Re-confirm changed email address
175 views
Skip to first unread message
S. Widmann
Jan 25, 2011, 10:29:50 AM1/25/11
to plataforma...@googlegroups.com
Hi,
has somebody already implemented that or has an idea for me, how to implement that?
After the registration, the user comfirms the profile by clicking the link in the mail. Now, the user changes the mail adress. The new mail address is not comfirmed, but active. I don't want that. If the user changes the mail address, the mail address should be stored temporary. A new confirmation mail is sent to the new email adress with a new confirmation link. If this new link is pressed, the new (temporary) email address becomes active and the old (original) one will be overwritten.
Best regards,
sewid
has somebody already implemented that or has an idea for me, how to implement that?
After the registration, the user comfirms the profile by clicking the link in the mail. Now, the user changes the mail adress. The new mail address is not comfirmed, but active. I don't want that. If the user changes the mail address, the mail address should be stored temporary. A new confirmation mail is sent to the new email adress with a new confirmation link. If this new link is pressed, the new (temporary) email address becomes active and the old (original) one will be overwritten.
Best regards,
sewid
Andrés Mejía
Jan 25, 2011, 10:37:03 AM1/25/11
to plataforma...@googlegroups.com
This is not implemented on Devise. You'll have to implement it yourself.
Ashwin Mangale
Jan 25, 2011, 1:13:16 PM1/25/11
to plataforma...@googlegroups.com
One way is to have a before_save method to track email address change. If it has, then you can nullify confirmable fields ( token and timestamp ). This will prompt a new confirmation email to be sent and the account will be locked till confirmed.
- Ashwin
Walter Lee Davis
Jan 25, 2011, 2:39:49 PM1/25/11
to plataforma...@googlegroups.com
That is just so clever!
Walter
MissingHandle
Mar 11, 2011, 10:57:45 AM3/11/11
to Devise
While I agree that this solution is clever in it's simplicity of the
solution- I feel like the one thing I don't like about it is that it
leaves the potential for someone to be locked out of their account.
For instance,
User misspells their new email, doesn't notice, closes their session,
forgets about confirming in the moment, either tries to sign in again
later or notices they didn't get an email, try to get confirmation
instructions only to find that they can't because their new email is
wrong.
So, I grant you that is one oblivious user, but for the sake of
argument let's say avoiding lockout is the goal. I ask how you all
how you would fix this problem with minimal effort..?
What I'm thinking at the moment is:
- before_update callback that detects change in email attribute,
reverts email to old value, but creates a ChangeEmail instance w/the
new value.
- ChangeEmail instance sends user an email w/token.
- visiting url updates the user's email (bypassing the before_update
callback) and destroys ChangeEmail instance.
And well, I'm not in love with it b/c I feel like it's a bit of
overkill (an extra model + controller_action), but I also can't think
of anything simpler that avoids lockout through user carelessness.
Any thoughts? Worthy of an addition to devise/confirmable?
On Jan 25, 1:39 pm, Walter Lee Davis <wa...@wdstudio.com> wrote:
> On Jan 25, 2011, at 1:13 PM, Ashwin Mangale wrote:
>
>
>
>
>
>
>
>
>
> > One way is to have a before_save method to trackemailaddress
> > change. If it has, then you can nullify confirmable fields ( token
> > and timestamp ). This will prompt a new confirmationemailto be
solution- I feel like the one thing I don't like about it is that it
leaves the potential for someone to be locked out of their account.
For instance,
User misspells their new email, doesn't notice, closes their session,
forgets about confirming in the moment, either tries to sign in again
later or notices they didn't get an email, try to get confirmation
instructions only to find that they can't because their new email is
wrong.
So, I grant you that is one oblivious user, but for the sake of
argument let's say avoiding lockout is the goal. I ask how you all
how you would fix this problem with minimal effort..?
What I'm thinking at the moment is:
- before_update callback that detects change in email attribute,
reverts email to old value, but creates a ChangeEmail instance w/the
new value.
