Reputation: 38900
has_secure_password and email verification
has_secure_password in rails works well for signing up users by checking :password and :password_confirmation then logging a :password_digest field in the database. However, if I want to be able to verify the email address (by sending an email confirmation) how would I be able to do this with rails?
Upvotes: 2
Views: 1326
Answers (3)
Reputation: 329
To add to Rishav Rastogi's response, make sure you add the appropriate checking to make sure the verification parameter is both sanitized and not null (or else, someone passing in a null verification token can gain access to the account of a user whose verification_token column is null.
It would also behove you to utilize the verified_at column in your secure checking.
(I can't comment on his answer due to lack of reputation)
Upvotes: 1
Reputation: 15482
Generally to verify an email address, you send an email to the concerned email address ( with a link ) and the user clicks a link / verifies it. The link generally contains a token used to uniquely identify that email address. So you can add a verification_token field to your model, may be add verification_email_sent_at and verified_at fields as well, to keep track and use a controller action
def verify_email
@user = User.find_by_verification_token(params[:verification_token])
if @user
@user.verification_token = nil
@user.verification_email_sent_at = nil
@user.verified_at = Time.now
@user.save
# above lines can be part of method like @user.verify!
redirect_to "/"
else
...
end
end
Also I'd strongly suggest instead of building your authentication solution take a look at
https://github.com/plataformatec/devise
Its pretty simple to use.
Upvotes: 3
Reputation: 30432
This is a pretty big question, and I'm not sure it has anything to do with has_secure_password. The gist is you will want a field on your user model, say confirmed, and make a mailer which sends the confirmation email, which has a link to a controller which will mark the user as confirmed.
I suggest you check out the ActionMailer guide to get started.
Upvotes: 0
Related Questions
- rails4 authentication with has_secure_password not working
- Rails: has_secure_password not performing validation
- has_secure_password insisting password is not being sent when it is
- Validating presence of has_secure_password only when password is in params
- Password Confirmation with has_secure_password
- Optional password confirmation in has_secure_password
- Rails Authentication with has_secure_password
- has_secure_password prevents setting a boolean to true
- has_secure_password User Authorization
- Creating An Email Authentication With Rails