I'm using Devise in my Rails 3.0.10 app where the Users that sign up must reply to the email Devise generates automatically.
But I wonder, how can I make Devise ignore this option for the first user that will sign up, and request email confirmation for the n next users?
Thanks in advance.
I couldn't think for a good reason to do this. Normally the first user is the administrator (or the owner) and he/she should never have to register. What I usually do is create the first user through a seed:
# db/seeds.rb
...
User.create!(email: "first#user.com", password: "YayIAm1AndHaveADifficultPassword")
...
Then when I have to deploy (this probably will go into capistrano but anyway) you run:
rake db:seed
This way you don't have to hack Devise to not to send the first user a confirmation e-mail.
Related
I am using Rails 4.0.2 and Devise 3.2.2 to handle user registration / authentication. I have enabled :confirmable but was wondering if there is a way to configure :confirmable?
eg: authentication key expiry...etc
Currently, when users sign up with email address: example#exmple.com, that email address stays taken/unavailable even when the user doesn't activate/verify that email address.
How do I configure Devise :confirmable so that the email address a user signed up with will becomes available again if the user does not activate in a period of time ?
Thanks!
check the following link it has enough information about confirmable module
[1]https://github.com/plataformatec/devise/wiki/How-To%3a-Add-%3aconfirmable-to-Users
I don't think the devise 'confirmable' will do that for you. However, you can use 'recoverable' to reset passwords for the account. It is very unlikely that someone different will now own an email account so your best bet is to add a "Forgot your password?" page using recoverable for your end users.
If you want to explicitly to remove the user entries, I think your best bet is to generate a rake task that checks when the user was created and that the account hasn't been confirmed. Then put that task on a cron so you run it say every night. Though I really don't see the need for it. I believe you're approaching the problem from the wrong angle, and I recommend recoverable as your approach.
Take care, and good luck!
At some mystery point X with this rails app hosted on heroku, a logged in user would suddenly be logged in as another user. I am using the devise gem for authentication.
This has occurred for 2 users that we know of. I am currently tracking down what the root cause of this issue could be.
What I need to do right now is invalidate all devise sessions in order to force users to login again. After a user logs in, the problem seems to go away.
I tried reseting my secret_token but I was not forced to login again. I then scaled my web dynos down and then back up. I also restarted the app. All trying to get the secret_token change to reset the sessions.
Any other ideas?
You should be able to change your session cookie name to invalidate all sessions, which lives in config/initializers/session_store.rb
YourApp::Application.config.session_store :cookie_store, key: '_change_me_session'
Changing your session_token will work if you're storing your sessions in cookies (default).
But if you're storing in active_record, then you can delete all the sessions by:
rake db:sessions:clear
then: BAM! no more sessions.
Update on the accepted answer, now it is
rake tmp:clear
rake -T
...
rake tmp:create # Creates tmp directories for sessions, cache, sockets, and pids
If your sessions don't store any other critical information, you could clear the sessions:
rake db:sessions:clear
Devise has a thing called timeoutable can you work with that?
Check out
module ClassMethods
Devise::Models.config(self, :timeout_in)
end
I'm just guessing that you could do something like:
User.all.each do |user|
user.timeout_in 1.second
end
But I'm not sure if this only manages new sessions.. and not existing ones?
Actually this is overly complex.. just try:
User.all.each do |user|
sign_out user
end
See this post Log out all user with Devise
to do something like this from the console you will need to check out this example and adjust it for your needs
How to sign in a user using Devise from a Rails console?
sign_out_all_scopes(lock = true) ⇒ Object
Sign out all active users or scopes. This helper is useful for signing out all roles in one click. This signs out ALL scopes in warden. Returns true if there was at least one logout and false if there was no user logged in on all scopes.
source:
http://www.rubydoc.info/github/plataformatec/devise/Devise/Controllers/SignInOut
When cookie store is used, we have to regenerate the app secret_token which is used to encrypt the cookies.
file to configure secret_token: config/initializers/secret_token.rb
bundle exec rake secret Can be used to generate a new secret token.
https://www.tigraine.at/2012/08/03/how-to-expire-all-active-sessions-in-rails-3
Try this on your controller actions.
def index
reset_session
end
Maybe this is simple and I haven't figured it out yet, but I want to send the confirmation email that is created when you run the devise views command.
