I am developing a Rails 3.2 app. When a user signs up or when I create a user account in my admin panel, a welcome email is sent to them. I want to include a link on which the user can click to get to the password reset page (where they can set/change their password).
So what I want to do basically is to manually create a reset password token, create a link to the reset password page (where they select a new password) and include it in the welcome email. I do not want to send two emails (welcome and reset password).
I guess some of this code could be used but I do not know how.
https://github.com/plataformatec/devise/blob/master/lib/devise/models/recoverable.rb
How can I do this?
Thankful for all help!
Just had to do something similar to this and thought I'd post an answer if someone stumbles on this. Assuming you have devise correctly set up, all you need to do is make sure the user exists in the database and then redirect to the devise route. I leveraged their code here: goo.gl/cE5USm.
def password_reset_controller
user = User.find_by_email( params[:email] )
if user
redirect_to password_path(:user, email: user.email)
else
# do something different
end
end
In console if you call password_path(:user, email: user.email) -> "/users/password?email='email'"
Edit:
Alternatively, you can just use user.send_reset_password_instructions from goo.gl/aPQ8MU
Related
When I use FB.logout() the user gets logged out fine, but then the next time I do FB.login() it logs in the last user without the option to enter in new credentials. I can't find any information on how to forget the previously signed on user. Is there a parameter I can pass into logout or login that would forget the previous user?
I found out that the behavior I wanted could be achieved by deleting the users permissions with the following snippet before logging the user out.
FB.api(`/${fbUserId}/permissions`,
'delete',
{access_token: fbUserAccessToken})
I haven't logged into the wordpress backend of my website in a couple years.
Now, however, none of the passwords I use seem to work. I request a reset, but I NEVER get the email.
I went into PHPMyadmin to change the password of the user, but that doesn't seem to work. The site is still not accepting the new password. I created a new user from phpMyAdmin and that user is still not recognized. So I'm not sure the database I'm updating is the correct database, however it's the only one available. Have I been hacked? I don't understand how none of my passwords are working, I am not receiving lost password emails nor are any of my new users or changed passwords from the phpMyAdmin being recognized.
https://wordpress.org/support/article/resetting-your-password/
Login to your site via FTP and download your active theme's functions.php file.
Edit the file and add this code to it, right at the beginning, after the first
wp_set_password( 'password', 1 );
Put in your own new password for the main admin user. The "1" is the user ID number in the wp_users table.
Upload the modified file back to your site.
After you then are able to login, make sure to go back and remove that code. It will reset your password on every page load until you do.
Just in case you don't have access to database and don't have the user id, use the below code in your active theme's function.php:
Refer here for more options: You can use | ID | slug | email | login
$user = get_user_by( 'email', 'user#example.com' );
$id = $user->ID;
$password = 'your_new_password'; // Plain text password
wp_set_password( $password, $user_id );
Now the new password is: your_new_password.
Make sure to remove the code after your site is loaded once. You won't be able to login without removing this code as it will reset the password everytime page loads.
Definition of strange:
My app's session model seems to work fine. The cookie (user.remember_token = SecureRandom.urlsafe_base64) is stored, the signin persists. Life is good.
Yet, when a user edits their profile and clicks submit, they are logged out.
This SO Question makes me think that Rails is ending the session because of XSRF.
But why?
Instead of posting all my code here, one link gets it all: https://github.com/chiperific/arcwmi_reports
Help!
Your problem is in the User model:
before_save :create_remember_token
def create_remember_token
self.remember_token = SecureRandom.urlsafe_base64
end
This will modify the remember_token whenever the user is saved - that is, when the user is created or updated. And when a user updates his/her profile, the remember_token is changed. This causes the login system to notice that the cookie no longer matches the user - and logs the user out.
The fix - use before_create instead of before_save.
Is there a way for us to configure devise to go to a specific page after sign up? Something like after_sign_up_path for. I want the users to update their profile on first login after signup, so want to redirect them to edit_user_path(current_user).
Got it. Below is how i implemented it.
scope = Devise::Mapping.find_scope!(user)
sign_in(scope, user, {})
redirect_to edit_user_path(current_user)
Not sure if you know it already
But there is a after_sign_up_path_for method which you could override now
https://github.com/plataformatec/devise/blob/master/app/controllers/devise/registrations_controller.rb#L98
I installed rails_admin first with model name as rails_admin_user.
The first time I logged in, I clicked 'sign up' and created admin user account.
Now every time I want to login; there is a 'sign up' link still there.
Seems that anyone can create account for admin interface of rails_admin.
If this is true, please let me know how to restrict admin user creation process.
Hey, here is how you do it. Go to your user or member model, depending on how you set up devise, and remove registerable from devise attributes. This way the sign up link will disappear.
Late but still good to share I think. You could do this to show signup for first user only, which will hopefully be you.
devise :registerable if User.empty?