How do we make devise verification and reset email links for only 24 hours and only a 1 time link?

Question

I am using ruby on rails for the back end.

Its a research based question. I tried searching but didn't get any solution.

Any kind of help is greatly appreciated.

Thanks in advance!!!

score 0 · Answer 1 · answered Feb 01 '17 at 01:35

0

Firstly... the term you're looking for is probably "confirmation" not "verification" right? you are talking about the email that lets a user confirm their email address? (and the password reset one)?

in which case the best place to start looking is Devise's confirmable documentation: https://github.com/plataformatec/devise/blob/master/lib/devise/models/confirmable.rb

which seems to have this:

* confirmation_sent_at - A timestamp when the confirmation_token was generated (not sent)

That looks like you could use that to determine if the confirmation_sent_at was over x.days.ago and if it was... decide what to do with it then.

You will likely find something similar for password-resets too.

answered Feb 01 '17 at 01:35

Taryn East

27,486
9
86
108

Taryn East Thank you for the link, will look into it. – Savvy Feb 01 '17 at 09:14
I saw the code but there are many methods for verifying where the user has accessed the link within a definite time period. Do I have to implement all? I tried using it but it keeps showing error. Do you have a straight forward example where any one has utilized it? – Savvy Feb 01 '17 at 09:46
1

Taryn East: There are 2 fields in the devise.rb file config.reset_password_within = 2.minutes and config.confirm_within = 2.minutes I have changed these but does not work though. I thought of mentioning this to you. Do you know about it? – Savvy Feb 01 '17 at 10:05
They sound right... but if you're getting an error, then that is likely significant - you'll need to update your question and add the errors in so that we can help you. Also any config you have and any code you've written... Of course this question has then changed from being a research question into being an actual question... so it might be worth writing up another question with all these details in it. You can link to the new question from the comments here so that we'll see it :) – Taryn East Feb 01 '17 at 20:16

score 0 · Answer 2 · answered Feb 01 '17 at 06:45

0

Maybe this will help you Allowing Unconfirmed Access

# in Devise Initializer
config.allow_unconfirmed_access_for = 365.days

answered Feb 01 '17 at 06:45

Takamura

302
1
4
16

Thanks for the link but it is not what I am looking for. – Savvy Feb 01 '17 at 09:47

How do we make devise verification and reset email links for only 24 hours and only a 1 time link?

2 Answers2