Ruby On Rails : Devise: Re-Confirmable : Importances and Usages

This feature has been released in version Devise 1.4.4 in 2011 for more detail see this link ( Pull Request ). This is basically designed to make you able to reconfirm the updated email. It is normal to ask me to confirm my new email that I just updated. We can also change the behavior of giving the access with former email address or not.

Note: I expect that you have already installed Devise and using other features

  • Any comment is welcome

Tip!

Case you want to decide: In the edit profile page, which email you want to display, the older email in ’email’ field or recently updated email in ‘unconfirmed_email‘ field

 Scenario you are gonna need it:

  • User / Resource updates his/her email address.
    • He / she will receive an confirmation link in updated email:
  • Superuser updates the email of other normal user.

Usages:

# in config/initializers/devise.rb
config.reconfirmable = true
  • If true, requires any email changes to be confirmed (exactly the same way as initial account confirmation) to be applied.
  • It Requires additional `unconfirmed_email` db field (see migrations).
  • Until confirmed, new email is stored in `unconfirmed_email` column, and copied to `email` column on successful confirmation.
# additional migration you need to write
class AddUnconfirmedEmailToUsers < ActiveRecord::Migration
  def change
    add_column :users, :unconfirmed_email, :string
  end
end

Since reconfirmable is not a separate module, confirmable module handles this feature so no need to add :reconfirmable in user/resource model

What happens under the hood?

When User’s email field is updated ( you do not need to write any extra code, just @user.update with do its job)

  • Looking at the code block we can figure out that
    # File 'lib/devise/models/confirmable.rb', line 110
    def send_confirmation_instructions
      unless @raw_confirmation_token
        generate_confirmation_token!
      end
      opts = pending_reconfirmation? ? { to: unconfirmed_email } : { }
      send_devise_notification(:confirmation_instructions, @raw_confirmation_token, opts)
    end

Confirmable tracks the following columns:

Columns
Behavior
confirmation_token A unique random token
confirmed_at A timestamp when the user clicked the confirmation link
confirmation_sent_at A timestamp when the confirmation_token was generated (not sent)
unconfirmed_email An email address copied from the email attr. After confirmation

i.e. If email is updated, new updated email is stored in this field instead of the `email` field and confirmation link is sent to the new updated email. If new email is confirmed

  • the unconfirmed_email field is cleared
  • email field is updated with the email just confirmed
  • confirmation_token field is cleared

How to skip sending reconfirmation link?

Well, there are mainly two ways to skip the reconfirmation.

def update
  @user = User.find(params[:id])
  @user.skip_reconfirmation!  # this skips just the reconfirmation notification of `@user` object
  if @user.update_attributes(params[:user])
    flash[:notice] = "User was successfully updated."
    redirect_to edit_admin_user_path(@user)
  else
    render :edit
  end
end

or

def update
  @user = User.find(params[:id])
  if @user.update_attributes(params[:user])
 
    # reconfirmation is not triggered if `update_column` is used, you know why
    @user.update_column(:email, params[:user][:email])
    flash[:notice] = "User was successfully updated."
    redirect_to edit_admin_user_path(@user)
  else
    render :edit
  end
end
Allowing Unconfirmed Access

If you want to add a “grace period” where unconfirmed users may still login, use the `allow_unconfirmed_access_for` config option (which defaults to 0):

# in Devise Initializer
config.allow_unconfirmed_access_for = 365.days

Alternatively, you may want to skip required confirmation all-together:

# in User.rb
protected
def confirmation_required?
  false
end

Generate token manually


Devise.token_generator.generate(User, :confirmation_token)
 
#or
 
Devise.token_generator.generate(User, :reset_password_token)

References:

https://coderwall.com/p/b5lhog/ignore-turn-off-devise-config-reconfirmable-while-saving-email-in-update-action

https://github.com/plataformatec/devise/blob/master/lib/devise/models/confirmable.rb

http://stackoverflow.com/questions/15770070/how-to-send-two-different-emails-for-devise-confirmable-and-devise-reconfirmable

http://stackoverflow.com/questions/9778452/how-to-skip-the-need-to-confirm-an-email-address-update-with-devise

https://github.com/plataformatec/devise/issues/2060

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s