Reputation: 14725
Able to log in without activating account using Restful
All of the restful authentication in my rails application is working but users are able to log in without activating their account.
When they use the URL that is emailed to them the account is activated (the activated_at column is updated).
Rails 2.3.5, Ruby 1.8.7
Upvotes: 1
Views: 122
Answers (2)
Reputation: 17172
In the user.rb model there an authenticate method that should look like this:
def self.authenticate(login, password)
return nil if login.blank? || password.blank?
u = find :first, :conditions =>
['email = ? and activated_at IS NOT NULL', login]
u && u.authenticated?(password) ? u : nil
end
If the account has not been activated the activated_at field will be NULL, if NULL do not allow the user to login until the account is activated.
Upvotes: 1
Reputation: 48636
If i remember correctly, you have to use the switch --include-activation to get it to work with activation.
If you have the time, i would suggest that you switch to Devise for authentication, though. It's much more Rails 3 oriented.
Upvotes: 0
Related Questions
- Ruby on Rails - RESTful API Authentication
- Restful Authentication -- how to log in a user without password
- rails auto login after email account validation with restful_authentication
- Does restful_authentiation work in rails 3?
- How do i skip activation in rails?
- Help with rails restful authentication
- Restful Authentication Issue
- Is the user logged in? (restful-authentication)
- Rails Restful-Authentication Plugin fails to login
- Inadvertent Session Hijacking Issue With Restful Authentication