I am coming to the end of my rails project now and I have done everything I wish to do apart from confirm the users account through email before creating it. I already have it to send an email to the user but I want the user to contain a link. It's far too late to add devise now as I already have a users table etc.
I have heard of having a confirmed field in the users table and having it set to false and then true on user confirmation, but I have no idea on how to implement this. Any ideas?
If anyone else has some other solutions or links to tutorials showing how to add such feature then that would be outstanding. The end is so close yet so far.
It's never too late to add devise. If I were you, I'd do exactly this.
But, if I were to implement confirmation functionality myself, this is how I would go about this:
For each user, make a hash (as in MD5 hash). There are many ways: 1) for each user generate its own and store in a dedicated table column; 2) make one out of password salt, user id and (optionally) some static strings; 3) something else.
Send a user an email with a link, which contains his id and that hash.
When someone hits your confirmation url, you extract user id and hash from query string, and compare them with what you have. If they match, then you mark user as confirmed.
Related
In all of my Rails applications I have a User model with name, email and password attributes (among others).
This seems to be the standard approach when building Rails apps.
The more Rails apps I build, the more I begin to wonder why the User.name is even necessary.
Wouldn't it be easier to just omit the user name everywhere right from the start?
From a user perspective, the sign up process will become easier. Instead of filling in four fields (username, email, password, and password confirmation), the user will have to fill in only three.
According to some usability experts this might increase the number of sign ups.
In addition to that, users will also have to remember less data, i.e. only their email address (which most people have memorized anyway).
So what might be negative implications of this approach?
I couldn't think of any so far.
You might need to make emails from your app personalized, maybe with greetings such as `Dear <%= username %>.
This doesn't mean you have to put name as one of the sign-up fields. You can put in the update form only, when the user edits their profile. Then you can make the edit_user_registration_path the after_sign_up_path_for devise.
I don't think using username is "standart" approach with rails apps. In fact, devise's vanilla approach is using only email on models.
However, being able to accept username or email has many other advantages. You may have other scenarios where users do not register at all. I mean, perhaps you are also creating accounts for users without any registration and you don't know their emails, if so using email will not be an option.
In some applications, we use more then 3 authentication strategies. Some users do not have a username or email at all..
In short, i think it really depends on your scenarios. But i am sure that using both email and username is not a rails convention.
If the main goal is a frictionless signup process then an OAUTH strategy would be the best way to go (4 fields of info down to two clicks), however you may want to collect the user info at a later time for a more personalized feel depending on what info you can capture from the callback.
Guys in Rails how do I implement confirmation emails such that a nonuser can post only after confirming the email. So any regular person without an account views the site, submits post, verifies email and then the post is active. I already have devise installed but it seems its more for authenticating users. Whats the approach to take to implement the feature above and is there a specific gem to use?
i think you will need to think in a different way
in your posts list/show actions you can show posts for active users, so if users didn't confirm their account their posts won't be displayed and once they confirm their posts will be shown automatically.
I guess devise' confirmable module can be used for the same. Devise is not just for authenticating . Just like :database_authenticatable for authentication, :confirmable is to verify if an account is already confirmed.
More details on using confirmable can be seen here DeviseConfirmable
I cannot specify a gem (and that is off topic).
Typically you generate a unique and unguessable (long and random) token, store it along with the entity that it finalises, have a route in your app that can accept the token and set a flag in the associated entity (in your case the post). Then construct the confirmation link that invokes that route - including the token data that you just generated - to put in the email.
You might add two fields to the posts table (that you keep hidden from the web page):
email_confirm_token (indexed unique string)
email_confirmed (bool)
And only display posts that have email_confirmed set.
The Ruby standard lib SecureRandom class is a good source of token data.
If you want to verify more than one type of entity, you might want to factor this out. The concept is sometimes called a "nonce"
I am using rails+devise. I want the user to be able to confirm multiple e-mails (the app would send for each address a mail with a "confirm" link, and then the user have one or many confirmed mails). It is possible to confirm one with :confirmable (doc :
http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Confirmable )
I thought that i could play with
- (Object) resend_confirmation_instructions
by changing the address but this is not the best solution.
