In the controller where you want to skip a before filter specified in an inherited controller, you can tell rails to skip the filter class ApplicationController before_filter :authenticate_user! end class SessionsController < ApplicationController skip_before_filter :authenticate_user! end
The short answer is: it’s up to you. This module only provides a few helpers to help you manage the token, but it is up to you to choose how to use it. For example, if you want to have a new token every time the user saves his account, you can do the following: … Read more
My understanding is that you can use the tokens to log in or to hit arbitrary pages that need authentication, even with cURL. If you look in config/initializers/devise.rb, there should be a line that says something like: config.token_authentication_key = :auth_token Whatever the name of the token_authentication_key is should match what you put as the query … Read more
Did you recently upgrade to RSpec 3 like I did? This is from the RSpec 3 documentation: Automatically Adding Metadata RSpec versions before 3.0.0 automatically added metadata to specs based on their location on the filesystem. This was both confusing to new users and not desirable for some veteran users. In RSpec 3, this behavior … Read more
The config.allow_insecure_sign_in_after_confirmation flag is no longer supported in Devise. While you should be aware of the possible security concerns of automatically logging users in when they confirm their account (http://blog.plataformatec.com.br/2013/08/devise-3-1-now-with-more-secure-defaults/), for some apps the benefit in terms of user experience may be worth the security tradeoff. After all, the security risk is that a) the … Read more
I myself switched from Authlogic to Devise recently and also didn’t find any articles. However, in the simple case, once you’ve thrown away all of your user_session and other authlogic-related code, the main piece of work is converting your old users table to the format expected by devise. My old table looked like this: Column … Read more
Devise provides helper methods to do these things: user = User.find(params[:id]) sign_in user sign_out user Hope this helps.
Probably the easiest way to do this is to Define each message as a blank string Check the length of the string before you show a flash message. In your devise.en.yml file, specify each message as empty: en: errors: messages: not_found: ” already_confirmed: ” not_locked: ” etc. Next, in your layout, check for blank flash … Read more
Simply “moving” Devise to the admin namespace is wrong. Devise uses controllers like Devise::SessionsController and that cannot be “moved”. I usually create my own controllers and inherit them from Devise: class Admin::SessionsController < ::Devise::SessionsController layout “admin” # the rest is inherited, so it should work end And configure this in config/routes.rb: devise_for :admins, :controllers => … Read more
You should do it like this: password = ‘the secret password’ new_hashed_password = User.new(:password => password).encrypted_password This is much better than using BCrypt directly as it abstracts away how passwords are generated from your code, making it easier to understand, and also immune to changes in how devise constructs encrypted passwords. Your code should not, … Read more