I'm adding a function in my controller, the only goal is to trigger the forgot password procedure through API Request.
Here is the reset_password method-
def reset_password
#user = User.find_by_email(params[:email])
#user.send_reset_password_instructions
respond_to do |format|
format.xml { render :xml => user_api_ressource(#user, :xml)}
format.json { render :json => user_api_ressource(#user, :json)}
end
end
I'm receiving the mail with the reset password link, it opens the page where I can set a new password but when I submit the form it says that the token is invalid.
I'm using sendgrid to send email. I think it's not a token truncate problem.
I'm running the rails application on Heroku cedar with the latest version of devise.
Any idea ?
I just faced the same issue. In my case, it was because the user was unscoped. It seems like it doesn't the user is not found in that case.
It is in the Devise sources in /lib/devise/models/authenticatable.rb at line 113
recoverable = find_or_initialize_with_error_by(:reset_password_token, reset_password_token)
which do not search unscoped.
I'll fork the repo, let me know if you are interested too.
Related
I am currently having trouble getting OAuth to work in Rails 4 using the Sorcery gem. I have followed this tutorial on the Sorcery wiki to set everything up https://github.com/NoamB/sorcery/wiki/External and right now I am getting to this page during the authentication process with Twitter:
BUT when I click on the "Sign in" button, the callback URL isn't triggered properly. I have supplied the exact callback url that was given by Sorcery in this line of code in the sorcery.rb file:
config.twitter.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=twitter"
I've tried various things to get this to work, I've tinkered around with the "Permissions" in the Twitter developer console and I've try different configuration options but nothing has worked.
This is the code responsible for doing the callback from the Oauths controller generated through sorcery:
def callback
provider = auth_params[:provider]
if #user = login_from(provider)
redirect_to root_path, :notice => "Logged in from #{provider.titleize}!"
else
begin
#user = create_from(provider)
#user.activate!
reset_session # protect from session fixation attack
auto_login(#user)
redirect_to edit_user_path(#user), :notice => "Logged in from #{provider.titleize}!"
rescue
redirect_to root_path, :alert => "Failed to login from #{provider.titleize}!"
end
end
end
If anyone could provide any advice, suggestions or feedback, or if anyone has had experience doing this then that'd be greatly appreciated.
Please ask if you need more information to understand what I'm trying to do here.
Also does anyone think that Twitter might have changed something in their API that may make it incompatible with the current version of the Sorcery gem?
Thank you!
Can anyone guide me how to register a user from mobile device (rest API) in ruby on rails. I'm using Devise with Rails 3.0.
it is giving me this following error
NameError in Devise::CustomRegistrationsController#create
I've override the functionality of devise registration controller with the following.
def create
respond_to do |format|
format.html {
super
}
format.json {
build_resource
if resource.save
render :status => 200, :json => resource
else
render :json => resource.errors, :status => :unprocessable_entity
end
}
end
end
this solved the problem and I've added
skip_before_filter :verify_authenticity_token, :only => :create
to avoid authenticity check.
Wouldn't it be easier to make views for mobile than make an app on android/iOS? If you need API, then go with POST requests at /users/sign_up (and similar), for example,
browse localhost:3000/users/sign_up and change form's action parameter to action="/users.json", then click submit and you will receive the API's response, for me (on vanilla setup):
{"email":["has already been taken"],"password":["doesn't match confirmation","is too short (minimum is 6 characters)"]}
This way you can debug API (which follows standard conventions) with your browser. Notice that only :format parameter changes on rails routes (you can choose .json or .xml for APIs response)
POST info sent by my browser:
"utf8=✓&authenticity_token=n5vXMnlzrXefnKQEV4SmVM8cFdHDCUxMYWEBMHp9fDw%3D&user[email]=asd%40fasd.org&user[password]=321&user[password_confirmation]=1233&commit=Sign+up"
I have a popup that will only allow to view/save some information if the user is authenticated.
I am using devise.
In the controller before_filter it checks if user is signed in and if not, show a sign in page.
This sign in page is ripped down version of the site's sign in page, so that it fits nicely to the popup.
On the authenticate action I call authenticate_user!. Everything works fine when the user enters valid credentials. But when the credential is invalid, devise automatically redirects to site's sign in page (which as I stated is different and not fit for a popup)
I tried appending a rescue to the call, but to no avail.
Anyone could suggest a better/right way to do this please? :)
def authenticate
authenticate_user! rescue redirect_to "/popup/sign_in"
if user_signed_in?
respond_to do |format|
format.html {
flash[:notice] = I18n.t("logged_in_succesfully")
redirect_back_or_default(accounts_path)
}
else
flash[:error] = I18n.t("devise.failure.invalid")
render "/popup/sign_in"
end
end
I'm using Authlogic for my authentication system in a Rails 2.3.8 application for a client of mine. I have a model, CommunityEventUser, that needs to be updated with new attributes. The controller code is this:
def edit
#user = current_user
end
def update
#user = current_user
if #user.update_attributes(params[:community_event_user])
flash[:notice] = "You updated your profile!"
redirect_to community_event_user_path
else
render :action => :edit
end
end
It's just standard edit/update RESTful code. When I go to the view for editing the user account information, submitting the form with changes to any attributes besides password and password_confirmation, and leaving those last two fields blank redirects me to a page with this error on:
Template is missing
Missing template community_event_users/edit.erb in view path app/views
And this URL:
http://localhost:3000/events/user.%23%3Ccommunityeventuser:0x10495ad80%3E
However, when I do matching passwords in the two password fields, the user is updated correctly. I thought standard Authlogic use allowed simply ignored blank password and password_confirmation fields on update. What could be the problem here?
View code for edit:
- set_page_title "Login - Community Calendar"
%h2.replaced#h2-edit_account Edit Account
- content_for :sidebar do
= render :partial => 'community_events/sidebar'
= render 'community_event_user'
Instead of
render :action => :edit
you could use:
render :template => "community_event_users/edit"
So, do you have a file like:
"yourapp/views/community_event_users/edit.erb" ?
If not, use the path to your edit-view-file.
Here I've got two controller methods:
def invite
if request.post?
begin
email = AccountMailer.create_invite(#user,url)
AccountMailer.deliver(email)
flash[:notice] = "Invitation email sent to #{#user.email}"
rescue
#mail delivery failed
flash[:error] = "Failed to deliver invitation"
end
redirect_to :action => :show, :id => #user.id
end
end
and
def show
#title = "User #{#user.full_name}"
end
The problem is, when I send an invitation, and get redirected to ./show, I see no messages at all. If I change redirect_to to render, the message appears. Still, isn't it intended for flash to work in the immediate subsequent requests?
BTW, I'm using Rails+Passenger setup, could it be so that redirected request goes to another application instance?
The rescue block is setting flash[:error], not flash[:notice]. Is your view actually rendering both?
Googled better and found this discussion:
http://www.mail-archive.com/activescaffold#googlegroups.com/msg04284.html
The solution is there: replace the plugin with
script/plugin install git://github.com/ewildgoose/render_component.git -r rails-2.3 --force
Though I don't use ActiveScaffold, there is some legacy code that depends on render_component plugin. Updating plugin to branch version worked, though I'm planning to get rid of it completely.