what is recommended for handling password for new

2019-08-09 01:24发布

问题:

When let users sign in using Facebook, I create a new devise user after first authentication, the question is what is the better practice to do regarding the password of newly created user ?

1. Fill it with a random token?

Then, how would the user know the newly created password ?

a. Shall I send him an email?
b. Write it as a flash message after his first Facebook authentication ?

I know that user might not need to have a password as he can always sign in with Facebook, but, he might need to update his devise user fields, which will require the password.

2. Leave it blank?

Then, any one know the email will be able to sign in using the devise sign in form.

3. Show a modal window asking for password?

Doing so, it will add a step before user can eventually access the website.

So, what's the recommended approach? any advise?

EDIT

Ryan Bates on RailsCasts at http://railscasts.com/episodes/236-omniauth-part-2?view=asciicast

redirect the user to a form where they can fix any problems if the validation fails when trying to save the new user, he avoided rendering passwords fields for brand-new users:

<h2>Sign up</h2>

<%= form_for(resource, :as => resource_name, :url => registration_path(resource_name)) do |f| %>
  <%= devise_error_messages! %>

  <p><%= f.label :email %><br />
  <%= f.text_field :email %></p>

<% if @user.password_required? %>
  <p><%= f.label :password %><br />
  <%= f.password_field :password %></p>

  <p><%= f.label :password_confirmation %><br />
  <%= f.password_field :password_confirmation %></p>
<% end %>
  <p><%= f.submit "Sign up" %></p>
<% end %>

<%= render :partial => "devise/shared/links" %>

But, what will happen when a OmniAuth registered user try sign in using devise sign in ?

回答1:

Ryan Bates covered this on RailsCasts and suggests you redirect them to a page after they've signed up with their oauth account.

This way you can still register users in the normal way plus you're sill validating the model.

We do this so out customers can sign up with different providers and still keep our devise registration in place.

Have a read of this:

http://railscasts.com/episodes/236-omniauth-part-2?view=asciicast

If that's not helpful, let me know and I'll see what else we can find for you