Windows 8.1
Ruby 2.0.0
Rails 4.1
Devise 3.xx
In my registrations_controller, I have the following:
#user.skip_confirmation!
prior to saving. This is working only partially, as confirmation email is not being sent out, but the confirmed_at field is being filled, and I can login using the credentials I used to register.
How do I skip confirmation altogether? If there are recommendations on how to confirm later (by an admin), that would be great.
As you don't want them to be able to login until they've later been confirmed by an admin, you can use skip_confirmation_notification! instead of skip_confirmation!. This will create the confirmation token and the user will need to be confirmed, but it won't send the email notification to enable them to confirm themselves. They won't be able to log in until they're confirmed. You can then call user.confirm! for an admin to confirm the user later. This should do the job, but the source code/comments might be worth a browse:
https://github.com/plataformatec/devise/blob/master/lib/devise/models/confirmable.rb
Related
I was looking to create a authentication, registration, password reset and email confirmation using Django.
Workflow:
Displays form to enter username, email address, password,
sends verification email, to email to be verified.
user is inactive until link verification is complete.
option to reset password through this page
I found this question posted in 2011
Django - authentication, registration with email confirmation
Summary:
django-allauth, last commit 25 days ago
django-registration, last comitt 4 months ago
any others?
Questions:
Since it is 2019 I thought to ask again and see what people recommend and use in 2019?
which do recommend and why? (easy of use, documentation, industry standard, involved community? etc.. )
thanks for the help
Your question is opinion based, so it will most likely get flagged as such - but I will try to answer anyways.
django-allauth is still, in my opinion, the best overall registration workflow for someone looking for social login or login with extra capabilities, such as email verification (which you seem to need). For regular login capabilities it is overkill, and you can just use the default django authentication for that. Don't forget you can always extend basic django authentication using custom authentication
If you are going to use django to create an API that serves react, swift, etc, you can also use django-rest-framework with an authentication package such as django-rest-knox to handle multiple token-based sessions.
I am trying to allow users to self register with ask password option using web services.I am also using captcha Verification ,when the users registers.
So once they register ,i send a mail with confirmation code ,username and tenant domain for updating the password.
I am trying to do this update password without a captcha.But seems i cannot update to confirm the verification code without having a captcha.
Is it possible to enable and disable captcha for different web services or is there any ways to activate and update the password of the account without captcha in wso2 5.1??
You can disable the captcha verification as follows.
Captcha.Verification.Internally.Managed=true
But, it will disable the captcha verification in every methods userInfoRecovery service and ask password feature. It is not possible to disable captcha from one service.
Admin user can lock/unlock users through management console. That you will be able to activate users. [1]
[1] http://isurad.blogspot.com/2014/09/how-to-lock-user-account-in-wso2.html
I want my rails app, which i use devise gem, not to give away the availability of an email in my database when a user requests to reset his/her password, after he/she has forgotten it while trying to login.
Please if possible you can also provide the link of the reference material for me to understand it better.
I assume you mean that you don't want the app to say that an account with that email address was found in your database in case this is used as a way to find account names to try and break into. If so, then devise has a paranoid setting which will mean that the messages for password reset, resend confirmation etc. are vague and say that an email will have been sent if that email address exists in the database, without actually saying if it does or not. (It doesn't do this for registerable because if someone tried to create an account with a duplicate email address, devise thinks they should be told the creation failed.) The line you need in your devise.rb initialiser is:
config.paranoid = true
It's probably already there, just commented out with a comment above explaining it.
Here's a link to the blog post announcing this feature:
http://blog.plataformatec.com.br/2013/11/e-mail-enumeration-in-devise-in-paranoid-mode/
I am using django-allauth to provide user login and authentication in my django project. And things were going smoothly till now, but I have come across two things which I do not know whether can be implemented in the current app. Any help is appreciated:
If we give the following setting ACCOUNT_EMAIL_VERIFICATION = True then after singing up the user account is not active until the user activates the email link. But what I want to do is to allow the user to be logged in, but keep the account active temporarily. Let us say if the user does not activate the account using the link within 7 days, the account will be blocked.
I want to allow the user to login using both the email and the username, is that possible? According to the current readme we can do only one of them.
Any kind of help is really appreciated.
Update
I have written a hack for the second problem and if you want you can check that out in my fork of django-alluth https://github.com/sachingupta006/django-allauth
As for the first problem, the Email Confirmations app stores the data the confirmation has been sent; I'd schedule a cronjob that runs every day and deactivates all accounts which haven't been confirmed for 7 days.
I would like when a user creates an account in Django, that the user information :
- Username
- Password
- Email
- First and Last Name
- Mobile
Gets also populated in my LDAP server. Also when the user get deactivated, this gets reflected in LDAP.
Authentication will still be done in Django.
I need the user information as i have another application which is getting the user info from LDAP. I need both to be have the same user universe.
Are there any snippet that does that already ?
I saw many code to authenticate thourgh LDAP, but what i really need is to populate the LDAP directory with my Django user on the fly
Thanks for your help
Check out this snippet, it should do exactly what you're after (a bit old though, so YMMV with newer django)