1

According to this issue, if I do not require my users to "confirm" their account after creating it, then I can pass this option to the config, config.allow_unconfirmed_access_for = nil, which I found in this issue. However, what is unclear to me is the rest of the configuration for confirmable:

i) Do I need update my Devise User model with devise :confirmable? Right now it looks like this and does not have :confirmable passed: 

devise :database_authenticatable, :registerable, :recoverable, :rememberable, :validatable

ii) Also, what needs to change with regards to the migration file? With config.allow_unconfirmed_access_for = nil, do I need to uncomment the confirmable fields in my migration file as specified in these docs? Or do I leave the comments alone?

Currently I am using Rails 6.0.1 and Devise 4.7.1.

robskrob
  • 2,720
  • 4
  • 31
  • 58
  • What exactly are you asking here? Do you have an app that with confirmable and you want to remove the feature? Or do you just want to create an app without confirmable (which is the default for devise)? – max Jan 03 '20 at 17:59
  • Or do you want for some really strange reason to create an app with confirmable that doesn't require confirmation at all? – max Jan 03 '20 at 18:01
  • Hi @max, I want to "create an app without confirmable" -- in other words, I want to create an app where my users do not need to confirm their account. – robskrob Jan 03 '20 at 18:04
  • So if I understand you correctly, are you saying that I do not need to make any code changes? I just leave the User model, the migrations and the config as it was created with the devise generated `$ rails generate devise user`. – robskrob Jan 03 '20 at 18:05
  • 1
    Yeah thats the devise default so you don't have to do anything. Confirmable is opt-in. – max Jan 03 '20 at 18:06
  • @max that is interesting because here, https://github.com/plataformatec/devise/blob/master/lib/generators/templates/devise.rb#L139-L140, it suggests to set `config.allow_unconfirmed_access_for` to `nil`. – robskrob Jan 03 '20 at 18:07
  • But then as you suggested, the comments go on to say that `nil` is the default https://github.com/plataformatec/devise/blob/master/lib/generators/templates/devise.rb#L149-L150 so :shrug: – robskrob Jan 03 '20 at 18:09
  • Thats under the segment `# ==> Configuration for :confirmable`. The configuration setting also does absolutely nothing unless you have `devise ..., :confirmable` in your model. Its also commented out. – max Jan 03 '20 at 18:10
  • Ok thank you @max I think I understand now. – robskrob Jan 03 '20 at 18:11

1 Answers1

2

The confirmable module is not enabled by default. To "disable" it you just remove the module name from the call to the devise method in the model:

class Person < ApplicationRecord
  # Include default devise modules. Others available are:
  # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
  devise :database_authenticatable, :registerable,
         :recoverable, :rememberable, :validatable 
end

The config.allow_unconfirmed_access_for setting does absolutely nothing without the confirmable module enabled.

The reason you would want to use config.allow_unconfirmed_access_for = nil is if you want to use Devise::Confirmable to confirm emails but not use it to restrict authorization. Many apps for example restrict certain features to users that have confirmed their email - but you can still log in how ever long you want with an unconfirmed email.

max
  • 96,212
  • 14
  • 104
  • 165