For some reason we need to provide a direct sign on link to our user by email.
something like:
www.website.com/user/sign_in/:hash
And the user click on the link he would be automatically sign in.
But I have no idea where to start and it doesn't seem to be built in the gem.
You'll want to use an auth token to sign the user in directly. This SO answer probably has all the details you need on getting this implemented properly.
Related
Is it possible to send an email with a user with a link that automatically sign him in based on authentication_token or something similar? (No login required).
Sure, it is possible. Just send a link to login with a query string containing the username that should be logged in. When your login code gets this, sign the user in.
Just be sure to generate a unique token instead of just using email/username
And also you should tell users that the link can be used to sign in since they might forward it to others.
I'm using Devise with my Rails app and I'm looking at using the Omniauth-Facbook gem. My app has views that show the users's by user name. What I haven't been able to figure out is how I can prompt a user for a user name when doing this.
I know that I can request this from Facebook, if the user has created a FB user name. Many people have not specified a user name for their FB account, so this does not seem like the best approach. I've read other answers which indicate that perhaps the email should be used instead, which works if the user name is solely for logging on, but this is obviously not a good idea if the user name is going to be shown on user views.
If anyone could provide guidance on how to best prompt or get a user name while registering someone through Omniauth-Facebook, that would be very appreciated. Thank you!
when you sign up for facebook, then check whether they have username in the facebook, if no,then just redirect to your path to update the username?
I intend to build a customized logic on Devise on Rails. Here is the logic: user can try to login, and if the does not exist, then it will create the account for the user. Just to skip the registration process.
Now sure how to hack into Devise. Please help!
Thank you in advance!
Edit: Sorry that I didn't make it clear enough: I have implement the on-create-validation on the user model to authenticate with another system. Logic is:
If success with another system's authenticator, then create a new user with the same password and login user.
Else login fail.
You know that if someone make typo he will create new account and will be mad that all of his/her stuff disappeared? When there is small amount of user then it isn't problem. But when your society will grow then it can make you some black-PR. You should rather check by AJAX call that there is user with that email/username/nick and if not then show the registration form, but on other hand this can be security issue if your users are signing in using non-public data like email or if username is different from nickname shown on your page.
Why would you want to skip the registration process? I don't see any benefits.
First, the user can enter the wrong username or password by accident.
Second, the user can enter the right username, but the wrong password. So he/she already is a registered user, but still get a new account.
Third, when a new user is automatically registered, how does the user actually now what his username or more importantly, his password will be?
Personally, why not just add "Remember Me" or "Forgot Password?" to your login form. If, for any reason, the user doesn't want to enter his login data or simply doesn't know his password required to login he can use these options.
Or, if you are working with permissions, why not just make a guest user if someone is not logged in?
What if they type in the wrong password or username on accident? Then you just automatically create them an account? IMO that would be a bad user experience. You either know your account or you don't. If you have an account and can't remember then you use the 'Forgot my ...'. If you don't have an account, then you go signup. You could implement oAuth and use accounts from a multitude of sites (i.e. Github, Twitter, Facebook, etc.) that would make it easier.
I am using Twitter OAuth. When a user clicks on link on my website, twitter asks user to login to allow my application to authorize. After user has authorized my application, I want him to automatically follow me. Is there a way to do that? Or it is not possible and user has to click on "Follow" button to follow me?
You can make the user create a friendship with you using this method
https://dev.twitter.com/docs/api/1/post/friendships/create
Couldn't find solution to it. I guess it is not possible!
How can I use both registerable and omniauthable modules in Devise?
Specifically I'd like to be able to let users do the following:
Register/login with email and password
Register/login with Facebook (via omniauth)
Attach or remove a Facebook account to their account so they can login with either their email or their Facebook account.
I don't know how to do 3 at all.
1 and 2 are done, but where it gets weird is if the user registered with a Facebook account, I don't need to show (or require) them to enter a password to update their profile.
So, how can I...
Let users attach a Facebook account to their current account so they can login with either.
If the user only signed up with a Facebook account, how do I hide (and not require) the password fields when editing their settings.
Let users attach a Facebook account to their current account so
they can login with either.
in the user setting page add a link to "link to Facebook account"
the link just drive the user through the normal Facebook authentication processes using the OmniauthCallbacksController, just make sure in your OmniauthCallbacksController facebook method you add some code to see if the user is already logged in and if he is you just add an authentication token for the user (I have a table that stores the authentication token for each user)
If the user only signed up with a Facebook account, how do I hide
(and not require) the password fields when editing their settings.
Take a look at this: https://github.com/plataformatec/devise/wiki/How-To:-Allow-users-to-edit-their-account-without-providing-a-password
Hope this help.
You might find this article interesting:
http://www.ruby-on-rails-outsourcing.com/2011/05/06/how-to-merge-facebook-account-into-existing-user-account-using-devise/
Just ran through this myself as I was looking into the same thing, and it worked great for me, but one additional note that is incredibly easy to overlook as it's barely mentioned in a single paragraph; don't forget to generate a migration to add facebook_uid to the user model.