module Devise::Models::Confirmable
Confirmable
is responsible to verify if an account is already confirmed to sign in, and to send emails with confirmation instructions. Confirmation instructions are sent to the user email after creating a record and when manually requested by a new confirmation instruction request.
Confirmable
tracks the following columns:
-
confirmation_token - A unique random token
-
confirmed_at - A timestamp when the user clicked the confirmation link
-
confirmation_sent_at - A timestamp when the confirmation_token was generated (not sent)
-
unconfirmed_email - An email address copied from the email attr. After confirmation
this value is copied to the email attr then cleared
Options¶ ↑
Confirmable
adds the following options to devise
:
* +allow_unconfirmed_access_for+: the time you want to allow the user to access their account before confirming it. After this period, the user access is denied. You can use this to let your user access some features of your application without confirming the account, but blocking it after a certain period (ie 7 days). By default allow_unconfirmed_access_for is zero, it means users always have to confirm to sign in. * +reconfirmable+: requires any email changes to be confirmed (exactly the same way as initial account confirmation) to be applied. Requires additional unconfirmed_email db field to be set up (t.reconfirmable in migrations). Until confirmed, new email is stored in unconfirmed email column, and copied to email column on successful confirmation. Also, when used in conjunction with `send_email_changed_notification`, the notification is sent to the original email when the change is requested, not when the unconfirmed email is confirmed. * +confirm_within+: the time before a sent confirmation token becomes invalid. You can use this to force the user to confirm within a set period of time. Confirmable will not generate a new token if a repeat confirmation is requested during this time frame, unless the user's email changed too.
Examples¶ ↑
User.find(1).confirm # returns true unless it's already confirmed User.find(1).confirmed? # true/false User.find(1).send_confirmation_instructions # manually send instructions
Public Class Methods
# File lib/devise/models/confirmable.rb, line 61 def initialize(*args, &block) @bypass_confirmation_postpone = false @skip_reconfirmation_in_callback = false @reconfirmation_required = false @skip_confirmation_notification = false @raw_confirmation_token = nil super end
# File lib/devise/models/confirmable.rb, line 70 def self.required_fields(klass) required_methods = [:confirmation_token, :confirmed_at, :confirmation_sent_at] required_methods << :unconfirmed_email if klass.reconfirmable required_methods end
Public Instance Methods
Overwrites active_for_authentication? for confirmation by verifying whether a user is active to sign in or not. If the user is already confirmed, it should never be blocked. Otherwise we need to calculate if the confirm time has not expired for this user.
# File lib/devise/models/confirmable.rb, line 144 def active_for_authentication? super && (!confirmation_required? || confirmed? || confirmation_period_valid?) end
Confirm a user by setting it’s confirmed_at to actual time. If the user is already confirmed, add an error to email field. If the user is invalid add errors
# File lib/devise/models/confirmable.rb, line 79 def confirm(args = {}) pending_any_confirmation do if confirmation_period_expired? self.errors.add(:email, :confirmation_period_expired, period: Devise::TimeInflector.time_ago_in_words(self.class.confirm_within.ago)) return false end self.confirmed_at = Time.now.utc saved = if pending_reconfirmation? skip_reconfirmation! self.email = unconfirmed_email self.unconfirmed_email = nil # We need to validate in such cases to enforce e-mail uniqueness save(validate: true) else save(validate: args[:ensure_valid] == true) end after_confirmation if saved saved end end
Verifies whether a user is confirmed or not
# File lib/devise/models/confirmable.rb, line 106 def confirmed? !!confirmed_at end
The message to be shown if the account is inactive.
# File lib/devise/models/confirmable.rb, line 149 def inactive_message !confirmed? ? :unconfirmed : super end
# File lib/devise/models/confirmable.rb, line 110 def pending_reconfirmation? self.class.reconfirmable && unconfirmed_email.present? end
Resend confirmation token. Regenerates the token if the period is expired.
# File lib/devise/models/confirmable.rb, line 134 def resend_confirmation_instructions pending_any_confirmation do send_confirmation_instructions end end
Send confirmation instructions by email
# File lib/devise/models/confirmable.rb, line 115 def send_confirmation_instructions unless @raw_confirmation_token generate_confirmation_token! end opts = pending_reconfirmation? ? { to: unconfirmed_email } : { } send_devise_notification(:confirmation_instructions, @raw_confirmation_token, opts) end
# File lib/devise/models/confirmable.rb, line 124 def send_reconfirmation_instructions @reconfirmation_required = false unless @skip_confirmation_notification send_confirmation_instructions end end
If you don’t want confirmation to be sent on create, neither a code to be generated, call skip_confirmation!
# File lib/devise/models/confirmable.rb, line 155 def skip_confirmation! self.confirmed_at = Time.now.utc end
Skips sending the confirmation/reconfirmation notification email after_create/after_update. Unlike skip_confirmation!
, record still requires confirmation.
