Hello,
I want to use Devise for authecation.
The only thing I need is that I as admin can register user with a password.
If the user looses her/his password then I get a mail and I as admin can make a new one.
Which modules can I use the best ?
Roelof
Hello,
I want to use Devise for authecation. The only thing I need is that I as admin can register user with a password. If the user looses her/his password then I get a mail and I as admin can make a new one.
Which modules can I use the best ?
Take a look at devise_invitable. That lets you invite a new user to your site (and if you close off the registration module, then you can't just sign up yourself). The user gets to set her own password when she accepts the invitation mail, and then use the password reset system if she forgets it later.
Walter
My app does not invite people,
I trying to make a financial app.
The problem is that I have customers which are also a staff member.
Staff members need a password which I will provide but customers will and must not log into my app,
Roelof
> Hello, > > I want to use Devise for authecation. > The only thing I need is that I as admin can register user with a password. > If the user looses her/his password then I get a mail and I as admin can make a new one. > > Which modules can I use the best ?
Take a look at devise_invitable. That lets you invite a new user to your site (and if you close off the registration module, then you can't just sign up yourself). The user gets to set her own password when she accepts the invitation mail, and then use the password reset system if she forgets it later.
Walter My app does not invite people,
I trying to make a financial app. The problem is that I have customers which are also a staff member.
Staff members need a password which I will provide but customers will and must not log into my app,
Roelof
I'm not aware of any authentication design pattern where the user does not get to set their own password, either through initial registration or through automated reset later. Why do you want to know their password at all, even initially? If the word invitation sets you off, think of it as sending someone their initial account credentials. The first thing they will do is set their own password, and from then on, it's just another account. It doesn't matter if that account is for a customer or a staff person.
I've used invitable in several applications that had multiple user levels (authorization) but that's getting outside of Devise's wheelhouse (authentication). Can you widen the frame a little and explain why you need to set the password for the staff members?
Walter
What I have in mind is a app for a toy library.
So the customers chooses a plan and get yearly a invoice.
but some customers are work for the toy library.
Later on I will try to implement payments by cash or by bank.
Also later on I will try to implement that we know which customer has borrowed which toy and when he/she has to bring it bac
Why I need a password for staff members so they can only see which invoice is not payed or add a payment.
I do not want that customers can see the financial thing of thier own of from another person.
All the data in my 'accounting" system is private for staff members.
Maybe your suggestion about invite can work.
Do you have a project where I can look how things are working then ?
Roelof
Requiring staff to authenticate makes sense.
Having *you set the password* for each staff member does not.
For one thing, it doesn't scale. More importantly, how do you plan to communicate this password to the person? By email? Extremely insecure. By phone? In person? Not always convenient.
Enabling each staff member to *set/reset their own password* is a far more efficient (and common) pattern.
Oke, So im on the wrong path. That is why I could not make it work.
Anyone suggestions how I can make it work with invites or another way ?
Roelof
There are a ton of resources available for using devise. Besides the README, I'd recommend spending some time here:
Good luck,
I agree generally with the sentiment that self-directed password resetting (involving email) is generally best practice.
However, I would defend the user experience convenience of having another way to have their password reset. For example, a company I worked for had a call center where you could reach customer support agents. Although there was a password reset on the site, the customer support agents could also reset someone's password on the phone (Yes, I know -- this makes them responsible for verifying that the person calling is really the person whose account it is, and could abused).
On the back-end, I'm pretty sure the code was as simple as
@user.update_attributes(:password => @new_password, :password_confirmation => @new_password)
OF course, this was called from an Admin controller that only the customer support agents themselves had access to.
Did you try that in the latest version of Devise? I'm pretty sure it works technically speaking (leaving aside the question of whether it's a good idea).
-Jason