I'm trying to change redirect response after user submits an invalid e-mail (not stored in database).
To handle when the email is stored, following this instruction it's easy to figure out.
But, how can I set the redirect response when the e-mail is invalid?
Any help?
Thanks
You'll want to start by following the instructions that you linked to in order to create a custom passwords_controller.rb. Then you need to override the create method from the original devise/passwords_controller.rb
https://github.com/plataformatec/devise/blob/master/app/controllers/devise/passwords_controller.rb#L12
Instead of respond_with(resource) when the email is not successfully sent you could redirect to wherever you want.
Related
I'm using Management API V2 to create users and I'm setting their password in the creation process.
After that they're receiving an invitation email to confirm their email address because I'm setting the parameter "verify_email" to true.
What I need to do is:
Create User
Send the user an invitation email so they can confirm their email
address.
Giving them the option to set their own password, instead of me
setting it in the creation process "step 1"
I looked up in the community before asking, and I found that I can trigger password reset flow upon the creation, is there any different way to do it? because this doesn't look like the correct way to do it, there should be a way to do so.
Thanks
Triggering reset password email is the right approach. You can use authentication API to send the reset password email.
https://auth0.com/docs/api/authentication#change-password
More options are described here: https://auth0.com/docs/connections/database/password-change
We have a site that uses a "one-time" login process for password resets which are not initiated by the user themselves. (for instance, a password reset that is initiated by an admin or another employee) A URL is sent to the user via email which can then be used to reset their password. The URL can only be visited one time. (there's more to this for security-sake but I'll keep it simple) Recently, some users have complained that when they visit the link, it has already expired. The end result is that they can't reset their passwords using this feature. We discovered that the users in question have a spam filter or "link checker" in their environment that they do not have access to. This device visits the one-time link before the user is able to, to make sure its safe.
I'm trying to solve this issue and was wondering if there's a way I can detect these type of devices on the web server when the request is made? When the spam filter visits the link, is there something in the http request that would stand apart from a regular browser? Maybe they all use a specific custom HTTP header? Or maybe there's a regex I could use on the user agent? I haven't been able to catch one of these yet, so I'm not sure what the request looks like coming from a spam filter.
Anyone know of a way to detect spam filters of any vendor by looking at the http requests? I know it's a long shot but maybe they all use a specific header for reasons such as this?
I got approval to modify the design to remove the one-time aspect of the URL. This solves the issue and saves me the headache. Thanks for the suggestion, #PeeHaa
I'm trying to use the 'client_iden' target parameter to send pushes to multiple users at once. I've successfully created the client, but I'm unable to find the 'client_iden' parameter on the client creation page.
Does anyone know where this parameter can be found?
Sorry about that! I think that used to be there but we must have accidentally removed it. You should create a Push object with an access token for your Client. Then check the client_iden on that Push. Unfortunately that's probably the easiest way to find this information right now.
https://api.pushbullet.com/v2/devices
Username = your API key, password = blank
You can find all your device_idens in the returned json
(noob alert) Problem Statement: I have a chrome extension that takes that allows a user to bookmark a page by sending the details of bookmark to a server and storing the data under that user's profile.
This means I need to authenticate the user and then send the userID to the server every time
I send back bookmark.
Issues:
1)The bookmark is shown in the popup and then sent to the server, however if the user is not logged in(authenticated) the pop up should only show an interface that allows for user name pass not the book mark data, my issue, how would I achieve this? i know I have to use one pop file, but how would I have to separate interfaces?
2)What is the best method to authenticate the extention? and ensure that data are being sent from the extension only, i.e prevent attacks on the web service.
Can anyone help?
1) You can set popup page at any time with chrome.browserAction.setPopup.
So, the extension starts with the login form as the default popup under 'manifest.json'. After user login, set the browserAction popup to your main extension page.
2) Since the and user can edit anything on your extension code, you should prevent attacks or whatever from server-side i.e request tokens, request quota for ip and/or elapsed-time. And a simple authentication via POST under a SSL connection should be enough.
I am designing a RESTful API for a booking application and was quite happy to see I could map all details of the application to the 4 HTTP methods.
/users - GET, POST
/users/({id}|myself) - GET, POST, PUT, DELETE
/users/({id}|myself)/bookings - GET, POST
/users/({id}|myself)/bookings/{id} - GET, POST, PUT, DELETE
Example: Updating my own user uses a PUT to /users/myself.
But now I found out that one thing is missing: The possibility to request a new password if I forgot my old one. Any idea how I could add this?
Since the action is essentially an update -- a new password will generated -- I would use the POST verb. You'll have to figure out an alternative way of delivering the password unless you have already arranged some challenge/response protocol based on shared secrets that can be used to validate the requester in the absence of the password. The easiest way is probably to email the user at the account of record with a link that can be used to effect the change and display their new password.
Assuming by requesting a new password, you are referring to the typical action of the system assigning a new temporary password and then allowing the user to reset it, I would do somethign along the lines of:
POST : /users/myself/resetPassword
and then return the temporary password, send an email to the user or some other method of passing the new temp password back to the user.
/users/({id}|myself)/forgottenpassword/, GET or PUT
or just implement some way of telling the user to go to the website.