How to create first user for sign in using devise

[Tushar Patil]

Hi, 

   I want to authentication for sign in and sign out, i add gem file and create a user model using devise in rails3, i want to create a user for first sign in and sign out, how  can i create, any suggestion. 

[Dheeraj Kumar]

Create a new User object, then fill in the fields, and call save.

-- 

Dheeraj Kumar

On Monday 22 July 2013 at 5:19 PM, Tushar Patil wrote:

Hi, 

   I want to authentication for sign in and sign out, i add gem file and create a user model using devise in rails3, i want to create a user for first sign in and sign out, how  can i create, any suggestion. 

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-ta...@googlegroups.com.
To post to this group, send email to rubyonra...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/1387c52c-3684-44f1-89b7-4cc93a2aadb5%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[Emil S]

I use email for login , so I do this in the console/database seed file :

    User.create(email: 'te...@test.com', password: 'password123', password_confirmation: 'password123')

Then I log in with the "te...@test.com" and "password123"

To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/05B2251B87C649EAB0DE5C025F73EE8C%40gmail.com.

[Robert Walker]

Emil S. wrote in post #1116233:

> I use email for login , so I do this in the console/database seed file :
> User.create(email: 'te...@test.com', password: 'password123',
> password_confirmation: 'password123')
> Then I log in with the "te...@test.com" and "password123"

Personally speaking, I generally dislike the practice of using email
addresses as usernames. Yes, it has a certain convenience. Convenience
will always be in contention with security.

There are a number of reasons for this:

1. If the site gets hacked there is no way to protect email addresses
from exposure. If email addresses are kept separate from the user
account information then it is at least possible to protect them from a
hack against the user login info.

2. If a user changes their email address (or otherwise loses control of
their email account) they have no way to verify themselves in case they
need to reset their password.

--
Posted via http://www.ruby-forum.com/.

[Dave Aronson]

On Mon, Jul 22, 2013 at 11:39 AM, Robert Walker <li...@ruby-forum.com> wrote:

> I generally dislike the practice of using email
> addresses as usernames.

Amen! In addition to the reasons you list, people often have multiple
addresses at once -- I myself have several, not even including the
hundreds of special-purpose ones I make up on the fly at my domains.
Then, logging into a system you haven't been on in years, do they
really expect you to remember *which* address you used back then *for
that site*? Meanwhile, I use the same username almost everywhere;
just about the only exceptions are a few places where that's too long,
or it has to have both letters and digits. (Yes I mean the username,
not the password!)

-Dave

--
Dave Aronson, the T. Rex of Codosaurus LLC,
secret-cleared freelance software developer
taking contracts in or near NoVa or remote.
See information at http://www.Codosaur.us/.

[Norbert Melzer]

Devise has a wonderful kickstarter, just take a look into the readme and follow the steps.

Am 22.07.2013 13:50 schrieb "Tushar Patil" <tushar...@gmail.com>:

Hi, 

   I want to authentication for sign in and sign out, i add gem file and create a user model using devise in rails3, i want to create a user for first sign in and sign out, how  can i create, any suggestion. 

--

[Emil S]

The user actually "uses" the email ID and can remember it . I can never remember my "usernames" , usually. Also "forgot password" becomes easy with email ID's . But then again, to each, his own.  

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-ta...@googlegroups.com.
To post to this group, send email to rubyonra...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/109f507533ae30c67151c56b115d7a16%40ruby-forum.com.

[Robert Walker]

Emil S. wrote in post #1116325:

> The user actually "uses" the email ID and can remember it . I can never
> remember my "usernames" , usually. Also "forgot password" becomes easy
> with
> email ID's . But then again, to each, his own.

Yes "forgot password" is easy that way. It's also easy for the hacker
who hijacks the email account used to sign into the site. Not only does
the owner of the email account lose access to their email itself, but to
any web site that user accesses using their email address as their
login. Worse yet, it's highly likely there's information available in
their email that gives the hacker good clues as to what online services
they actually use.

Convenience is the enemy of security. The trick is to understand the
risks in order to find the right balance. Ideally multi-factor
authentication should be used for any sensitive online service, which is
certainly not convenient, but is vital to protecting online identity.

As for remembering login information, that's what password managers are
for. I myself have well over 100 logins stored in my password manager
each one with unique auto-generated passwords. With such a tool I only
have to remember (and protect) a single password.

Any conveniences employed by online services do nothing for me besides
reduce the level of security of that given service.

[Tamara Temple]

On Jul 23, 2013, at 3:39 AM, Emil S <emil....@gmail.com> wrote:

> The user actually "uses" the email ID and can remember it . I can never remember my "usernames" , usually. Also "forgot password" becomes easy with email ID's . But then again, to each, his own.
>

What happens when the user wants to change their email address? I've encountered sites where I haven't been able to do this as it is the key thing associated with the account on that site. I've lost accounts because of this, and they weren't just minor things. One was Amazon, although it was a long time ago now.