The mentioned line on Devise’s Controller makes sense in general cases: a logged in user can’t sign up. As you’re on a case where only an admin can create a user, I would suggest that you don’t use Devise’s controller on Registerable module and write your own controller with your own rules. You can write … Read more
Look in config/initializers/devise.rb. There are a lot of configuration settings including config.timeout_in. The default in my version is 30 minutes. You can also set it on the model itself: class User < ActiveRecord::Base devise :timeoutable, :timeout_in => 15.minutes You can now also set the timeout dynamically.
It’s in lib/devise/controllers/helpers.rb1 and is generated dynamically (user being only one of the possible suffixes): def self.define_helpers(mapping) #:nodoc: mapping = mapping.name class_eval <<-METHODS, __FILE__, __LINE__ + 1 def authenticate_#{mapping}!(opts={}) opts[:scope] = :#{mapping} warden.authenticate!(opts) if !devise_controller? || opts.delete(:force) end def #{mapping}_signed_in? !!current_#{mapping} end def current_#{mapping} @current_#{mapping} ||= warden.authenticate(:scope => :#{mapping}) end def #{mapping}_session current_#{mapping} && warden.session(:#{mapping}) … Read more
It would appear that the code sample in your question is not working because you are not setting the before_filter to call the sanitizer. before_filter :configure_permitted_parameters, if: :devise_controller? With that said, it’s probably better to override the controller, as shown in the accepted answer, so that the application controller isn’t doing this check all of … Read more
You can end a session via get by changing the devise configuration in initializers. # The default HTTP method used to sign out a resource. Default is :delete. config.sign_out_via = :get Just open the link and your session is removed.
I think this is a much better solution: if params[:user][:password].blank? && params[:user][:password_confirmation].blank? params[:user].delete(:password) params[:user].delete(:password_confirmation) end This prevents you from having to change the Devise controller by simply removing the password field from the form response if it is blank. Just be sure to use this before @user.attributes = params[:user] or whatever you use in your … Read more
You have to check two important things when you want to send emails via Gmail smtp: Your apps configuration: host: smtp.gmail.com port: 587 or 465 (587 for tls, 465 for ssl) protocol: tls or ssl user: [email protected] password: YOUR_PASSWORD The given Gmail account settings: If you’ve turned on 2-Step Verification for your account, you might … Read more
Here’s one way I was able to do it: >> ApplicationController.allow_forgery_protection = false >> app.post(‘/sign_in’, {“user”=>{“login”=>”login”, “password”=>”password”}}) Then you can do: >> app.get ‘/some_other_path_that_only_works_if_logged_in’ >> pp app.response.body
Jimbo did an awesome job explaining the “why” behind the issue you’re running into. There are two approaches you can take to resolve the issue: (As recommended by Jimbo) Override Devise::SessionsController to return the new csrf-token: class SessionsController < Devise::SessionsController def destroy # Assumes only JSON requests signed_out = (Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name)) render … Read more
Simply add after_filter in ApplicationController after_filter :user_activity private def user_activity current_user.try :touch end Then in user model add online? method def online? updated_at > 10.minutes.ago end Also u can create scope scope :online, lambda{ where(“updated_at > ?”, 10.minutes.ago) }