Menu
I am building an app in which I would like the users to automatically be remembered on their computers, without having a "remember me" check box.
I read that I may have to call @user.remember_me!, but not sure where to call it since the Devise controllers are hidden.
I was considering adding a hidden checkbox field in the sign_in form with the checkbox marked by default, but I was hoping I could do this on the controllers side.
Any idea how this could be done?
Thanks!
834
Rememberable manages generating and clearing token for remembering the user from a saved cookie. Rememberable also has utility methods for dealing with serializing the user into the cookie and back from the cookie, trying to lookup the record based on the saved information.
Devise is a well known solution for authentication in Rails applications. It's full featured (it not only adds authentication but also password recovery, email changing, session timeout, locking, ip tracking, etc.) and can be expanded to add even more (like JWT authentication).
Devise initially stores the original password by encrypting it. The encrypted_password (field name in your model) gets stored in the database. Now, when you call User. find_by :email => "[email protected]" the password field is non existing.
Note: The remembered devices functionality works only with the USER_SRP_AUTH authentication flow. Also, this functionality requires multi-factor authentication (MFA) to be enabled for the user pool. Remembering devices is a two-part process: Confirming a new device.
Alternative forms of this are "remember my email" or "remember user name", which makes it clear that they will need to enter their password again. This function is usually (more or less) safe on a public device; while it shows the user name, the person would need to also know the password to access a given account. Welcome back, "user name here."
Remembered Devices expiry can be configured via a policy in the Duo Admin Panel to set the number of days to trust a device. Each token's timestamp is signed, meaning that any update to the setting within Duo's Admin Panel will not take hold until the existing cookie/token has expired.
Remembering devices is a two-part process: Confirming a new device. Initiate authentication from the device, and then confirm it with Amazon Cognito to get unique device identifiers. Verifying a confirmed device.
If you read this pull request in devise: https://github.com/plataformatec/devise/issues/1513, the sanctioned way to remember by default appears to simply define on your User class:
class User
def remember_me
(super == nil) ? true : super
end
end
I think customizing your devise controller is the way to go here.
Goal: automatically set remember-me for everybody.
First, create a devise sessions controller. Let's tell rails routes about it
config/routes.rb
devise_for :users, :controllers => {:sessions => 'sessions'}
app/controllers/sessions_controller.rb
class SessionsController < Devise::SessionsController
def create
params[:user].merge!(remember_me: 1)
super
end
end
This way, the user's remember me will always be set to true. yay!
You'll then want to edit the login form to not display the remember_me checkbox.
Also, change this in the initializer to something far off:
#config.remember_for = 2.weeks
config.remember_for = 1.year
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
