I'm using devise to handle user authentication with my rails app. I'd like to allow my users to sign up and be instantly logged in and receive a confirmation email.
Devise has the Confirmable module which sends out an email but requires the user to open up their mail application, find the email and click a link which then leads them to the site again.
I'd like to just email the user a confirmation that they signed up and that's it.
Is there a way for devise to do this or do I need to resolve to handling ActionMailer myself (if so, is there a quick and non-complex example)?
Many thanks!
-Tony
I'm pretty new to devise and rails, but I have set it all up in may app (rails 2.3.5) and got it working in it's basic functionality. I'm guessing some advanced devise users may teach you a trick to handle this in devise, but I'm going to say that you could easily handle this in a controller action, using some plain rails ActionMailer coding...
Here's a link that I ran across that will show you the basic approach. At the end of the tutorial, they gather the email parts from a simple web page, but you should easily see how to use the class to do it in code.
http://www.tutorialspoint.com/ruby-on-rails/rails-send-email.htm
check out #user.skip_confirmation!
it sets a user as confirmed but doesn't generate the confirmation_token or send the email.
Related
a have a client with a website built on RoR by other developer, the website uses devise for user authentication and registration.
The website allows users to registrate and then send them a confirmation email, when they confirm their email, then they can login, BUT they can't see the content until they are approved to see it.
My client ask me to don't allow users to login until two things happen: They confirm their email and him(my client) approve them to see the content.
I tried this adding active_for_authentication? to the user model and returning true or false deppending if they are approved or not, but like the documentation of devise saids: the method active_for_authentication? is overriden by other modules like confirmable.
How can i perform this two validation using devise?
thanks for your help
You have to add authorization control in your application.
So I advice you to use CanCan gem it's easy to set and it allows you to define access rules based on your criteria.
I use Rails 4.2 and Ruby 2.0. I want to create second way of registrations users using devise with auto generating password. User's email and pass must be sending in email. It really do?
The problem now is that the message is sending from the standard way of confirmed. I would like cancel it and use own confirmation method, which will contain the password and email.
Within a rails app i'm working on. I'm trying to add the ability for users to signup simply by entering their email address and then confirming their account via the confirmation email. I don't want the user to have to enter in any password. How would I go about doing this?
This example is useful, but requires for the user to enter a password: https://github.com/plataformatec/devise/wiki/How-To:-Email-only-sign-up
Should I just automatically use one password for all users?
Devise is built for authentication, which is either a password, or a quick check with a social network that this is actually the person they claim to be. The email address is used as identification.
If you just want to identify a person by their email, I suggest you create your own system for it. You can even add some of the Devise features in if you like. First, create a User model with an email attribute:
rails generate model User email:string
Once you've migrated the database, create a controller for it:
rails generate controller users
Then create a Session model and let each User create sessions by logging in. There'll be plenty of great tutorials on the web of how to create a system like this. Writing helper methods like current_user or user_signed_in? should be quite easy too.
Now for the last point, if you want people to sign in after they signed up using the email confirmation, how will you make sure that it is actually the same person signing in as the person who confirmed the email? Any malicious user could simply use an already confirmed account to sign in, unless you have to do an email confirmation every time you sign in...
So while you can do the above, I would seriously recommend to have some kind of authentication, whether it be with a password, or using OmniAuth to connect to social networks. There's a railscast for that here.
Not sure if this would help you, but based on the simplicity of the authentication process, I would suggest not to use Devise at all. You can just create an action in your SessionsController, which will compare the params[:email] (or however you are calling it in your app) against the emails listed in the UsersTable.
I've set up confirmable with devise and am sending emails in development and test mode. However, I couldn't find any good tutorials for triggering emails for other situations using devise.
For example if a user makes a reservation on my app- how can I email a confirmation to them?
ActionMailer Basics would be a good place to start.
I've upgraded to Devise 3.2.1 and Rails 4.0, and I'm trying to figure out my signup now that one doesn't login on confirmation.
I allow users to create a message and specify the recipient of the message via an email address. Then I send emails notifying the recipient that they've received a message on the service. If the recipient doesn't have an account on the service, I create the account without a password, and the email I send to the recipient acts a confirmation email. With prior versions, the recipient would then click on the link, thus confirming, and then be taken to a password creation stage and then finally, they'd have a confirmed account created with password and can go see the message.
With Devise 3.1, they no longer allow login via confirmation as they consider it a security risk, however I fear it may greatly increase the complexity of my sign up process. I can no longer redirect to a password creation page as they aren't logged in. I'm toying with the idea of taking them to a special signup page or creating the account and then sending a special form of password reset.
I don't want to notify them via email, then send them a second email as a confirmation. That adds unnecessary complexity to my signup.
I wondered if anyone else has dealt with this issue and how they handled it. I'd like to avoid using:
config.allow_insecure_sign_in_after_confirmation = true
as that will go away soon and is really not the right way.
Is there a secure, yet fast way to do this with Devise 3.2?
Thanks!
I'm switching to using sorcery ( https://github.com/NoamB/sorcery ) for greater control over authentication and building my flow with that.
This is precisely the problem that devise invitable gem solves in a secure manner. I would recommend using this tool, rather than trying to hand-roll your own solution which is more likely to contain security flaws.
The gem workflow is basically:
An admin invites a new user.
The new user is created with a random password. (I actually helped write this bit!)
The user is sent an invitation email. (This is fully customisable in how it works, but has some simple default settings.)
The user receives a link, which contains a URL with a unique invitation_token.
After clicking this link, the user must choose their real password.