I am running the following model method:
def send_invitation
User.find(self).send_confirmation_instructions
end
but when I run this I get
undefined method `send_confirmation_instructions'
there is a mailer in views/devise/mailer/confirm_instructions.html.erb
Is there a way to send that email without setting users to confirmable?
I don't fully understand the points at which you do/don't want the confirmation feature, but you could include Confirmable but override the methods for the Confirmable features you don't want. Or you could call User.skip_confirmation! after users are created, which automatically "confirms" the user, bypassing Confirmable when you don't want it.
I want users to interact with my site without having to create an account and then later create an account (supply password, name info..etc) if they want more.
This works fine but if user thought they've created an account and then tried to login (likely using a password they use all the time) Devise will through an Exception:
BCrypt::Errors::InvalidHash in Devise/sessionsController#create
Because password is nil. If they go through the signup and then signin again, it works.
I'm using devise (1.2.0), Rails (3.0.4) and Ruby 1.9.2
I mean I can go around it by creating a dummy password and have a field to say if the user has signed up (or check if other mandatory fields have been provided) then resetting the password on actual sign up but I think in all cases it shouldn't through the above exception.
Is there anything I can do/set to go around the problem?
The easiest way is probably to just generate a random one, using something like Devise.friendly_token[0..20] but you could also override the Devise controller and method for logging in, rescue the exception, and just redirect.
I'm using Devise to allow user signup as-well-as using my own user admin to create users manually. When I create a user in the admin, Devise sends a confirmation immediately to the new user. I believe this is due to the fact that both devise and my admin use the same model. How do I delay this email until the administrator is ready to send it?
Additionally, Devise's validation is requiring the admin set a password for the new user. I would much prefer the manually created users specify their own password when they respond the confirmation. Right now manually created users will not know their password unless I send it too them in a supplemental email.
#user.skip_confirmation! confirms the user, so the user can log in
without using the confirmation.
This works for me in devise 3.5
Stop devise to send confirmation email while creating user.
#user.skip_confirmation_notification!
Send confirmation instructions later
#user.send_confirmation_instructions
We do this in one of our apps. You can tell Devise NOT to automatically deliver the confirmation like this:
#user.skip_confirmation!
And then later, you can do
Devise::Mailer.confirmation_instructions(#user).deliver
For Rails 2.x you'd do something like:
DeviseMailer.deliver_confirmation_instructions(#user)
The solution is not so simple as #Ryan Heneise's answer. If you do #user.skip_confirmation! it confirms the user, so the user can log in without using the confirmation, so the confirmation letter in this case is useless. This solution does not allows the user to log in without the confirmation: Rails 3 with Devise for Authentication - How do I manually create a user?
There's now an easier way (was added back in v2.2.4)
Devise's confirmable module now includes the perfect skip_confirmation_notification! method which allows for a cleaner solution:
#user = User.new params[:user]
#user.skip_confirmation_notification!
#user.save
# ... do stuff, then later...
Devise::Mailer.confirmation_instructions(#user).deliver
I just spent some time looking into this, basically you just need to add this and setup delayed_job.
def send_confirmation_instructions
generate_confirmation_token! if self.confirmation_token.nil?
::Devise.mailer.delay.confirmation_instructions(self)
end
Add it in your user model as protected method to override the devise one in confirmable. Also, note the gem was just updated to add a new method to be overridden on create that sends the confirmation instructions.
There is now the devise-async project:
https://github.com/mhfs/devise-async
https://github.com/plataformatec/devise/wiki/How-To:-Send-devise-emails-in-background-(Resque,-Sidekiq-and-Delayed::Job)
Do you use delayed job ? It allows you to define single methods for delayed run.