this process.
I am using rails+devise. I want the user to be able to confirm multiple e-mails (the app would send for each address a mail with a "confirm" link, and then the user have one or many confirmed mails). It is possible to confirm one with :confirmable (doc :
http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Confirmable )
I thought that i could play with
- (Object) resend_confirmation_instructions
by changing the address but this is not the best solution.
Is there a solution with devise or do i have to implement this specific functionnality?
You'll have to implement this yourself. Devise has one email per account, by default.
You'd not only need to handle multiple emails, but presumably you'd also want multiple confirmation_token's, along with multiples of the other database fields relating to email confirmation (find them in the devise migration file that gets generated). I don't imagine this will be a simple thing to solve with devise.
However, this sounds like a counter intuitive thing to do. Perhaps you should update your question to include the requirements of your app, and the reason why you need to get confirmation from multiple email addresses. Someone may have a solution for how to architect your app such that it doesn't need this feature.
What I’d like to achieve is a typical use case: a user enters his email address into a form. After sending the form to my application an email with a random generated link should be sent out to the user which he has to click to confirm his email address. After clicking the link the address should be marked as valid in my application.
My main questions are:
What is the best way to generate such random links?
What is the best way to map the click on such a random link to the address in my database?
Thanks :-).
It's also provided out of the box in Devise: https://github.com/plataformatec/devise
See confirmable option.
Use AuthLogic. It does all this for you.
Like #apneadiving and #Brian pointed out you have that feature in Devise and AuthLogic, but in case you need to roll out your what better way than to learn from them:
Set up a confirmations route
Set up a confirmations model
Set up a confirmations controller
The logic is to generate a random token (md5, sha1, whatever..) store it and send it.
When your confirmations controller is called you accept the confirmation for the token passed as param.
I'm working on this alerting service in Rails. And really, all I need to do is, when a user signs up, send a confirmation email to the user. And upon confirmation from the user, activate the user. I tried playing around with Matt Hooks' Authlogic email activation tutorial, but its really leading nowhere. So , any ideas how I can do this with minimum fuss ?
Thanks !
UPDATE
So how i got devise to do the job for me is :
Install the gem.
Create a migration for devise's confirmable fields.
Specify
devise :confirmable
in your model.
Create a confirm method in the relevant controller(and a route for that method) which would update the confirmed_at attribute of the relevant model.
The devise generator creates a few views for you, one which is confirmation_instructions.html.erb. Customize the path there.
I used Rails 2.3.2 and I 've used this method along with Authlogic's authentication and it worked well. I do plan to switch to devise completely.
In all honesty, I wanted to accept both answers (unfortunately I can't do that), but its just that the devise solution seemed a easier solution.
Assuming given the title that you definitely want to avoid Devise, Authlogic and friends, here's what I think you need to do:
Create 'confirmation code' and 'confirmed' attributes in your user model.
Create a new controller method on your user controller that expects a user id and confirmation code, looks up the user and then checks if the code in the parameter matches the code stored in the DB. If so, it clears the code and sets confirmed = true.
Create a route that maps e.g. /users/1/confirm/code to your new controller method.
Create an ActionMailer template for the e-mail you want to send. This should accept a user as a parameter, and use the confirmation code of the user to send a mail containing a link to your new route.
Create an observer for your user model. If the record is created or the e-mail address modified, then generate a random confirmation code, set it into the model and clear the confirmed flag. Then trigger your ActionMailer.
Create a helper method which allows views to check if the current user is confirmed.
Use this method to enable/disable functionality as appropriate. Remember to protect your controller methods as appropriate as well as your view logic.
You could also make use of scopes for selecting users.
class User < ActiveRecord::Base
scope :certified, where(:certified => true)
end
And then in your code:
#user = User.certified.find_by_username(foo)
Devise is an other excellent authentication gem that comes with email activation build in, perhaps you could give it a go.