- ChangeEmail instance sends user an email w/token.
- visiting url updates the user's email (bypassing the before_update
callback) and destroys ChangeEmail instance.
And well, I'm not in love with it b/c I feel like it's a bit of
overkill (an extra model + controller_action), but I also can't think
of anything simpler that avoids lockout through user carelessness.
Any thoughts? Worthy of an addition to devise/confirmable?
On Jan 25, 1:39 pm, Walter Lee Davis <wa...@wdstudio.com> wrote:
> On Jan 25, 2011, at 1:13 PM, Ashwin Mangale wrote:
>
>
>
>
>
>
>
>
>
> > One way is to have a before_save method to trackemailaddress
> > change. If it has, then you can nullify confirmable fields ( token
> > sent and the account will be locked till confirmed.
>
> > - Ashwin
>
> > On Tue, Jan 25, 2011 at 20:59, S. Widmann
> > <sebastian.widm...@gmail.com> wrote:
> > Hi,
>
> > has somebody already implemented that or has an idea for me, how to
> > implement that?
>
> > After the registration, the user comfirms the profile by clicking
> > the link in the mail. Now, the user changes the mail adress. The new
> > mail address is not comfirmed, but active. I don't want that. If the
> > user changes the mail address, the mail address should be stored
> > temporary. A new confirmation mail is sent to the newemailadress
> > with a new confirmation link. If this new link is pressed, the new
> > (temporary)emailaddress becomes active and the old (original) one
>
> > - Ashwin
>
> > On Tue, Jan 25, 2011 at 20:59, S. Widmann
> > <sebastian.widm...@gmail.com> wrote:
> > Hi,
>
> > has somebody already implemented that or has an idea for me, how to
> > implement that?
>
> > After the registration, the user comfirms the profile by clicking
> > the link in the mail. Now, the user changes the mail adress. The new
> > mail address is not comfirmed, but active. I don't want that. If the
> > user changes the mail address, the mail address should be stored
> > temporary. A new confirmation mail is sent to the newemailadress
> > with a new confirmation link. If this new link is pressed, the new
MissingHandle
Mar 11, 2011, 11:04:21 AM3/11/11
to Devise
Also, just a note, looking in devise 1.1.7, nullifying confirmable
fields alone won't cover it b/c the related confirmable callbacks are
before/after create instead of before/after save, so you have to
override those.
On Jan 25, 12:13 pm, Ashwin Mangale <ashwin.mang...@gmail.com> wrote:
> One way is to have a before_save method to track email address change. If it
> has, then you can nullify confirmable fields ( token and timestamp ). This
> will prompt a new confirmation email to be sent and the account will be
> locked till confirmed.
>
> - Ashwin
>
fields alone won't cover it b/c the related confirmable callbacks are
before/after create instead of before/after save, so you have to
override those.
On Jan 25, 12:13 pm, Ashwin Mangale <ashwin.mang...@gmail.com> wrote:
> One way is to have a before_save method to track email address change. If it
> has, then you can nullify confirmable fields ( token and timestamp ). This
> will prompt a new confirmation email to be sent and the account will be
> locked till confirmed.
>
> - Ashwin
>
iwasinnamuknow
Apr 16, 2011, 10:31:41 PM4/16/11
to Devise
Hi list sorry to pull up a slightly old topic but...
I'm a fairly new devise user and I'm looking for the same as the OP.
I'm still quite a way off getting my rails (and devise) guru badge, so
even though I have tried to implement this myself, I have to come and
ask here.
I understand roughly how this could be done, storing the new email
address somewhere until the confirmation has been...confirmed, then
replacing the email in the users table. The problem is that I am not
used to working with engines like devise and am completely unsure how
to override and/or augment the gem as neccessary.
Any tips would be appreciated as this is a much needed feature for me.
On Mar 11, 5:04 pm, MissingHandle <gabe.sara...@gmail.com> wrote:
> Also, just a note, looking in devise 1.1.7, nullifying confirmable
> fields alone won't cover it b/c the related confirmable callbacks are
> before/after create instead of before/after save, so you have to
> override those.
