I'm using active admin in my rails application.
I want to enter user's account page from active admin page because I want to check what the user exactly is seeing.
I thought that I can decrypt devise encrypted password, but I found out that I cannot do that Rails Devise, how to unencrypt a password?
I tried entering the site by using the encrypted password, but I couldn't.
How can I implement this?
If it so important, you can copy encrypted password from db and paste own encrypted password for this user. You can do it via rails c. After your actions rewrite password again. But it is a bad way. You must write some tests for your app.
There is an example in the Devise Wiki How to :
How To: Sign in as another user if you are an admin
The proposed solution replaces the current user in session, so I think you'll be signed out of ActiveAdmin.
Related
I have a User model in my rails application this is a devise Model which contains password field. i have activeadmin gem. How can we configure active admin ,So that it shows the password without encryption. Currently the application is showing the encrypted password in active admin screens.
It's not possible. You'd need to disable password hashing in Devise but it's - for good reason - an integral part of DatabaseAuthenticable.
Within a rails app i'm working on. I'm trying to add the ability for users to signup simply by entering their email address and then confirming their account via the confirmation email. I don't want the user to have to enter in any password. How would I go about doing this?
This example is useful, but requires for the user to enter a password: https://github.com/plataformatec/devise/wiki/How-To:-Email-only-sign-up
Should I just automatically use one password for all users?
Devise is built for authentication, which is either a password, or a quick check with a social network that this is actually the person they claim to be. The email address is used as identification.
If you just want to identify a person by their email, I suggest you create your own system for it. You can even add some of the Devise features in if you like. First, create a User model with an email attribute:
rails generate model User email:string
Once you've migrated the database, create a controller for it:
rails generate controller users
Then create a Session model and let each User create sessions by logging in. There'll be plenty of great tutorials on the web of how to create a system like this. Writing helper methods like current_user or user_signed_in? should be quite easy too.
Now for the last point, if you want people to sign in after they signed up using the email confirmation, how will you make sure that it is actually the same person signing in as the person who confirmed the email? Any malicious user could simply use an already confirmed account to sign in, unless you have to do an email confirmation every time you sign in...
So while you can do the above, I would seriously recommend to have some kind of authentication, whether it be with a password, or using OmniAuth to connect to social networks. There's a railscast for that here.
Not sure if this would help you, but based on the simplicity of the authentication process, I would suggest not to use Devise at all. You can just create an action in your SessionsController, which will compare the params[:email] (or however you are calling it in your app) against the emails listed in the UsersTable.
I intend to build a customized logic on Devise on Rails. Here is the logic: user can try to login, and if the does not exist, then it will create the account for the user. Just to skip the registration process.
Now sure how to hack into Devise. Please help!
Thank you in advance!
Edit: Sorry that I didn't make it clear enough: I have implement the on-create-validation on the user model to authenticate with another system. Logic is:
If success with another system's authenticator, then create a new user with the same password and login user.
Else login fail.
You know that if someone make typo he will create new account and will be mad that all of his/her stuff disappeared? When there is small amount of user then it isn't problem. But when your society will grow then it can make you some black-PR. You should rather check by AJAX call that there is user with that email/username/nick and if not then show the registration form, but on other hand this can be security issue if your users are signing in using non-public data like email or if username is different from nickname shown on your page.
Why would you want to skip the registration process? I don't see any benefits.
First, the user can enter the wrong username or password by accident.
Second, the user can enter the right username, but the wrong password. So he/she already is a registered user, but still get a new account.
Third, when a new user is automatically registered, how does the user actually now what his username or more importantly, his password will be?
Personally, why not just add "Remember Me" or "Forgot Password?" to your login form. If, for any reason, the user doesn't want to enter his login data or simply doesn't know his password required to login he can use these options.
Or, if you are working with permissions, why not just make a guest user if someone is not logged in?
What if they type in the wrong password or username on accident? Then you just automatically create them an account? IMO that would be a bad user experience. You either know your account or you don't. If you have an account and can't remember then you use the 'Forgot my ...'. If you don't have an account, then you go signup. You could implement oAuth and use accounts from a multitude of sites (i.e. Github, Twitter, Facebook, etc.) that would make it easier.
Devise is a fantastic gem available for basic or omniauth authentication sign_up and other things like sessions maintenance, resend confirmation password etc .
But is it possible using devise to map multiple email addresses to same user ?
Like I have 3,4 email ids such as
sahil#abc.com
sahil#xyz.com
sahil#mno.com
Use Case and Example
I have already registered with my first email id i.e. sahil#abc.com using an automated system and account is created. But i always prefer to use my other email_id i.e. sahil#xyz.com. So, i want to build a system where user can login using any one of the above email adresses with the same/different password. But there should be one single account for the user.
I'd say:
you've one email field
you have other emails stored somewhere
You could tell Devise that you allow login based on different fields.
I think the cooler way is to give a try to override the 'authentication_keys' method, as it allows you to define the keys.
But how ever , following link has a working solution :)
HTH
Here is what i exactly needed RoR Devise: Sign in with username OR email
def self.find_for_database_authentication(conditions={})
(self.find_by_email(conditions[:email])) || (AuthorizedEmail.confirmed.find_by_email(conditions[:email]).user if AuthorizedEmail.confirmed.find_by_email(conditions[:email]).present?)
end
What it does is :
Firstly tries to find the user record for authentication by searching with email id.
If it gets the record it returns the record else we go to next part.
It finds in the authorised emails table if there exists any validated and confirmed email in the table. If there is such an entry, it tries to find the user related to that particular authorised email and returns that.
I'm trying to do the following: I have a page with a form for login and password.
Is it possible to use this form for both registration and authorization. For example i'm visiting the page for the first time and enter my email and password. Then if such email already exists i get an error, otherwise an account is created for me. Searching for the way of implementing this gave no results.
Does anyone know hot to make it possible?
This approach has one drawback: If user mistyped password then he would probably never login again. Solution - to use email for password recovery.
Other approach is to let user input email and while user will type password check if email is already in database. If it's not available then add password confirmation field to the form.
How to make it possible? Just program the necessary logic on server-side and client-side.