I already migrating from restful_authentification to devise.
I follow every steps. I succeed sign up new user, confirm it.
also login with it's user. Everything is going right.
Until I found a bugs. That some of current user who already able to login with restful_authentification,
cannot login. It returns "Invalid username and password".
It is possible the reason is coursed from different password encryption system between restful_authentification and devise?
Or Devise didn't allow some characters on password?
Please help me? Its already 2 days find ways to resolve the issue
Thanks
Did you configure Devise to use the :restful_authentication_sha1 encryptor, the correct pepper and stretches? See https://github.com/plataformatec/devise/wiki/How-To:-Migrate-from-restful_authentication-to-Devise
I do not know restful_authentication, but i think you will have to reset the passwords of all the users that existed before. It is safe to assume that devise uses a different algorithm to encode the password.
When resetting the password from the console, you need to specify the :password and the :password_confirmation, otherwise it will not work.
Related
Stack:
Devise 3.1.1
Rails 4.0.5
Omniauth 1.2.2
I started running into this issue where users can reset their passwords (via email), but the changed password never gets saved. Basically the only way they can login is through password reset.
I'm not necessarily looking for a solution, but can anyone recommend how to DEBUG what is going on? Ideally I'd like to follow the password reset path within Devise so I can verify the new password is getting saved, but I don't know where to start looking or where to put "puts" statements.
Also, it only happens on SOME accounts, which is even weirder.
Turns out a bug on my part. I was improperly overriding find_first_by_auth_conditions
I am using Rails 4.0.2 and Devise 3.2.2 to handle user registration / authentication. I have enabled :confirmable but was wondering if there is a way to configure :confirmable?
eg: authentication key expiry...etc
Currently, when users sign up with email address: example#exmple.com, that email address stays taken/unavailable even when the user doesn't activate/verify that email address.
How do I configure Devise :confirmable so that the email address a user signed up with will becomes available again if the user does not activate in a period of time ?
Thanks!
check the following link it has enough information about confirmable module
[1]https://github.com/plataformatec/devise/wiki/How-To%3a-Add-%3aconfirmable-to-Users
I don't think the devise 'confirmable' will do that for you. However, you can use 'recoverable' to reset passwords for the account. It is very unlikely that someone different will now own an email account so your best bet is to add a "Forgot your password?" page using recoverable for your end users.
If you want to explicitly to remove the user entries, I think your best bet is to generate a rake task that checks when the user was created and that the account hasn't been confirmed. Then put that task on a cron so you run it say every night. Though I really don't see the need for it. I believe you're approaching the problem from the wrong angle, and I recommend recoverable as your approach.
Take care, and good luck!
I want users to interact with my site without having to create an account and then later create an account (supply password, name info..etc) if they want more.
This works fine but if user thought they've created an account and then tried to login (likely using a password they use all the time) Devise will through an Exception:
BCrypt::Errors::InvalidHash in Devise/sessionsController#create
Because password is nil. If they go through the signup and then signin again, it works.
I'm using devise (1.2.0), Rails (3.0.4) and Ruby 1.9.2
I mean I can go around it by creating a dummy password and have a field to say if the user has signed up (or check if other mandatory fields have been provided) then resetting the password on actual sign up but I think in all cases it shouldn't through the above exception.
Is there anything I can do/set to go around the problem?
The easiest way is probably to just generate a random one, using something like Devise.friendly_token[0..20] but you could also override the Devise controller and method for logging in, rescue the exception, and just redirect.
I'm using Devise in a Rails 3 app, and I successfully configured it so that it uses a username as its authentication method instead of an email. The problem is that in the default registrations controller for devise, it calls an "update_with_password" method on the params passed in, which effectively allows users to change their username, and password. This behaviour makes sense if you're using email as an authentication method, since it's reasonable to expect people to be able to change their email. However, with using usernames, I'd rather users not be able to change them; I only want them to be able to change their password. Would this best way to do this be to override the RegistrationsController, and prevent the mass-assignment of params so that only the password can be changed?
Hope this is clear. Thanks!
Ok, I solved it. I added attr_readonly to the username variable, so that it cannot be changed with mass assignment.
As the title says: how can I use the Restful Authentication Plugin with Ruby on Rails. When I want to create a new user, it requires me to set the (wrong-named, confusing field) login (= username), email address and password. However, I want, like Facebook does, to require the user to enter only an email address and password, not a username. People will also login with this email address.
Can anyone help me?
Can you hash the email to a unique user-name and just never expose the field to the user?
Restful Authentication includes generators that set up your models and migrations. You're free to edit those as you see fit.
You would just need to edit the validations in the User model for the login field. I'm not sure if the default users table migration include :null=>false for the login field, but that's a simple fix as well.
Set the username and email to the same value?
What BlueRaja says, or use authlogic, which can easily be modified to support what you are trying to achieve.
Also, if you're going to do this, why not go the next step and support OpenId? It's available as an addon to authlogic.
I forked a version of restful auth and modified it to not use usernames. Not thouroughly tested with all options but it passes the tests. Check it out if you want: https://github.com/jamiequint/restful-authentication