× {{alert.msg}} Never ask again
Receive New Tutorials
GET IT FREE
Tutorials  /  Ruby on Rails

Tutorial: Automatically Authenticate Email Login Tokens With Rails & Devise

#Ruby on Rails  
– {{showDate(postTime)}}

Codementor Ruby Expert Adam Derewecki is a former director of web engineering at ApartmentList.com, hacker at Causes.com, and one of the first technical leads at Yelp.com. Presently he’s bootstrapping his P2P camera rental startup, www.CameraLends.com, using Rails/Heroku.

This article was originally posted on his blog.

Building Automatic Login Tokens for Emails with Rails and Devise

When you build out your product, it’s important to listen to your what your users are telling you. But it’s more important to read between the lines to discover what the underlying problems actually are. For example, I’ve noticed that login is a problem on CameraLends: forgotten email addresses resulting in dupe accounts, signing up on desktop then clicking a reservation email from their phone, signing up via Facebook and trying to login with a password, and other variations. From my viewpoint looking over the entire ecosystem, it was pretty clear that automatic login links in transactional emails would alleviate much of the pain.

Automatic login links can be implemented by inserting a per-user secret token into the URL parameters. The back-end system to this can be simple or very complex, depending on your requirements. Some of the trade-offs I evaluated:

  • How long should the login tokens work?
  • Do we need to keep track of the last X tokens or just the most recent?
  • Should links with tokens be automatically built, or specified on a
    per-link basis?

For my purposes, I decided the simplest solution was a good place to start: only the last email’s login link would work, and adding the token to links in emails would not be automatic. We need to add one column token to our User model:

rails g migration AddTokenToUser token:string

And then add a method to the User model that generates and stores new tokens:

Next, we need to create a before_filter that checks for the presence of a token and handles it:

At this point, we’ve got a barely-minimum viable product: from a Rails console, you can create a token for a user and then construct a link to log in as that user. I’d recommend doing that to test the system is working so far.

Actually hooking the login token into select links is very simple. Generate a new token in the mailer and add the token as a URL parameter in the template:

And that’s it. By scoping it down, it only took a few lines of code and will solve the problem for my most important emails (about four).

Adam DereweckiNeed Adam’s help? Book a 1-on-1 session!

View Adam’s Profile

or join us as an expert mentor!



Write for Us
RSS
Author
Adam Derewecki
Adam Derewecki
5.0
Formerly at Yelp, Everlane, AdRoll, ApartmentList, Causes, Snapdocs. Founded CameraLends.
I've been in the game for about 10 years at various companies. Hit me up for webdev help or if you'd like to practice your technical interview skills!
Hire the Author

Questions about this tutorial?  Get Live 1:1 help from Ruby on Rails experts!
Itamar Yunger
Itamar Yunger
5.0
I am a Ruby on Rails Developer programming in Ruby, JavaScript, HTML/5, AJAX, CSS on Linux / Apache / MySQL / Ruby / MongoDB / Python / Amazon /...
Hire this Expert
Akpotu Marvelous
Akpotu Marvelous
5.0
An observant problem solver
Full stack web developer
Hire this Expert
Related Tutorials
How To Build a Blog using Froala-WYSIWYG
Finding Performance Bottlenecks in Your Rails API
Export Records to CSV Files using Rails
Rails. Omniauth with devise (github example)
Avoid Instance Variables, Use Getters and Setters
comments powered by Disqus