I am using devise confirmable. I have some custom things that i need to override from devise's confirm! method, so in my user model i have the following method that overrides it:
def confirm!
super
gb = Gibbon::API.new(ENV['MAILCHIMP_API_KEY'])
gb.lists.subscribe({:id => ENV['MAILCHIMP_ID'], :email => {:email => self.email }})
end
This works perfectly. Now I am trying to have it so the user is automatically signed in after confirming, but cannot figure out how. I know that this is considered a security flaw, but I have weighed the risks and it is worth it for user experience in my site. I do not want to do anything with the routes file because this method is already working, so i should be able to do it from here. I have tried putting the following into my configuration file:
config.allow_insecure_sign_in_after_confirmation = true
but it does not sign the user in.
I've looked at the stack overflow page at Avoid sign-in after confirmation link click using devise gem? and it does not help so please don't mark this as a duplicate.
Thanks everyone.
Devise is a well known solution for authentication in Rails applications. It's full featured (it not only adds authentication but also password recovery, email changing, session timeout, locking, ip tracking, etc.) and can be expanded to add even more (like JWT authentication).
Devise initially stores the original password by encrypting it. The encrypted_password (field name in your model) gets stored in the database. Now, when you call User. find_by :email => "[email protected]" the password field is non existing.
You would change routes.rb and controllers/users/confirmations_controller.rb (maybe default path)
routes.rb to mapping users/confrimations_controller
devise_for :users, controllers: {confirmations: 'users/confirmations'}
confirmations_controller to automatically sign in and redirect to
def after_confirmation_path_for(resource_name, resource)
sign_in(resource)
any_path # redirect_to is not necessary
end
Generate the controller:
rails generate devise:controllers users -c=confirmations
Amend routes:
devise_for :users, controllers: {confirmations: 'users/confirmations'}
Then overwrite the show
method:
# app/controllers/users/confirmations_controller.rb
def show
super do
sign_in(resource) if resource.errors.empty?
end
end
def after_confirmation_path_for(resource_name, resource)
after_sign_in_path_for(resource)
end
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With