Hi all I''m using rails 3.2.1 + devise 2.0.4 My problem is that in my website only : Admin will create new users no direct registration for users. Now when Admin create new_user confirmation mail will be send to the user email id. The content of the mail is user_name user_password But the password come in encrypted format. How I''ll get password in readable form. -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
On Jun 20, 2012, at 9:04 AM, Manish Nautiyal wrote:> Hi all > > I''m using rails 3.2.1 + devise 2.0.4 > > My problem is that in my website only : Admin will create new users no > direct registration for users.The way that I handle this in my applications is to use Devise Invitable, and then restrict the invitation privilege to admins. You don''t get to know the password, because the user sets it herself when she accepts the invitation. But everything else just works. Since you aren''t using registerable, you will need to provide your own "Update my Profile" method in a controller if you want to allow the user to update his profile, but that''s covered in the Wiki. Walter> Now when Admin create new_user > confirmation mail will be send to the user email id. The content of the > mail is > > user_name > user_password > > But the password come in encrypted format. > > > How I''ll get password in readable form. > > -- > Posted via http://www.ruby-forum.com/. > > -- > You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en. >-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Why do you want the password in "readable" form? That goes against the most basic point of even having a password... On Wednesday, June 20, 2012 6:04:30 AM UTC-7, Ruby-Forum.com User wrote:> > Hi all > > I''m using rails 3.2.1 + devise 2.0.4 > > My problem is that in my website only : Admin will create new users no > direct registration for users. Now when Admin create new_user > confirmation mail will be send to the user email id. The content of the > mail is > > user_name > user_password > > But the password come in encrypted format. > > > How I''ll get password in readable form. > > -- > Posted via http://www.ruby-forum.com/. >-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/5-TSYvDH_fEJ. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
On 20 June 2012 14:04, Manish Nautiyal <lists-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org> wrote:> Hi all > > I''m using rails 3.2.1 + devise 2.0.4 > > My problem is that in my website only : Admin will create new users no > direct registration for users. Now when Admin create new_user > confirmation mail will be send to the user email id. The content of the > mail is > > user_name > user_password > > But the password come in encrypted format.How is the initial pwd being setup? If the admin is providing a password then put that in the email. Colin> > > How I''ll get password in readable form. > > -- > Posted via http://www.ruby-forum.com/. > > -- > You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en. >-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Aleksey V Zapparov
2012-Jun-20 15:20 UTC
Re: Re: How to get password from database using devise
On Wed, 20 Jun 2012 08:15:02 -0700 (PDT) Tyler <tyler.warnock-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> Why do you want the password in "readable" form? That goes against > the most basic point of even having a password...He disallows users to register. So only admin can create a user account, so he wants the system to send a message to the user that his account was created with such and such login and pass. -- Sincerely yours, Aleksey V. Zapparov A.K.A. ixti FSF Member #7118 Mobile Phone: +34 677 990 688 Homepage: http://www.ixti.net JID: zapparov-962d5TIgE1qHXe+LvDLADg@public.gmane.org *Origin: Happy Hacking!
On Wednesday, June 20, 2012 8:20:13 AM UTC-7, ixti wrote:> > On Wed, 20 Jun 2012 08:15:02 -0700 (PDT) > Tyler wrote: > > > Why do you want the password in "readable" form? That goes against > > the most basic point of even having a password... > > He disallows users to register. So only admin can create a user > account, so he wants the system to send a message to the user that his > account was created with such and such login and pass. > >I understand the use case, but still doesn''t make sense to store the password in plain text in the database. It''s actually even more pointless if all the users are admins... then they call all just see each others'' passwords. And it gives the illusion of security, when in actuality it''s one params vulnerability away from giving all-encompassing access to any hacker that wants it> > -- > Sincerely yours, > Aleksey V. Zapparov A.K.A. ixti > FSF Member #7118 > Mobile Phone: +34 677 990 688 > Homepage: http://www.ixti.net > JID: zapparov-962d5TIgE1qHXe+LvDLADg@public.gmane.org > > *Origin: Happy Hacking! >-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/OT5gKXacVsMJ. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Manish Nautiyal
2012-Jun-21 04:23 UTC
Re: Re: How to get password from database using devise
Tyler wrote in post #1065431:> On Wednesday, June 20, 2012 8:20:13 AM UTC-7, ixti wrote: >> >> > I understand the use case, but still doesn''t make sense to store the > password in plain text in the database. It''s actually even more > pointless > if all the users are admins... then they call all just see each others'' > passwords. And it gives the illusion of security, when in actuality > it''s > one params vulnerability away from giving all-encompassing access to any > hacker that wants itDear Tyler I don''t want to store password in plain text in database. I just want to send an email to user that your login & password is this. Devise will store password in encrypt form in database. -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.