module Devise::Models::Confirmable

Confirmable is responsible to verify if an account is already confirmed to sign in, and to send emails with confirmation instructions. Confirmation instructions are sent to the user email after creating a record and when manually requested by a new confirmation instruction request.

Confirmable tracks the following columns:

Options

Confirmable adds the following options to devise:

* +allow_unconfirmed_access_for+: the time you want to allow the user to access their account
  before confirming it. After this period, the user access is denied. You can
  use this to let your user access some features of your application without
  confirming the account, but blocking it after a certain period (ie 7 days).
  By default allow_unconfirmed_access_for is zero, it means users always have to confirm to sign in.
* +reconfirmable+: requires any email changes to be confirmed (exactly the same way as
  initial account confirmation) to be applied. Requires additional unconfirmed_email
  db field to be set up (t.reconfirmable in migrations). Until confirmed, new email is
  stored in unconfirmed email column, and copied to email column on successful
  confirmation. Also, when used in conjunction with `send_email_changed_notification`,
  the notification is sent to the original email when the change is requested,
  not when the unconfirmed email is confirmed.
* +confirm_within+: the time before a sent confirmation token becomes invalid.
  You can use this to force the user to confirm within a set period of time.
  Confirmable will not generate a new token if a repeat confirmation is requested
  during this time frame, unless the user's email changed too.

Examples

User.find(1).confirm       # returns true unless it's already confirmed
User.find(1).confirmed?    # true/false
User.find(1).send_confirmation_instructions # manually send instructions

Public Class Methods

new(*args, &block) click to toggle source
Calls superclass method
# File lib/devise/models/confirmable.rb, line 61
def initialize(*args, &block)
  @bypass_confirmation_postpone = false
  @skip_reconfirmation_in_callback = false
  @reconfirmation_required = false
  @skip_confirmation_notification = false
  @raw_confirmation_token = nil
  super
end
required_fields(klass) click to toggle source
# File lib/devise/models/confirmable.rb, line 70
def self.required_fields(klass)
  required_methods = [:confirmation_token, :confirmed_at, :confirmation_sent_at]
  required_methods << :unconfirmed_email if klass.reconfirmable
  required_methods
end

Public Instance Methods

active_for_authentication?() click to toggle source

Overwrites active_for_authentication? for confirmation by verifying whether a user is active to sign in or not. If the user is already confirmed, it should never be blocked. Otherwise we need to calculate if the confirm time has not expired for this user.

Calls superclass method
# File lib/devise/models/confirmable.rb, line 144
def active_for_authentication?
  super && (!confirmation_required? || confirmed? || confirmation_period_valid?)
end
confirm(args = {}) click to toggle source

Confirm a user by setting it’s confirmed_at to actual time. If the user is already confirmed, add an error to email field. If the user is invalid add errors

# File lib/devise/models/confirmable.rb, line 79
def confirm(args = {})
  pending_any_confirmation do
    if confirmation_period_expired?
      self.errors.add(:email, :confirmation_period_expired,
        period: Devise::TimeInflector.time_ago_in_words(self.class.confirm_within.ago))
      return false
    end

    self.confirmed_at = Time.now.utc

    saved = if pending_reconfirmation?
      skip_reconfirmation!
      self.email = unconfirmed_email
      self.unconfirmed_email = nil

      # We need to validate in such cases to enforce e-mail uniqueness
      save(validate: true)
    else
      save(validate: args[:ensure_valid] == true)
    end

    after_confirmation if saved
    saved
  end
end
confirmed?() click to toggle source

Verifies whether a user is confirmed or not

# File lib/devise/models/confirmable.rb, line 106
def confirmed?
  !!confirmed_at
end
inactive_message() click to toggle source

The message to be shown if the account is inactive.

Calls superclass method
# File lib/devise/models/confirmable.rb, line 149
def inactive_message
  !confirmed? ? :unconfirmed : super
end
pending_reconfirmation?() click to toggle source
# File lib/devise/models/confirmable.rb, line 110
def pending_reconfirmation?
  self.class.reconfirmable && unconfirmed_email.present?
end
resend_confirmation_instructions() click to toggle source

Resend confirmation token. Regenerates the token if the period is expired.

# File lib/devise/models/confirmable.rb, line 134
def resend_confirmation_instructions
  pending_any_confirmation do
    send_confirmation_instructions
  end
end
send_confirmation_instructions() click to toggle source

Send confirmation instructions by email

# File lib/devise/models/confirmable.rb, line 115
def send_confirmation_instructions
  unless @raw_confirmation_token
    generate_confirmation_token!
  end

  opts = pending_reconfirmation? ? { to: unconfirmed_email } : { }
  send_devise_notification(:confirmation_instructions, @raw_confirmation_token, opts)
end
send_reconfirmation_instructions() click to toggle source
# File lib/devise/models/confirmable.rb, line 124
def send_reconfirmation_instructions
  @reconfirmation_required = false

  unless @skip_confirmation_notification
    send_confirmation_instructions
  end
end
skip_confirmation!() click to toggle source

If you don’t want confirmation to be sent on create, neither a code to be generated, call skip_confirmation!

# File lib/devise/models/confirmable.rb, line 155
def skip_confirmation!
  self.confirmed_at = Time.now.utc
end
skip_confirmation_notification!() click to toggle source

Skips sending the confirmation/reconfirmation notification email after_create/after_update. Unlike skip_confirmation!, record still requires confirmation.

# File lib/devise/models/confirmable.rb, line 161
def skip_confirmation_notification!
  @skip_confirmation_notification = true
end
skip_reconfirmation!() click to toggle source

If you don’t want reconfirmation to be sent, neither a code to be generated, call skip_reconfirmation!

