1. Make sure you include confirmable in Model.devise call class User < ActiveRecord::Base devise :database_authenticatable, :confirmable … end 2. Make sure you add confirmable to the user migration create_table :users do |t| t.database_authenticatable t.confirmable … end If you’re using devise 2.0+ this fails because devise no longer provides migration helpers, and so t.confirmable raises an … Read more
Once again, it was a matter of reading the manual … The magic word is :account_update and thus the working version becomes def configure_permitted_parameters devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:email, :password, :password_confirmation, :firstname, :middlename, :lastname, :nickname) } devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:email, :password, :password_confirmation, :current_password, :firstname, :middlename, :lastname, :nickname) } end Note that if you’re in the business … Read more
This gem works well: https://github.com/devise-security/devise-security Add to Gemfile gem ‘devise-security’ after bundle install rails generate devise_security:install Then run rails g migration AddSessionLimitableToUsers unique_session_id Edit the migration file class AddSessionLimitableToUsers < ActiveRecord::Migration def change add_column :users, :unique_session_id, :string, limit: 20 end end Then run rake db:migrate Edit your app/models/user.rb file class User < ActiveRecord::Base devise :session_limitable … Read more
You need to add this to your environment.rb config.action_mailer.default_url_options = { :host => ‘localhost’ } Make sure you change host to your production url and keep it localhost for development. This is for the mailer, it needs a default email to send out notices such as confirmations etc… You should check the logs on the … Read more
Assuming you have a User model with a has_one Profile association, you simply need to allow nested attributes in User and modify your devise registration view. Run the rails generate devise:views command, then modify the devise registrations#new.html.erb view as shown below using the fields_for form helper to have your sign up form update your Profile … Read more
I found this very helpful snippet in this thread on the devise google group initializers/some_initializer.rb: Warden::Strategies.add(:custom_strategy_name) do def valid? # code here to check whether to try and authenticate using this strategy; return true/false end def authenticate! # code here for doing authentication; # if successful, call success!(resource) # where resource is the whatever you’ve … Read more
Okay, so I worked it through and came to the following solution. I needed to costumize devise a little bit, but it’s not that complicated. The User model # user.rb class User < ActiveRecord::Base devise :database_authenticatable, :registerable, :recoverable, :rememberable, :trackable, :validatable attr_accessible :email, :password, :password_confirmation, :remember_me belongs_to :rolable, :polymorphic => true end The Customer model … Read more
EDIT: In Rails 4 I now use what @genkilabs suggests in the comment below: protect_from_forgery with: :null_session, if: Proc.new { |c| c.request.format == ‘application/json’ } Which, instead of completely turning off the built in security, kills off any session that might exist when something hits the server without the CSRF token. skip_before_filter :verify_authenticity_token, :if => … Read more
I ran bundle update this morning and started getting the same error. I added it as a line in config/initializers/devise.rb and the error was fixed. This seems to be the commit which introduced it.
As Andres says, the form calls helpers which are specified by Devise and so aren’t present when you access a Devise form from a non-Devise controller. To get around this, you need to add the following methods to the helper class of the controller you wish to display the form under. Alternatively, you can just … Read more