Devise with Ruby on Rails - Force user to change password on first login
You could use a callback on your model and check, before save, if the changes includes your password attribute. Something like this:
class User < ActiveRecord::Base
before_save :check_password_changed
private
def check_password_changed
self.pass_changed = Time.now if changed.include? 'encrypted_password'
end
end
Devise ..After first login should ask for change password
Checking current_user.sign_in_count
is way to judge first login.
You'll do something like this.
class ApplicationController < ActionController::Base
def after_sign_in_path_for(resource)
if current_user.sign_in_count == 1
edit_passwords_path
else
root_path
end
end
end
You need Implement edit/update password action.class PasswordsController < ApplicationController
def edit
end
def update
if current_user.update_with_password(user_params)
flash[:notice] = 'password update succeed..'
render :edit
else
flash[:error] = 'password update failed.'
render :edit
end
end
private
def user_params
params.require(:user).permit(:current_password, :password, :password_confirmation)
end
end
config/routes.rbresource :passwords
app/views/passwords/_form.html.erb<%= form_for current_user, url: passwords_path do |f| %>
current_password:<br />
<%= f.password_field :current_password %><br />
password:<br />
<%= f.password_field :password %><br />
password_confirmation:<br />
<%= f.password_field :password_confirmation %><br />
<br />
<%= f.submit %>
<% end %>
Rails 4 / Devise Force User to change password on first login
In PasswordsController#Update change update_without_password
to update_with_password
:
def update
if current_user.update_with_password(user_params)
flash[:notice] = "Password updated successfully."
redirect_to authenticated_root_path
else
flash[:alert] = "There was a problem, please try again."
render :edit
end
end
Ruby on Rails, Devise: Force user to re-enter password for the specific pages
{I am doing a similar app which is intended to support group activities. So the leader logs in on each computer and the participants simply pick their user name. to protect the leaders configuration pages I did the following
before_action :re_authenticate, only: [:admin_functions]
private
def re_authenticate
authenticate_or_request_with_http_basic('Administration') { |username, password|
username==current_user.username && current_user.valid_password?(password)
}
end
works well. The user has to re-authenticate to access the admin pages, so the computers that they've login to for the class, don't have access without a second login. Automatic Login Via Devise after Password Change
After you update the user record, call sign_in but with the bypass option.
if @user.update_attributes(user_params)
sign_in(@user, bypass: true)
redirect_to root_path
else
render :edit
end
Forcing users to change their password after a number of days with Rails/Devise
Check out the devise_security_extension, it's a devise extension that adds the functionality I think you are looking for.
Once you install it, you can then do
devise :password_expirable
and in your config/initializers/devise.rb
, you can add in (or uncommented depending how you installed it) the time frame you want to expire the passwordconfig.expire_password_after = 3.months
Hope this helps!
Related Topics
How to Validate Overlapping Times in Rails with Postgresql
Can't Install Nokogiri for Ruby in Windows
Puzzled Over Palindromic Product Problem
Encoding Problems in Rails on Ruby 1.9.1
How to Handle Omniauth Callbacks in Multiple Environments
Rails3 Activerecord::Statementinvalid:... No Such Table in Every Test
How to Fix a Deadlock in Join() in Ruby
Sinatra Not Persisting Session with Redirect on Chrome
How to Open File in Default Application. Ruby
Server Sent Events and Rails Streaming
Error While Starting Puma Server with Workers
Download a Carrierwave Upload from S3
Rails How to Tell If a Sidekiq Worker Is Done with Perform_Async