TechQA.

Invite system design for Ruby on Rails application

1.2k views Asked by At

I have a requirement for an authenticated user to be able to send an invite to someones email address. On clicking this invite, the user would be prompted to sign up, and on completion, would be associated with the same account as the originator.

I am struggling to design a secure mechanism for ensuring the invited user is associated with the intended account, and no other.

(If it's of help, I am using Ruby 2, Rails 4, and the sorcery gem for authentication)

ruby-on-rails authentication ruby-on-rails-4 sorcery
Original Q&A
1

There are 1 answers

3
palkan On BEST ANSWER

The following works:

  1. Use Sorcery User Activation submodule

  2. On 'invite' action create User (non-active) and attach her to the account. Send invitation email with activation link, e.g. http://example.com/users/:token/activate.

  3. In your users_controller#activate:

user = User.load_from_activation_token(params[:token])
... # update user fields, e.g. set password
user.activate!

Related Questions in RUBY-ON-RAILS

Related Questions in AUTHENTICATION

Related Questions in RUBY-ON-RAILS-4

Related Questions in SORCERY

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions