Confirm link creation with Ruby (on Rails) - ruby-on-rails

What I’d like to achieve is a typical use case: a user enters his email address into a form. After sending the form to my application an email with a random generated link should be sent out to the user which he has to click to confirm his email address. After clicking the link the address should be marked as valid in my application.
My main questions are:
What is the best way to generate such random links?
What is the best way to map the click on such a random link to the address in my database?
Thanks :-).

It's also provided out of the box in Devise: https://github.com/plataformatec/devise
See confirmable option.

Use AuthLogic. It does all this for you.

Like #apneadiving and #Brian pointed out you have that feature in Devise and AuthLogic, but in case you need to roll out your what better way than to learn from them:
Set up a confirmations route
Set up a confirmations model
Set up a confirmations controller
The logic is to generate a random token (md5, sha1, whatever..) store it and send it.
When your confirmations controller is called you accept the confirmation for the token passed as param.

Related

post only after confirming email

Guys in Rails how do I implement confirmation emails such that a nonuser can post only after confirming the email. So any regular person without an account views the site, submits post, verifies email and then the post is active. I already have devise installed but it seems its more for authenticating users. Whats the approach to take to implement the feature above and is there a specific gem to use?
i think you will need to think in a different way
in your posts list/show actions you can show posts for active users, so if users didn't confirm their account their posts won't be displayed and once they confirm their posts will be shown automatically.
I guess devise' confirmable module can be used for the same. Devise is not just for authenticating . Just like :database_authenticatable for authentication, :confirmable is to verify if an account is already confirmed.
More details on using confirmable can be seen here DeviseConfirmable
I cannot specify a gem (and that is off topic).
Typically you generate a unique and unguessable (long and random) token, store it along with the entity that it finalises, have a route in your app that can accept the token and set a flag in the associated entity (in your case the post). Then construct the confirmation link that invokes that route - including the token data that you just generated - to put in the email.
You might add two fields to the posts table (that you keep hidden from the web page):
email_confirm_token (indexed unique string)
email_confirmed (bool)
And only display posts that have email_confirmed set.
The Ruby standard lib SecureRandom class is a good source of token data.
If you want to verify more than one type of entity, you might want to factor this out. The concept is sometimes called a "nonce"

Devise: Place a variable in the confirmation email

I am trying to customise the confirmation email in order to pass an extra variable than the resource and confirmation token.
In particular what I want is to get the existing (soon to be overridden) email of the user passed into the confirmation email so that when the user clicks on the confirmation link, the page he goes to will have the user's old email in the parameters.
I'm not sure where I will need to make this change exactly (maybe mailer view or devise mailer?) and also what is the best way to override this in my rails app without touching the devise gem at all?
Or maybe there is even a better way I can get the user's old email after he confirms on the link but, as far as I'm aware, once that happens the old email is gone for good.
Use rails generate devise:views.
This will generate all the views that Devise uses internally so you can make your modifications.
NOTE
This will generate erb templates. If you wish to use haml or anything else. Here is a tutorial on how you can go about this process.

Devise, skip confirmation until user tries to do something meaningful

I want to let new users signup and browse my site without having to confirm their email addresses, until they try to do anything meaningful like create a new project, upload a video or leave a comment.
Does Devise have any hooks for doing this sort of thing?
Try to do it in combination of postponing email confirmation via allow_unconfirmed_access_for and confirmed? for specific actions, like described in similar question1 and question2.
BTW, starting from Devise 2.2.4 allow_unconfirmed_access_for accepts nil for unlimited access without confirmation.

Authlogic account activation rails

I have a requirement where the user creates an account through form with name and email. I need to send him an activation link once he clicks on it he must be able to choose a password. I am using authlogic please let me know the best way of achieving it.
Authlogic has very comprehensive guide; you can almost copy and paste everything:
https://github.com/binarylogic/authlogic

Email confirmation in Rails without using any existing authentication gems/plugins

I'm working on this alerting service in Rails. And really, all I need to do is, when a user signs up, send a confirmation email to the user. And upon confirmation from the user, activate the user. I tried playing around with Matt Hooks' Authlogic email activation tutorial, but its really leading nowhere. So , any ideas how I can do this with minimum fuss ?
Thanks !
UPDATE
So how i got devise to do the job for me is :
Install the gem.
Create a migration for devise's confirmable fields.
Specify
devise :confirmable
in your model.
Create a confirm method in the relevant controller(and a route for that method) which would update the confirmed_at attribute of the relevant model.
The devise generator creates a few views for you, one which is confirmation_instructions.html.erb. Customize the path there.
I used Rails 2.3.2 and I 've used this method along with Authlogic's authentication and it worked well. I do plan to switch to devise completely.
In all honesty, I wanted to accept both answers (unfortunately I can't do that), but its just that the devise solution seemed a easier solution.
Assuming given the title that you definitely want to avoid Devise, Authlogic and friends, here's what I think you need to do:
Create 'confirmation code' and 'confirmed' attributes in your user model.
Create a new controller method on your user controller that expects a user id and confirmation code, looks up the user and then checks if the code in the parameter matches the code stored in the DB. If so, it clears the code and sets confirmed = true.
Create a route that maps e.g. /users/1/confirm/code to your new controller method.
Create an ActionMailer template for the e-mail you want to send. This should accept a user as a parameter, and use the confirmation code of the user to send a mail containing a link to your new route.
Create an observer for your user model. If the record is created or the e-mail address modified, then generate a random confirmation code, set it into the model and clear the confirmed flag. Then trigger your ActionMailer.
Create a helper method which allows views to check if the current user is confirmed.
Use this method to enable/disable functionality as appropriate. Remember to protect your controller methods as appropriate as well as your view logic.
You could also make use of scopes for selecting users.
class User < ActiveRecord::Base
scope :certified, where(:certified => true)
end
And then in your code:
#user = User.certified.find_by_username(foo)
Devise is an other excellent authentication gem that comes with email activation build in, perhaps you could give it a go.

Resources