Forum: Ruby on Rails How to create first user for sign in using devise

0c22cc317d52edd6339897efa85ed7fa?d=identicon&s=25 Tushar Patil (Guest)
on 2013-07-22 13:51
(Received via mailing list)
Hi,
   I want to authentication for sign in and sign out, i add gem file and
create a user model using devise in rails3, i want to create a user for
first sign in and sign out, how  can i create, any suggestion.
Ce5e201eca55d4f79d0ead9acc91d544?d=identicon&s=25 Dheeraj Kumar (Guest)
on 2013-07-22 13:52
(Received via mailing list)
Create a new User object, then fill in the fields, and call save.

--
Dheeraj Kumar
Fcd85a1b175624621cf2ed0cd0616b37?d=identicon&s=25 Emil S. (emil_s)
on 2013-07-22 15:20
(Received via mailing list)
I use email for login , so I do this in the console/database seed file :
    User.create(email: 'test@test.com', password: 'password123',
password_confirmation: 'password123')
Then I log in with the "test@test.com" and "password123"
280b78a61a968391b7e07e912be102a8?d=identicon&s=25 Robert Walker (robert4723)
on 2013-07-22 17:39
Emil S. wrote in post #1116233:
> I use email for login , so I do this in the console/database seed file :
>     User.create(email: 'test@test.com', password: 'password123',
> password_confirmation: 'password123')
> Then I log in with the "test@test.com" and "password123"

Personally speaking, I generally dislike the practice of using email
addresses as usernames. Yes, it has a certain convenience. Convenience
will always be in contention with security.

There are a number of reasons for this:

1. If the site gets hacked there is no way to protect email addresses
from exposure. If email addresses are kept separate from the user
account information then it is at least possible to protect them from a
hack against the user login info.

2. If a user changes their email address (or otherwise loses control of
their email account) they have no way to verify themselves in case they
need to reset their password.
Ec2c1a36301b0223c3e281bd2ec3f37a?d=identicon&s=25 Dave Aronson (Guest)
on 2013-07-22 18:45
(Received via mailing list)
On Mon, Jul 22, 2013 at 11:39 AM, Robert Walker <lists@ruby-forum.com>
wrote:

> I generally dislike the practice of using email
> addresses as usernames.

Amen!  In addition to the reasons you list, people often have multiple
addresses at once -- I myself have several, not even including the
hundreds of special-purpose ones I make up on the fly at my domains.
Then, logging into a system you haven't been on in years, do they
really expect you to remember *which* address you used back then *for
that site*?  Meanwhile, I use the same username almost everywhere;
just about the only exceptions are a few places where that's too long,
or it has to have both letters and digits.  (Yes I mean the username,
not the password!)

-Dave

--
Dave Aronson, the T. Rex of Codosaurus LLC,
secret-cleared freelance software developer
taking contracts in or near NoVa or remote.
See information at http://www.Codosaur.us/.
1a4ff0766a653c62e0dab34bacda9873?d=identicon&s=25 Norbert Melzer (Guest)
on 2013-07-22 19:03
(Received via mailing list)
Devise has a wonderful kickstarter, just take a look into the readme and
follow the steps.
Am 22.07.2013 13:50 schrieb "Tushar Patil" <tushar01patil@gmail.com>:
Fcd85a1b175624621cf2ed0cd0616b37?d=identicon&s=25 Emil S. (emil_s)
on 2013-07-23 10:40
(Received via mailing list)
The user actually "uses" the email ID and can remember it . I can never
remember my "usernames" , usually. Also "forgot password" becomes easy
with
email ID's . But then again, to each, his own.
280b78a61a968391b7e07e912be102a8?d=identicon&s=25 Robert Walker (robert4723)
on 2013-07-23 14:55
Emil S. wrote in post #1116325:
> The user actually "uses" the email ID and can remember it . I can never
> remember my "usernames" , usually. Also "forgot password" becomes easy
> with
> email ID's . But then again, to each, his own.

Yes "forgot password" is easy that way. It's also easy for the hacker
who hijacks the email account used to sign into the site. Not only does
the owner of the email account lose access to their email itself, but to
any web site that user accesses using their email address as their
login. Worse yet, it's highly likely there's information available in
their email that gives the hacker good clues as to what online services
they actually use.

Convenience is the enemy of security. The trick is to understand the
risks in order to find the right balance. Ideally multi-factor
authentication should be used for any sensitive online service, which is
certainly not convenient, but is vital to protecting online identity.

As for remembering login information, that's what password managers are
for. I myself have well over 100 logins stored in my password manager
each one with unique auto-generated passwords. With such a tool I only
have to remember (and protect) a single password.

Any conveniences employed by online services do nothing for me besides
reduce the level of security of that given service.
Aa082c8b00a50928e5860dcd70bf2368?d=identicon&s=25 tamouse m. (tamouse_m)
on 2013-07-23 15:22
(Received via mailing list)
On Jul 23, 2013, at 3:39 AM, Emil S <emil.soman@gmail.com> wrote:

> The user actually "uses" the email ID and can remember it . I can never remember
my "usernames" , usually. Also "forgot password" becomes easy with email ID's .
But then again, to each, his own.
>

What happens when the user wants to change their email address? I've
encountered sites where I haven't been able to do this as it is the key
thing associated with the account on that site. I've lost accounts
because of this, and they weren't just minor things. One was Amazon,
although it was a long time ago now.
Please log in before posting. Registration is free and takes only a minute.
Existing account

NEW: Do you have a Google/GoogleMail, Yahoo or Facebook account? No registration required!
Log in with Google account | Log in with Yahoo account | Log in with Facebook account
No account? Register here.