I'm trying to do the following: I have a page with a form for login and password.
Is it possible to use this form for both registration and authorization. For example i'm visiting the page for the first time and enter my email and password. Then if such email already exists i get an error, otherwise an account is created for me. Searching for the way of implementing this gave no results.
Does anyone know hot to make it possible?
This approach has one drawback: If user mistyped password then he would probably never login again. Solution - to use email for password recovery.
Other approach is to let user input email and while user will type password check if email is already in database. If it's not available then add password confirmation field to the form.
How to make it possible? Just program the necessary logic on server-side and client-side.
Related
I have a rails app and I have implemented devise, password resets etc that are built into devise.
I have a username field, however, I now need to allow the user to reset this too from the login page following the same flow as the way devise does password resets (recoverable).
I have a forget page where the user can select whether they have forgotten their password or username, the password flow is built-in devise, however, I'm unsure how to go about doing the username reset.
I have the views, but I need help with the backend so the flow I need is the user clicks that they have forgotten their username, they enter their email, they get sent a username reset email with a link with a generated token, clicking that link should send them to a page where they can reset there username.
Some images for reference
Any help here would be great.
#debugabug I think it can be an api call when user clicks on forget username or forget password. Having code common for both is better than to duplicate it.
The API call is a POST call with email address in case of 'forget username' or username in case of 'forgot password'. Based on the incoming parameter, backend can decide the next workflow.
I am trying to create a sort of recall system where an admin sends a message to the entire user base via email after which all users have to confirm the message by navigating a link in the email (Confirmation token) and retyping the message in. The would a submit button on the page which will check if messages match then clears a confirmation flag in the database. I am stuck on where to even begin here. I am not worried about comparison logic in the controller. I am confused about how to generate the confirmation tokens, sending them, then redirecting users to a page for confirmation. At the moment I am use Devise with Active Admin but I am open any other gem suggestions. If any of you could give me a link to a similar tutorial or problem that would be great! Yes I have done research before asking but it most results had little relevance.
U could do this with devise
I'll share what was recently done by me, which is almost similar to your Q.
I did not use Confirmation link or any token.
Only Admin can create user.
On creation of a user, an email is sent along with id and password.
Upon user login for first time, redirect him to edit account for only password change.
Note: U can use friendly token for generating random password.
Is it possible to send an email with a user with a link that automatically sign him in based on authentication_token or something similar? (No login required).
Sure, it is possible. Just send a link to login with a query string containing the username that should be logged in. When your login code gets this, sign the user in.
Just be sure to generate a unique token instead of just using email/username
And also you should tell users that the link can be used to sign in since they might forward it to others.
I intend to build a customized logic on Devise on Rails. Here is the logic: user can try to login, and if the does not exist, then it will create the account for the user. Just to skip the registration process.
Now sure how to hack into Devise. Please help!
Thank you in advance!
Edit: Sorry that I didn't make it clear enough: I have implement the on-create-validation on the user model to authenticate with another system. Logic is:
If success with another system's authenticator, then create a new user with the same password and login user.
Else login fail.
You know that if someone make typo he will create new account and will be mad that all of his/her stuff disappeared? When there is small amount of user then it isn't problem. But when your society will grow then it can make you some black-PR. You should rather check by AJAX call that there is user with that email/username/nick and if not then show the registration form, but on other hand this can be security issue if your users are signing in using non-public data like email or if username is different from nickname shown on your page.
Why would you want to skip the registration process? I don't see any benefits.
First, the user can enter the wrong username or password by accident.
Second, the user can enter the right username, but the wrong password. So he/she already is a registered user, but still get a new account.
Third, when a new user is automatically registered, how does the user actually now what his username or more importantly, his password will be?
Personally, why not just add "Remember Me" or "Forgot Password?" to your login form. If, for any reason, the user doesn't want to enter his login data or simply doesn't know his password required to login he can use these options.
Or, if you are working with permissions, why not just make a guest user if someone is not logged in?
What if they type in the wrong password or username on accident? Then you just automatically create them an account? IMO that would be a bad user experience. You either know your account or you don't. If you have an account and can't remember then you use the 'Forgot my ...'. If you don't have an account, then you go signup. You could implement oAuth and use accounts from a multitude of sites (i.e. Github, Twitter, Facebook, etc.) that would make it easier.
I followed the instructions for adding a username login instead of email (actually in addition to email) for Devise. Problem is when I go to actually sign in, there's a Javascript mechanism to make the login field red when a non-email address is entered. Then when you click the sign in button, there's Javascript to prevent you from signing in and presents a black bubble stating, "Please enter an email address".
Did I do something wrong? Are those Devise instructions out of date? How do I allow users to enter usernames instead of email addresses to login? I'm using the latest Devise and Rails (v3.2.8).
I think you did something wrong. I implemented a login similar to what you're describing recently and it worked just fine.
It sounds like you need to edit your devise templates. Have you generated them already? If so, you need to change the field types to text fields wherever you have an email field and make sure you're referencing 'login' instead of email.
The "Update your views" section of that link explains how to do that.