how to seed encrypted password - ruby-on-rails

I will be seeding my database with real people's names and email addresses, and inviting them to join the site by sending an email to the address that's in the database, with the link back to the site. If I use Devise's 'database_authenticable' with the site, it creates an email column and a column for an encrypted password. However, since I'm only seeding the database with an email, and not a password, I'm not sure if this will create problems.
Should I leave the password column blank? Should I create a dummy password and invite them to change it? Any recommendations?
When answering this question, please take note of my username on this site and provide the level of detail required for someone with my username (and others of similar intelligence) to understand your answer. Thank you in advance.

The simplest way to do something like this (without having to muddy around with Devise itself) is to set the password as a hidden field on your signup form and set a default value for everyone (e.g password123)
You'll need to run
rails g devise:views
To allow you to customize the devise views and change the password field as a hidden field. Then in your User model, specify what you want to set the password to, e.g
before_validation: set_default_password
def set_default_password
self.password = 'password123'
self.password_confirmation = 'password123'
end
Then modify the devise emails to inform the user what their password is and advise them to change it ASAP.
NOTE: This is certainly not the best solution, but it is probably the simplest to run without messing with the Devise code.
One other option you could check out is the devise_invitable gem...
https://github.com/scambra/devise_invitable
This allows you to send invitations to users emails, and they then set their password from there. This may not fit your exact need, but I thought it was worth mentioning.
Related SO question can be found here....
Devise: Create User without Password then Require Password to Use Account?

Related

Ruby on Rails authentication without user name?

In all of my Rails applications I have a User model with name, email and password attributes (among others).
This seems to be the standard approach when building Rails apps.
The more Rails apps I build, the more I begin to wonder why the User.name is even necessary.
Wouldn't it be easier to just omit the user name everywhere right from the start?
From a user perspective, the sign up process will become easier. Instead of filling in four fields (username, email, password, and password confirmation), the user will have to fill in only three.
According to some usability experts this might increase the number of sign ups.
In addition to that, users will also have to remember less data, i.e. only their email address (which most people have memorized anyway).
So what might be negative implications of this approach?
I couldn't think of any so far.
You might need to make emails from your app personalized, maybe with greetings such as `Dear <%= username %>.
This doesn't mean you have to put name as one of the sign-up fields. You can put in the update form only, when the user edits their profile. Then you can make the edit_user_registration_path the after_sign_up_path_for devise.
I don't think using username is "standart" approach with rails apps. In fact, devise's vanilla approach is using only email on models.
However, being able to accept username or email has many other advantages. You may have other scenarios where users do not register at all. I mean, perhaps you are also creating accounts for users without any registration and you don't know their emails, if so using email will not be an option.
In some applications, we use more then 3 authentication strategies. Some users do not have a username or email at all..
In short, i think it really depends on your scenarios. But i am sure that using both email and username is not a rails convention.
If the main goal is a frictionless signup process then an OAUTH strategy would be the best way to go (4 fields of info down to two clicks), however you may want to collect the user info at a later time for a more personalized feel depending on what info you can capture from the callback.

Devise, skip confirmation until user tries to do something meaningful

I want to let new users signup and browse my site without having to confirm their email addresses, until they try to do anything meaningful like create a new project, upload a video or leave a comment.
Does Devise have any hooks for doing this sort of thing?
Try to do it in combination of postponing email confirmation via allow_unconfirmed_access_for and confirmed? for specific actions, like described in similar question1 and question2.
BTW, starting from Devise 2.2.4 allow_unconfirmed_access_for accepts nil for unlimited access without confirmation.

Rails/Devise - forcing password reset

I've implemented the ability to auto generate user passwords using Devise. Now when the user logs in to the system, I would like to force the user to reset the password. It seems like there is no such functionality built into Devise (please correct me if I am wrong). I can think of several ways to achieve this, but I'm sure there is a standard way of doing this.
Any tips would be appreciated.
Thanks.
Devise handles a password controller with associated views to change a user password. In application controller you can override some devise methods like after_sign_up_path , after_sign_in_path, after_confirmation_path etc with new_password_route which I remember is the router helper to change de password, not sure though. I will think that you are sending a mail with the generated password and a confirmation link. If not, what you are doing is kind of pointless. Generating a password so then the user has to change it is not right regarding UX. Just prompt the user with the desire pass at the beginning.
Good luck

Adding confirmed to a nearly complete rails application

I am coming to the end of my rails project now and I have done everything I wish to do apart from confirm the users account through email before creating it. I already have it to send an email to the user but I want the user to contain a link. It's far too late to add devise now as I already have a users table etc.
I have heard of having a confirmed field in the users table and having it set to false and then true on user confirmation, but I have no idea on how to implement this. Any ideas?
If anyone else has some other solutions or links to tutorials showing how to add such feature then that would be outstanding. The end is so close yet so far.
It's never too late to add devise. If I were you, I'd do exactly this.
But, if I were to implement confirmation functionality myself, this is how I would go about this:
For each user, make a hash (as in MD5 hash). There are many ways: 1) for each user generate its own and store in a dedicated table column; 2) make one out of password salt, user id and (optionally) some static strings; 3) something else.
Send a user an email with a link, which contains his id and that hash.
When someone hits your confirmation url, you extract user id and hash from query string, and compare them with what you have. If they match, then you mark user as confirmed.

Devise, how to downcase emails on save?

right now users can log into devise with their email & password. Problem is that email is saved case sensitive which is confusing users.
Does Devise have a setting to downcase the email, something like downcase_keys?
I know I can manually do this with a before_save but I thought I had read devise had this as an option out of the box. I just can't find the doc on how to set it to downcase?
Thanks
You should be able to configure it using case_insensitive_keys in config/initializers/devise.rb (see here).

Resources