# File lib/devise/models/confirmable.rb, line 167
def skip_reconfirmation!
  @bypass_confirmation_postpone = true
end

Protected Instance Methods

after_confirmation() click to toggle source

A callback initiated after successfully confirming. This can be used to insert your own logic that is only run after the user successfully confirms.

Example:

def after_confirmation
  self.update_attribute(:invite_code, nil)
end
# File lib/devise/models/confirmable.rb, line 308
def after_confirmation
end
confirmation_period_expired?() click to toggle source

Checks if the user confirmation happens before the token becomes invalid Examples:

# confirm_within = 3.days and confirmation_sent_at = 2.days.ago
confirmation_period_expired?  # returns false

# confirm_within = 3.days and confirmation_sent_at = 4.days.ago
confirmation_period_expired?  # returns true

# confirm_within = nil
confirmation_period_expired?  # will always return false
# File lib/devise/models/confirmable.rb, line 232
def confirmation_period_expired?
  self.class.confirm_within && self.confirmation_sent_at && (Time.now.utc > self.confirmation_sent_at.utc + self.class.confirm_within)
end
confirmation_period_valid?() click to toggle source

Checks if the confirmation for the user is within the limit time. We do this by calculating if the difference between today and the confirmation sent date does not exceed the confirm in time configured. allow_unconfirmed_access_for is a model configuration, must always be an integer value.

Example:

# allow_unconfirmed_access_for = 1.day and confirmation_sent_at = today
confirmation_period_valid?   # returns true

# allow_unconfirmed_access_for = 5.days and confirmation_sent_at = 4.days.ago
confirmation_period_valid?   # returns true

# allow_unconfirmed_access_for = 5.days and confirmation_sent_at = 5.days.ago
confirmation_period_valid?   # returns false

# allow_unconfirmed_access_for = 0.days
confirmation_period_valid?   # will always return false

# allow_unconfirmed_access_for = nil
confirmation_period_valid?   # will always return true
# File lib/devise/models/confirmable.rb, line 213
def confirmation_period_valid?
  return true if self.class.allow_unconfirmed_access_for.nil?
  return false if self.class.allow_unconfirmed_access_for == 0.days

  confirmation_sent_at && confirmation_sent_at.utc >= self.class.allow_unconfirmed_access_for.ago
end
confirmation_required?() click to toggle source

Callback to overwrite if confirmation is required or not.

# File lib/devise/models/confirmable.rb, line 187
def confirmation_required?
  !confirmed?
end
generate_confirmation_token() click to toggle source

Generates a new random token for confirmation, and stores the time this token is being generated in confirmation_sent_at

# File lib/devise/models/confirmable.rb, line 248
def generate_confirmation_token
  if self.confirmation_token && !confirmation_period_expired?
    @raw_confirmation_token = self.confirmation_token
  else
    self.confirmation_token = @raw_confirmation_token = Devise.friendly_token
    self.confirmation_sent_at = Time.now.utc
  end
end
generate_confirmation_token!() click to toggle source
# File lib/devise/models/confirmable.rb, line 257
def generate_confirmation_token!
  generate_confirmation_token && save(validate: false)
end
pending_any_confirmation() { || ... } click to toggle source

Checks whether the record requires any confirmation.

# File lib/devise/models/confirmable.rb, line 237
def pending_any_confirmation
  if (!confirmed? || pending_reconfirmation?)
    yield
  else
    self.errors.add(:email, :already_confirmed)
    false
  end
end
postpone_email_change?() click to toggle source
# File lib/devise/models/confirmable.rb, line 270
def postpone_email_change?
  postpone = self.class.reconfirmable &&
    devise_will_save_change_to_email? &&
    !@bypass_confirmation_postpone &&
    self.email.present? &&
    (!@skip_reconfirmation_in_callback || !self.devise_email_in_database.nil?)
  @bypass_confirmation_postpone = false
  postpone
end
postpone_email_change_until_confirmation_and_regenerate_confirmation_token() click to toggle source
# File lib/devise/models/confirmable.rb, line 262
def postpone_email_change_until_confirmation_and_regenerate_confirmation_token
  @reconfirmation_required = true
  self.unconfirmed_email = self.email
  self.email = self.devise_email_in_database
  self.confirmation_token = nil
  generate_confirmation_token
end
reconfirmation_required?() click to toggle source
# File lib/devise/models/confirmable.rb, line 280
def reconfirmation_required?
  self.class.reconfirmable && @reconfirmation_required && (self.email.present? || self.unconfirmed_email.present?)
end
send_confirmation_notification?() click to toggle source
# File lib/devise/models/confirmable.rb, line 284
def send_confirmation_notification?
  confirmation_required? && !@skip_confirmation_notification && self.email.present?
end
send_email_changed_notification?() click to toggle source

With reconfirmable, notify the original email when the user first requests the email change, instead of when the change is confirmed.

Calls superclass method
# File lib/devise/models/confirmable.rb, line 290
def send_email_changed_notification?
  if self.class.reconfirmable
    self.class.send_email_changed_notification && reconfirmation_required?
  else
    super
  end
end
send_on_create_confirmation_instructions() click to toggle source

A callback method used to deliver confirmation instructions on creation. This can be overridden in models to map to a nice sign up e-mail.

# File lib/devise/models/confirmable.rb, line 182
def send_on_create_confirmation_instructions
  send_confirmation_instructions
end
skip_reconfirmation_in_callback!() click to toggle source

To not require reconfirmation after creating with save called in a callback call skip_create_confirmation!

# File lib/devise/models/confirmable.rb, line 175
def skip_reconfirmation_in_callback!
  @skip_reconfirmation_in_callback = true
end