I am building a multi-tenant app. When a user creates an account they are required to enter an email + password. Once signed in, that user (the "Admin") can add additional users to their account. I'd like the ability to add users to be simple - requiring only an email address. Is the following process safe for adding users?
Admin goes to Add User form
Admin enters user's email address and clicks submit
Email + unique registration_key + registration_expiration gets entered into Users model
New user is sent an email with link to registration (like: http://account.myapp.com/registration/o4iwerl23msl424keree)
New user opens registration form and enters required password + password_confirmation fields
If registration_key in URL matches the one in the DB and it is before the registration expiration, then the user can register
Would you recommend an alternative? If this is safe, how do I get around the required password + password_confirmation fields in steps 2 & 3 of this process?
Seems reasonable enough to me.
I would add a state column to the User model. When you invite someone their stated would be invited until they've clicked the registration link and done all that stuff.
Then you can set the validations on password (or anything else that is not relevant at this stage) to not apply in this case
validates_presence_of :blah, :if => confirmed?
def confirmed?
state == 'confirmed'
end
This might also come in handy if the use wants to see which invited users successfully registered. If your users are going to have lots of states you might want to look at the aasm gem but that would be overkill for this.
Related
Basically what I have is that a user is created upon a booking (from their booking details), but they have to tick an option to actually have an account on the website. The latter type of user needs confirmation of email, but the previous - does not.
How do I ignore that a user is not confirmed dynamically based on some model attribute?
You can use skip_confirmation_notification! from the Confirmable module.
This would create the user but wouldn't send them a confirmation email. It would still require being confirmed for the user to become a devise user, but you can still retrieve the user using either the user.confirmation_token which would eq a unique token (NULL for confirmed users), or the user.confirmed_at would be NULL for non confirms, as a date is added when confirmed.
I am using devise invitable module in one of my application. I have a report feature in which a user(i.e sender) can share his own details in a form of a report with other users(i.e. receiver). The sender needs to input the email address of the receiver in an form. We search for the receiver's record in our users table and if there is no entry then we use devise invite feature to create a record for him/her and update the association for share details in share_information table. The receiver gets an email with a link to set his/her password. Everything works well if the receiver uses that link to set his/her password and claim his/her account. But if the user does not use the link to set password and tries to sign up instead then problem arises. In such scenario the earlier record for that user gets deleted and a new record is generated with a new user id. The association breaks as the share_information has association with the earlier user_id. How do I solve the problem and why does devise deletes the user? I did not find information about such event in devise gem documents. I did not add code as I think it is not a code problem. Though I could add it if somebody needs to refer. Any help or suggestion is appreciated :)
I think, devise user works in a certain way. If a user is invited and he does not claim the account but tries to sign up then devise just deletes the previous user and creates a new record. It makes sense too in a certain perspective. Anyways I had to solve the issue so the invited user was generated with a black password. I inserted a devise friendly token password in the record and then the devise would not delete the user. It would give a notice of user already exist.
user = User.invite!({:email => user[:email], :first_name => user[:first_name], :last_name => user[:last_name], :phone_number => user[:phone]}, current_user)
user.password = Devise.friendly_token[0,20]
user.save!
I need some gem that will allow users to interact with rails app through email, without need to register. For example: I publish something for sale, accompanied with email, and all of controls (CRUD, and submitting) I get on my email as links (delete, update, and so on). I'll like to, somehow connect it to devise, with opportunity of further registration using the same email with shopping history.
To publish something(services or products) for sale User has to fill:
name, email (validates unique), phone. That may or may not be used for future registration using devise.
in the same form may be: pictures, description, and other fields of product.........
the idea is to store: id, name, email, phone in user db without password, or be somehow pending for registration
Just create your own CRUD controller with authorization based on some hash that you will add to the URL. Store those hashes in the database and verify if user is legitimate to perform action.
Warning: anyone with the valid URL will be able to perform these actions.
Well, in comment you wrote that you want it to integrate with Devise. Devise supports login tokens but for existing users. You should then somehow virtually register them. Easiest approach would be to:
Include user email in the URL with some tolen
Check if we already have such user - add token verification here
user = User.find_by_email(params[:email])
if user.nil?
user = User.create(field_1: value1, field_2: value2)
end
sign_in(user)
redirect_to after_sign_in_path(user)
Done. User is authenticated based on the email and token included in the URL.
Devise is a fantastic gem available for basic or omniauth authentication sign_up and other things like sessions maintenance, resend confirmation password etc .
But is it possible using devise to map multiple email addresses to same user ?
Like I have 3,4 email ids such as
sahil#abc.com
sahil#xyz.com
sahil#mno.com
Use Case and Example
I have already registered with my first email id i.e. sahil#abc.com using an automated system and account is created. But i always prefer to use my other email_id i.e. sahil#xyz.com. So, i want to build a system where user can login using any one of the above email adresses with the same/different password. But there should be one single account for the user.
I'd say:
you've one email field
you have other emails stored somewhere
You could tell Devise that you allow login based on different fields.
I think the cooler way is to give a try to override the 'authentication_keys' method, as it allows you to define the keys.
But how ever , following link has a working solution :)
HTH
Here is what i exactly needed RoR Devise: Sign in with username OR email
def self.find_for_database_authentication(conditions={})
(self.find_by_email(conditions[:email])) || (AuthorizedEmail.confirmed.find_by_email(conditions[:email]).user if AuthorizedEmail.confirmed.find_by_email(conditions[:email]).present?)
end
What it does is :
Firstly tries to find the user record for authentication by searching with email id.
If it gets the record it returns the record else we go to next part.
It finds in the authorised emails table if there exists any validated and confirmed email in the table. If there is such an entry, it tries to find the user related to that particular authorised email and returns that.
I am using Devise for registration of a site with confirmable. However, I have two different roles for this site. The first role is the "main" role that uses the regular Devise signup procedure. Accounts in a second role are supposed to be created after the original user confirms their account, logs in for the first time and saves a certain model. For example, if a user signs up for the site (as role type 1) the get a confirmation email from Devise as normal. Next, they visit the confirmation link, verify their account and then fill out a form where they specify some friends that should also get accounts. The friends are role type 2 and they should get a different confirmation email than the original person who signed up their friends for the account. The accounts for the friends are created when the form filled out by the original user is saved. In addition, a person can edit and add more friends later so accounts might also need to be created on the update method of the relevant form/object and those new users will need to be sent the correct email. To be clear, I do not want to skip confirmation - I just want to send different confirmation emails to the user depending on their roles. I cannot figure out how to handle this properly. If I try to create the friends accounts in code when the form is saved with User.new, calling user.skip_confirmation! will automatically confirm them. However, I do not want anyone automatically confirmed - I just want to select a different customizable confirmation email to send depending on various conditions. Can someone point me in the right direction?
Check out send_on_create_confirmation_instructions method and comments for it in your /gems/devise-x.x.x/lib/devise/models/confirmable.rb