Add a subdomain condition for the password to reset the request in the "Development with Rails3" section?

Question

Add a subdomain condition for the password to reset the request in the "Development with Rails3" section?

I installed Devise (on Rails 3) to use Basecamp-style subdomain authentication. Under this model, a user can be registered twice in different subdomains with the same email address.

For instance:

class User < ActiveRecord::Base belongs_to :account end class Account < ActiveRecord::Base # subdomain attribute stored here end

User 1 is registered on company1.myapp.com with an email address bob@acme.com
User 2 is registered on company2.myapp.com with an email address bob@acme.com

(Both users are managed by the same person, but belong to different subdomains.)

Logging in works fine, but the standard Reset password only looks at the email address, so you can only reset the password for user 1 . What I would like to do is to consider the subdomain of the request, so the Reset password from company2.myapp.com/password/new will be Reset password for user 2 .

The developer is looking for a user using the find_first method, which I think does not accept joining, so I cannot include the condition :account => {:subodmain => 'comapny2'} .

I can override send_reset_password_instructions to manually search for a user record, but it feels hacked, and I will need to do this for send_confirmation_instructions .

Is there a better way?

+4

ruby-on-rails devise

msmithstubbs May 05 '11 at 12:33

source share

3 answers

Mike mazur · Answer 1 · 2011-05-05T14:03:27+0000

It looks like this can be configured with devise_for in the routes file.

From my reading of the source (and I actually didn’t), you can add the reset_password_keys option. They must include a subdomain. This is passed to find_or_initialize_with_errors from send_reset_password_instructions to lib/devise/models/recoverable.rb . In find_or_initialize_with_errors these are only the keys that are used to find the resource .

You probably also want to override the Devise::PasswordsController#new pattern to enable the user subdomain when sending a reset password request.

UPDATE : to eliminate the fact that the subdomain is stored in the account and belongs_to :account user, you can probably use the Rails' delegate .

David Lokhorst · Answer 2 · 2013-01-09T01:40:13+0000

We experienced the same problem. Mike Mazur answered the job, but for one reason: We put :reset_password_keys => [:email, :subdomain] devise :reset_password_keys => [:email, :subdomain] in the devise method devise in our user model.

Luís Maia · Answer 3 · 2014-05-08T09:53:40+0000

I recently implemented this behavior in a Rails 4 application.

... / config / Initializers / devise.rb

 (…) # ==> Configuration for :recoverable # # Defines which key will be used when recovering the password for an account config.reset_password_keys = [:email, :subdomain] (…)

... / application / views / invent / passwords / new.html.erb

 (…) <%= f.input :subdomain, required: true %> (…)

... / application / controllers / users / passwords_controller.rb

 class Users::PasswordsController < Devise::PasswordsController def resource_params params.require(:user).permit(:email, :subdomain, ...) end private :resource_params end

Add a subdomain condition for the password to reset the request in the "Development with Rails3" section?

More articles: