I'd like to verify a user's email address by sending them a verify-email-message. Do you know of a good Rails plugin that they've used or seen?
Since I didn't see anything good via Google, at this point, my thought is:
Add a verified boolean field to the user model. Default false.
After user is added (unverified), combine email with a salt (a secret), and create the sha1 hash of the email/salt combo. The result is the verification.
Send a welcoming / verification email to the user. Email includes a url that has the email address and verification as GET args to a verify action on my server.
The verify action recomputes the verification using the supplied email and checks that the new verification matches the one in the url. If it does, then the User rec for the email is marked 'verified'
Also will provide action to re-send the verification email.
Any comments on the above?
Thanks,
Larry
Devise
https://github.com/plataformatec/devise
Confirmable: sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in.
Recoverable: resets the user password and sends reset instructions.
Authlogic
https://github.com/binarylogic/authlogic
Also take a look at this Stackoverflow thread
Email confirmation in Rails without using any existing authentication gems/plugins
Hope this helped!
Devise is an amazing gem that can do this with very little effort.
Dont know of a plugin, but the Action Mailer guide covers some of what you want to do: http://guides.rubyonrails.org/action_mailer_basics.html
It shouldnt be too hard to build on the Guide example for your exact use case.
Related
I am trying to create a sort of recall system where an admin sends a message to the entire user base via email after which all users have to confirm the message by navigating a link in the email (Confirmation token) and retyping the message in. The would a submit button on the page which will check if messages match then clears a confirmation flag in the database. I am stuck on where to even begin here. I am not worried about comparison logic in the controller. I am confused about how to generate the confirmation tokens, sending them, then redirecting users to a page for confirmation. At the moment I am use Devise with Active Admin but I am open any other gem suggestions. If any of you could give me a link to a similar tutorial or problem that would be great! Yes I have done research before asking but it most results had little relevance.
U could do this with devise
I'll share what was recently done by me, which is almost similar to your Q.
I did not use Confirmation link or any token.
Only Admin can create user.
On creation of a user, an email is sent along with id and password.
Upon user login for first time, redirect him to edit account for only password change.
Note: U can use friendly token for generating random password.
I've upgraded to Devise 3.2.1 and Rails 4.0, and I'm trying to figure out my signup now that one doesn't login on confirmation.
I allow users to create a message and specify the recipient of the message via an email address. Then I send emails notifying the recipient that they've received a message on the service. If the recipient doesn't have an account on the service, I create the account without a password, and the email I send to the recipient acts a confirmation email. With prior versions, the recipient would then click on the link, thus confirming, and then be taken to a password creation stage and then finally, they'd have a confirmed account created with password and can go see the message.
With Devise 3.1, they no longer allow login via confirmation as they consider it a security risk, however I fear it may greatly increase the complexity of my sign up process. I can no longer redirect to a password creation page as they aren't logged in. I'm toying with the idea of taking them to a special signup page or creating the account and then sending a special form of password reset.
I don't want to notify them via email, then send them a second email as a confirmation. That adds unnecessary complexity to my signup.
I wondered if anyone else has dealt with this issue and how they handled it. I'd like to avoid using:
config.allow_insecure_sign_in_after_confirmation = true
as that will go away soon and is really not the right way.
Is there a secure, yet fast way to do this with Devise 3.2?
Thanks!
I'm switching to using sorcery ( https://github.com/NoamB/sorcery ) for greater control over authentication and building my flow with that.
This is precisely the problem that devise invitable gem solves in a secure manner. I would recommend using this tool, rather than trying to hand-roll your own solution which is more likely to contain security flaws.
The gem workflow is basically:
An admin invites a new user.
The new user is created with a random password. (I actually helped write this bit!)
The user is sent an invitation email. (This is fully customisable in how it works, but has some simple default settings.)
The user receives a link, which contains a URL with a unique invitation_token.
After clicking this link, the user must choose their real password.
I am developing an application which uses Devise for user authentication. It performs all standard task that Devise handles (e.g.: Email verification during user sign up). But a user may have multiple email addresses to access his account and I want to verify all those addresses too.
My design is: user will get a email field in his profile page to add another email address to access his account along with his existing email address. After clicking submit, an email verification will occur like first time sign up process and user will be able to use both of this email address after successful verification.
Is there any gem available for this? If I need to implement it by myself, how can I do this without breaking the existing system?
It's very late to reply but recently I faced similar issue and found one gem which lets user have many emails, user can login with any email, set one email as primary, and provides support for confirmable, authenticable and validatable for each email.
Here is the link to gem:
https://github.com/allenwq/devise-multi_email
Hope it helps someone facing same situation :)
I am using Devise with ActionMailer. I would like to allow users to create an account without email if they use Twitter. But I still need devise:confirmable if they choose to add email later on.
However, Devise automatically send confirmation email when an user create a new account, even if user does not supply it. Therefore, I got error when deploy my Rails app to Heroku:
ArgumentError (At least one recipient (To, Cc or Bcc) is required to send a message):
How can I prevent Devise or ActionMailer from sending confirmation email when there's no email address?
Thank you.
Devise has a skip_confirmation! method that should allow you to accomplish this, check out the confirmable.rb
Devise is a fantastic gem available for basic or omniauth authentication sign_up and other things like sessions maintenance, resend confirmation password etc .
But is it possible using devise to map multiple email addresses to same user ?
Like I have 3,4 email ids such as
sahil#abc.com
sahil#xyz.com
sahil#mno.com
Use Case and Example
I have already registered with my first email id i.e. sahil#abc.com using an automated system and account is created. But i always prefer to use my other email_id i.e. sahil#xyz.com. So, i want to build a system where user can login using any one of the above email adresses with the same/different password. But there should be one single account for the user.
I'd say:
you've one email field
you have other emails stored somewhere
You could tell Devise that you allow login based on different fields.
I think the cooler way is to give a try to override the 'authentication_keys' method, as it allows you to define the keys.
But how ever , following link has a working solution :)
HTH
Here is what i exactly needed RoR Devise: Sign in with username OR email
def self.find_for_database_authentication(conditions={})
(self.find_by_email(conditions[:email])) || (AuthorizedEmail.confirmed.find_by_email(conditions[:email]).user if AuthorizedEmail.confirmed.find_by_email(conditions[:email]).present?)
end
What it does is :
Firstly tries to find the user record for authentication by searching with email id.
If it gets the record it returns the record else we go to next part.
It finds in the authorised emails table if there exists any validated and confirmed email in the table. If there is such an entry, it tries to find the user related to that particular authorised email and returns that.