>
> On Jan 25, 12:13 pm, Ashwin Mangale <ashwin.mang...@gmail.com> wrote:
>
> > One way is to have a before_save method to trackemailaddresschange. If it
> > > new link is pressed, the new (temporary)emailaddress becomes active and
I'm a fairly new devise user and I'm looking for the same as the OP.
I'm still quite a way off getting my rails (and devise) guru badge, so
even though I have tried to implement this myself, I have to come and
ask here.
I understand roughly how this could be done, storing the new email
address somewhere until the confirmation has been...confirmed, then
replacing the email in the users table. The problem is that I am not
used to working with engines like devise and am completely unsure how
to override and/or augment the gem as neccessary.
Any tips would be appreciated as this is a much needed feature for me.
On Mar 11, 5:04 pm, MissingHandle <gabe.sara...@gmail.com> wrote:
> Also, just a note, looking in devise 1.1.7, nullifying confirmable
> fields alone won't cover it b/c the related confirmable callbacks are
> before/after create instead of before/after save, so you have to
> override those.
>
> On Jan 25, 12:13 pm, Ashwin Mangale <ashwin.mang...@gmail.com> wrote:
>
> > has, then you can nullify confirmable fields ( token and timestamp ). This
> > will prompt a new confirmationemailto be sent and the account will be
> > locked till confirmed.
>
> > - Ashwin
>
> > On Tue, Jan 25, 2011 at 20:59, S. Widmann <sebastian.widm...@gmail.com>wrote:
>
> > > Hi,
>
> > > has somebody already implemented that or has an idea for me, how to
> > > implement that?
>
> > > After the registration, the user comfirms the profile by clicking the link
> > > in the mail. Now, the user changes the mail adress. The new mail address is
> > > not comfirmed, but active. I don't want that. If the user changes the mail
> > > address, the mail address should be stored temporary. A new confirmation
> > > mail is sent to the newemailadress with a new confirmation link. If this
>
> > - Ashwin
>
> > On Tue, Jan 25, 2011 at 20:59, S. Widmann <sebastian.widm...@gmail.com>wrote:
>
> > > Hi,
>
> > > has somebody already implemented that or has an idea for me, how to
> > > implement that?
>
> > > After the registration, the user comfirms the profile by clicking the link
> > > in the mail. Now, the user changes the mail adress. The new mail address is
> > > not comfirmed, but active. I don't want that. If the user changes the mail
> > > address, the mail address should be stored temporary. A new confirmation
> > > new link is pressed, the new (temporary)emailaddress becomes active and
MissingHandle
Apr 19, 2011, 7:17:12 PM4/19/11
to Devise
For the record, I for the moment have gone with a solution similar to
the one proposed by Ashwin. Instead of storing the email somewhere
else, I just overwrite it and tell the user he must confirm the new
one:
after_update :send_confirmation_instructions, :if
=> :confirmation_required?
def new_email_requires_confirmation
if self.confirmed? && self.email_changed?
self.confirmed_at = nil
self.confirmation_token = nil
end
end
def confirmation_required?
self.email? && super
end
Open up devise and read over the confirmable module - it should clear
things up.
On Apr 16, 9:31 pm, iwasinnamuknow <iwasinnamuk...@genestate.com>
wrote:
the one proposed by Ashwin. Instead of storing the email somewhere
else, I just overwrite it and tell the user he must confirm the new
one:
after_update :send_confirmation_instructions, :if
=> :confirmation_required?
def new_email_requires_confirmation
if self.confirmed? && self.email_changed?
self.confirmed_at = nil
self.confirmation_token = nil
end
end
def confirmation_required?
self.email? && super
end
Open up devise and read over the confirmable module - it should clear
things up.
On Apr 16, 9:31 pm, iwasinnamuknow <iwasinnamuk...@genestate.com>
wrote:
Reply all
Reply to author
Forward
0 new messages