Hi, we have a "verify email" email that goes to users when they sign
up. As it is, when they click on the link back to the site, we find
them by the activation code that is stored on the user and is in the
url. The problem is, if they're not logged in, they have to log in
before they can be activated. We use acts as authenticated for our
authentication and we'd like the user to be automatically logged in if
they come in through that link.
I'm not sure how to do that and haven't been able to find anything on
it. Any thoughts?
If you are using the before_filter logged_in? then use the :except =>
[:method_you_want_to_exclude]. Then in the method, after you have
verified that they are legit (or whatever you do), set session[:user] =
to their id. That way, the next time they hit logged_in? it will find
their id in the session and look them up, correctly setting
@current_user. Just know that by excluding that one method, you are
effectively removing authentication in it so you must do something
manually to verify that they are legitimate. It's application specific
obviously, but I assume something like verifying that the code they used
is legit and matches a username or something. Anyway, this should get
you started.
