I'm making a collaboration webapp where users could invite other users to their "workspace". The signup for invited users is done by google-oauth2.
Emails are used as unique user identifiers and the system only allows user B to access user A's workspace if user B's signup token has the same email address as user A registered in the invitation form.
How do I verify that user UserB#googlemail.com signing up and entering user A's shared workspace actually is the same as UserB#gmail.com which the invitation was sent to?
Related
The problem is in my users table, we already have email of user existing in our DB, so we try to apply one more layer which include google SSO which allow user to log in if and only if that user have the same email in our DB. But it turn out every user can login event if they don't have one.
If user doesn't have the same email in DB, redirect back to login page.
Hi there I am new to the Auth0 thing we are creating an app where we use passwordless auth0 user only has to put an email in our app then the auth0 link will send in the user email when the user clicks it will open out the app also the same time the user is created in our user database with
auth0Sub id, this case in staging and dev environment but now in a production environment we only allowed few users for login/signup this time client requirement he has the bulk of user JSON file where user email and information store so my team leader said I have to find an Auth0 related script where I can send(pass) our user JSON file and based on user email I will get
auth0Sub id as a response so that further I can manually store user data with
auth0Sub id in user collection of production environment however I searched google but was not able to find the correct answer
I almost feel stupid for asking, but I can't figure out how to resend a verification email to a user who can't login using email & password on Play Authenticate. I.e. a user signed up for an account, the token on the verification email has expired, and a new verification email is required.
I understand the original verification email is sent after the user account is created and subsequently logged in, but I can't figure out how to do it with the user not logged in.
I believe you have your order of events wrong, the email is sent after the account is created and BEFORE they log in. If they have already logged in, then they must have validated the email. If they never validated the email, I believe you just need to ask the user to re-signup and a new email will be sent.
..Chet
I am using devise_invitable in my application to invite users
https://github.com/scambra/devise_invitable
Using above plugin whenever any user is invited then that user is added in database.
User can accept invitation sent in mail and login into application.
Now, we have one more scenario in our application wherein invited user can also directly register into application with out accepting invitation.
When invited user tries to sign up into application, then validation message "User already exists" is thrown as user is already added in users table.
Can anyone please suggest best solution to allow invited user to register into application.
I don't know devise_invitable, but I think that you just have to override your Devise Controller, so that before trying to create an User, it will test its existence, and if the user has been added to the database but has never signed-in, you update its password and create a session instead of trying to create a new user with the same email !
I want to invite users to different events that are in my database and my user model is managed via devise.
With devise_invitable apparently every time I want to invite a user a new record is created or I get an error if the user identified by email already exists. Both is a problem in my use case since users should get access to events based on those invitations (which is handled already) and users potentially sign up to different events with different email addresses, still all should be one account.
So is there a way to convince devise_invitable to not create a new user account at the time of the invitation but only when the invitation is accepted and there isn't a logged in user?
Not really, Devise (and Devise_Invitable) was only intended as a registration for a User to a single service hence making the email address unique.
Have you thought of using Devise_Invitable purely as a registration service and just extending your User object to include a has_many EventRegistration attribute to store your event and email address combinations as you mentioned?