# File lib/devise/models/confirmable.rb, line 161 def skip_confirmation_notification! @skip_confirmation_notification = true end
If you don’t want reconfirmation to be sent, neither a code to be generated, call skip_reconfirmation!
# File lib/devise/models/confirmable.rb, line 167 def skip_reconfirmation! @bypass_confirmation_postpone = true end
Protected Instance Methods
A callback initiated after successfully confirming. This can be used to insert your own logic that is only run after the user successfully confirms.
Example:
def after_confirmation self.update_attribute(:invite_code, nil) end
# File lib/devise/models/confirmable.rb, line 308 def after_confirmation end
Checks if the user confirmation happens before the token becomes invalid Examples:
# confirm_within = 3.days and confirmation_sent_at = 2.days.ago confirmation_period_expired? # returns false # confirm_within = 3.days and confirmation_sent_at = 4.days.ago confirmation_period_expired? # returns true # confirm_within = nil confirmation_period_expired? # will always return false
# File lib/devise/models/confirmable.rb, line 232 def confirmation_period_expired? self.class.confirm_within && self.confirmation_sent_at && (Time.now.utc > self.confirmation_sent_at.utc + self.class.confirm_within) end
Checks if the confirmation for the user is within the limit time. We do this by calculating if the difference between today and the confirmation sent date does not exceed the confirm in time configured. allow_unconfirmed_access_for is a model configuration, must always be an integer value.
Example:
# allow_unconfirmed_access_for = 1.day and confirmation_sent_at = today confirmation_period_valid? # returns true # allow_unconfirmed_access_for = 5.days and confirmation_sent_at = 4.days.ago confirmation_period_valid? # returns true # allow_unconfirmed_access_for = 5.days and confirmation_sent_at = 5.days.ago confirmation_period_valid? # returns false # allow_unconfirmed_access_for = 0.days confirmation_period_valid? # will always return false # allow_unconfirmed_access_for = nil confirmation_period_valid? # will always return true
# File lib/devise/models/confirmable.rb, line 213 def confirmation_period_valid? return true if self.class.allow_unconfirmed_access_for.nil? return false if self.class.allow_unconfirmed_access_for == 0.days confirmation_sent_at && confirmation_sent_at.utc >= self.class.allow_unconfirmed_access_for.ago end
Callback to overwrite if confirmation is required or not.
# File lib/devise/models/confirmable.rb, line 187 def confirmation_required? !confirmed? end
Generates a new random token for confirmation, and stores the time this token is being generated in confirmation_sent_at
# File lib/devise/models/confirmable.rb, line 248 def generate_confirmation_token if self.confirmation_token && !confirmation_period_expired? @raw_confirmation_token = self.confirmation_token else self.confirmation_token = @raw_confirmation_token = Devise.friendly_token self.confirmation_sent_at = Time.now.utc end end
# File lib/devise/models/confirmable.rb, line 257 def generate_confirmation_token! generate_confirmation_token && save(validate: false) end
Checks whether the record requires any confirmation.
# File lib/devise/models/confirmable.rb, line 237 def pending_any_confirmation if (!confirmed? || pending_reconfirmation?) yield else self.errors.add(:email, :already_confirmed) false end end
# File lib/devise/models/confirmable.rb, line 270 def postpone_email_change? postpone = self.class.reconfirmable && devise_will_save_change_to_email? && !@bypass_confirmation_postpone && self.email.present? && (!@skip_reconfirmation_in_callback || !self.devise_email_in_database.nil?) @bypass_confirmation_postpone = false postpone end
# File lib/devise/models/confirmable.rb, line 262 def postpone_email_change_until_confirmation_and_regenerate_confirmation_token @reconfirmation_required = true self.unconfirmed_email = self.email self.email = self.devise_email_in_database self.confirmation_token = nil generate_confirmation_token end
# File lib/devise/models/confirmable.rb, line 280 def reconfirmation_required? self.class.reconfirmable && @reconfirmation_required && (self.email.present? || self.unconfirmed_email.present?) end
# File lib/devise/models/confirmable.rb, line 284 def send_confirmation_notification? confirmation_required? && !@skip_confirmation_notification && self.email.present? end
With reconfirmable, notify the original email when the user first requests the email change, instead of when the change is confirmed.
# File lib/devise/models/confirmable.rb, line 290 def send_email_changed_notification? if self.class.reconfirmable self.class.send_email_changed_notification && reconfirmation_required? else super end end
A callback method used to deliver confirmation instructions on creation. This can be overridden in models to map to a nice sign up e-mail.
# File lib/devise/models/confirmable.rb, line 182 def send_on_create_confirmation_instructions send_confirmation_instructions end
To not require reconfirmation after creating with save called in a callback call skip_create_confirmation!
# File lib/devise/models/confirmable.rb, line 175 def skip_reconfirmation_in_callback! @skip_reconfirmation_in_callback = true end