I am using Devise with ActionMailer. I would like to allow users to create an account without email if they use Twitter. But I still need devise:confirmable if they choose to add email later on.
However, Devise automatically send confirmation email when an user create a new account, even if user does not supply it. Therefore, I got error when deploy my Rails app to Heroku:
ArgumentError (At least one recipient (To, Cc or Bcc) is required to send a message):
How can I prevent Devise or ActionMailer from sending confirmation email when there's no email address?
Thank you.
Devise has a skip_confirmation! method that should allow you to accomplish this, check out the confirmable.rb
Related
I'm trying to add email confirmation to a model called "Project" in a Rails app: users should be able to set an email address for a project, which is not saved until they click a confirmation link sent to the email address provided.
Although I have no need for its authentication features, I thought the Devise gem might be useful. I was hoping to use :reconfirmable to implement the feature: when the user tries to save an email to the project, it instead is saved to the unconfirmed_email column until they confirm.
It appears, partly, to be working -- the database is updated correctly, a token is generated, the "confirmation_sent_at" field is set. But no email template is rendered (and no email is sent). Looking at the code path in lib/devise/models.rb I can see how, before the email field is saved to, a method is called that intercepts that save and instead saves to unconfirmed_email. But where is the email send actually triggered? What do I have to do to activate it?
Assuming that you have correctly configured Devise to use the :confirmable feature and configured your email properly (as described in this answer). Then it should be as simple as calling this:
user.send_confirmation_instructions # where user is one of your Devise users
At the very least, making the send_confirmation_instructions call should show that the email is sending in the Rails log. If that is the case but you don't ever receive an email then you have your email configured incorrectly.
I've upgraded to Devise 3.2.1 and Rails 4.0, and I'm trying to figure out my signup now that one doesn't login on confirmation.
I allow users to create a message and specify the recipient of the message via an email address. Then I send emails notifying the recipient that they've received a message on the service. If the recipient doesn't have an account on the service, I create the account without a password, and the email I send to the recipient acts a confirmation email. With prior versions, the recipient would then click on the link, thus confirming, and then be taken to a password creation stage and then finally, they'd have a confirmed account created with password and can go see the message.
With Devise 3.1, they no longer allow login via confirmation as they consider it a security risk, however I fear it may greatly increase the complexity of my sign up process. I can no longer redirect to a password creation page as they aren't logged in. I'm toying with the idea of taking them to a special signup page or creating the account and then sending a special form of password reset.
I don't want to notify them via email, then send them a second email as a confirmation. That adds unnecessary complexity to my signup.
I wondered if anyone else has dealt with this issue and how they handled it. I'd like to avoid using:
config.allow_insecure_sign_in_after_confirmation = true
as that will go away soon and is really not the right way.
Is there a secure, yet fast way to do this with Devise 3.2?
Thanks!
I'm switching to using sorcery ( https://github.com/NoamB/sorcery ) for greater control over authentication and building my flow with that.
This is precisely the problem that devise invitable gem solves in a secure manner. I would recommend using this tool, rather than trying to hand-roll your own solution which is more likely to contain security flaws.
The gem workflow is basically:
An admin invites a new user.
The new user is created with a random password. (I actually helped write this bit!)
The user is sent an invitation email. (This is fully customisable in how it works, but has some simple default settings.)
The user receives a link, which contains a URL with a unique invitation_token.
After clicking this link, the user must choose their real password.
I am developing an application which uses Devise for user authentication. It performs all standard task that Devise handles (e.g.: Email verification during user sign up). But a user may have multiple email addresses to access his account and I want to verify all those addresses too.
My design is: user will get a email field in his profile page to add another email address to access his account along with his existing email address. After clicking submit, an email verification will occur like first time sign up process and user will be able to use both of this email address after successful verification.
Is there any gem available for this? If I need to implement it by myself, how can I do this without breaking the existing system?
It's very late to reply but recently I faced similar issue and found one gem which lets user have many emails, user can login with any email, set one email as primary, and provides support for confirmable, authenticable and validatable for each email.
Here is the link to gem:
https://github.com/allenwq/devise-multi_email
Hope it helps someone facing same situation :)
I'm using devise to handle user authentication with my rails app. I'd like to allow my users to sign up and be instantly logged in and receive a confirmation email.
Devise has the Confirmable module which sends out an email but requires the user to open up their mail application, find the email and click a link which then leads them to the site again.
I'd like to just email the user a confirmation that they signed up and that's it.
Is there a way for devise to do this or do I need to resolve to handling ActionMailer myself (if so, is there a quick and non-complex example)?
Many thanks!
-Tony
I'm pretty new to devise and rails, but I have set it all up in may app (rails 2.3.5) and got it working in it's basic functionality. I'm guessing some advanced devise users may teach you a trick to handle this in devise, but I'm going to say that you could easily handle this in a controller action, using some plain rails ActionMailer coding...
Here's a link that I ran across that will show you the basic approach. At the end of the tutorial, they gather the email parts from a simple web page, but you should easily see how to use the class to do it in code.
http://www.tutorialspoint.com/ruby-on-rails/rails-send-email.htm
check out #user.skip_confirmation!
it sets a user as confirmed but doesn't generate the confirmation_token or send the email.
I'd like to verify a user's email address by sending them a verify-email-message. Do you know of a good Rails plugin that they've used or seen?
Since I didn't see anything good via Google, at this point, my thought is:
Add a verified boolean field to the user model. Default false.
After user is added (unverified), combine email with a salt (a secret), and create the sha1 hash of the email/salt combo. The result is the verification.
Send a welcoming / verification email to the user. Email includes a url that has the email address and verification as GET args to a verify action on my server.
The verify action recomputes the verification using the supplied email and checks that the new verification matches the one in the url. If it does, then the User rec for the email is marked 'verified'
Also will provide action to re-send the verification email.
Any comments on the above?
Thanks,
Larry
Devise
https://github.com/plataformatec/devise
Confirmable: sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in.
Recoverable: resets the user password and sends reset instructions.
Authlogic
https://github.com/binarylogic/authlogic
Also take a look at this Stackoverflow thread
Email confirmation in Rails without using any existing authentication gems/plugins
Hope this helped!
Devise is an amazing gem that can do this with very little effort.
Dont know of a plugin, but the Action Mailer guide covers some of what you want to do: http://guides.rubyonrails.org/action_mailer_basics.html
It shouldnt be too hard to build on the Guide example for your exact use case.