Is there a solution with devise or do i have to implement this specific functionnality?
You'll have to implement this yourself. Devise has one email per account, by default.
You'd not only need to handle multiple emails, but presumably you'd also want multiple confirmation_token's, along with multiples of the other database fields relating to email confirmation (find them in the devise migration file that gets generated). I don't imagine this will be a simple thing to solve with devise.
However, this sounds like a counter intuitive thing to do. Perhaps you should update your question to include the requirements of your app, and the reason why you need to get confirmation from multiple email addresses. Someone may have a solution for how to architect your app such that it doesn't need this feature.
Users in my database have a non-unique display name; the only unique identifier is the UserId.
Normally, I would add a user to a Role using the following:
Roles.AddUserToRole(user.Username, role);
But now I don't have usernames, so I need to re-think all work related to Roles.
One messy option I can think of is to copy the Id of every user into the Username field just to satisfy SimpleMembershipProvider... though I'd rather somehow use extension methods to handle this if it's even remotely advisable and possible to do so... just so I don't have to clutter my Users table with a bogus column.
Any help here would be much appreciated.
Update:
Even if I copy the userId to the username column to get SimpleMembership working, I still need a username to create the user:
WebSecurity.CreateUserAndAccount(model.UserName, model.Password, etc)
So I'm at a loss of what to do, aside from rolling my own Membership.
Update again: I just realized I can pluck my email field and just use the Username column to store unique email addresses. I'm still interested in hearing how else this could be addressed.
You need something unique the user can enter to identify themselves during authentication, whether it is a username they user came up with, an email address, PIN, etc... Having the user remember a number generated as the unique identifier for the UserProfile does not seem like a good user experience. So whatever is used to uniquely identify that user, that is used during the log in process by the user, can be stored in the username column, if you do not want to add any additional columns. From the latest update to the question it looks like email address is being used to identify the user and you could store this in the username column without issue.
Adding columns to the UserProfile is easy to do and I would not shy away from it if it provides a better user experience and security. For example, if you want to capture a display name to display on the web site or in any communications with users you could add an email column and tell SimpleMembership that you want to use that to identify the user by changing a parameter in the WebSecurity.InitializeDatabaseConnection Method. You would change the parameter userNameColumn to be the name of your email column.
yes, either use the Ids as username or if the email is unique as username.
It is not a messy way btw with this situation. I would go with the id, if no one will eversee the userId.
I'm working on my first simple Rails app in which users submit sport "tweets" (e.g. "tennis, squash") and the server matches them up with partners. The server will return you a list of SportMatches based on similar tweets and you have different options (e.g. email, SMS) to reply back to someone's tweet and accept him/her as partner. Initially, the modeling was straight forward since: User has_many SportTweets and SportTweet belongs to User. Notifications were simply part of the User, or they could have been modeled as a 1-to-1 relationship to User.
My business requirements changed a little, as now I have anonymous users who can also post SportTweets. Because they don't have an account/profile, they must also submit notifications (e.g. email, SMS) with the tweet. I don't know how to model this the Rails way. SportTweets are now either anonymous, or authenticated-user-posted (AUP). So, now, my SportTweets table will have the following columns:
type: either "anonymous" or "AUP"
user_id: only for AUP
notifications_id: only for anonymous
sports: for all
post_date: for all
post_location: for all
etc.
There would be a Notifications table. A notification record would belong either to a User, or to a SportsTweet. I guess I would model this with polymorphic associations.
That just doesn't look like the Rails way. Did anyone come across a similar problem? How did you solve it?
Did a bit of searching and the answer is STI. See The Rails 3 Way - Chapter 9.
Use Devise if you can. I think this link might help you.
In some applications, it's useful to have a guest User object to pass around even before the (human) user has registered or logged in. Normally, you want this guest user to persist as long as the browser session persists.
Our approach is to create a guest user object in the database and store its id in session[:guest_user_id]. When (and if) the user registers or logs in, we delete the guest user and clear the session variable. A helper function, current_or_guest_user, returns guest_user if the user is not logged in and current_user if the user is logged in.
Followed by the code which you might find helpful in that page