Devise Soft Email Confirmation
I have a rails 3 application that uses Devise and the confirmable module. However, preventing newly registered users from accessing the the site until they confirm their email is causing retention problems. Instead, we would like to instantly grant access to the user and sti开发者_Go百科ll send them a confirmation email. We would then run a background task to lock out user's who have not confirmed their email within a fixed period of time.
Is this possible with the confirmable module? Is there a way to still create an active resource (user) who hasn't confirmed their email with the confirmable module? Any general advice on implementing this?
I believe you can use confirm_within to specify a lockout constraint. You can enable this when you call devise_for.
http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Confirmable
Also, you can choose to constrain certain behaviors "only" to confirmed users by checking the confirmed? status of your user model. You could do this in the controller, or using CanCan, or whatever. Some tasks on your site probably don't require confirmation; you probably need this more when the user interacts with other people or can use your site to send certain notifications/emails, etc.
To add a litte more detail to the accepted answer. Yes, you can use confirm_within but you need to do this when you call devise
not devise_for
.
class User
devise :database_authenticatable, :encryptable, :confirmable, :rememberable, :timeoutable, :lockable,
:stretches => 15, :pepper => 'abcdef', :confirm_within => 5.days,
:remember_for => 7.days, :timeout_in => 15.minutes, :unlock_in => 10.days
end
The above code comes from the models test for devise
You can also set the setting in the config/initializers/devise.rb
file with config.confirm_within = 10.days
Hmm, I think the correct flag would be allow_unconfirmed_access_for
:
config.allow_unconfirmed_access_for = 5.days
confirm_within
just specifies how long the emailed token is good for.
More from config/initializers/devise.rb
:
# ==> Configuration for :confirmable
# A period that the user is allowed to access the website even without
# confirming his account. For instance, if set to 2.days, the user will be
# able to access the website for two days without confirming his account,
# access will be blocked just in the third day. Default is 0.days, meaning
# the user cannot access the website without confirming his account.
# config.allow_unconfirmed_access_for = 2.days
# A period that the user is allowed to confirm their account before their
# token becomes invalid. For example, if set to 3.days, the user can confirm
# their account within 3 days after the mail was sent, but on the fourth day
# their account can't be confirmed with the token any more.
# Default is nil, meaning there is no restriction on how long a user can take
# before confirming their account.
# config.confirm_within = 3.days
精彩评论