Rails 4 confirm a new user's email address

Question

I have gone through the Rails 4 tutorial at http://railstutorial.org/chapters and finished most of the exercises. Several of the suggested extensions to the project are on the top of my list for the next step in creating my application. These are the email confirmation upon signup feature and the remember password feature. I've noticed several gems would help me with this, but when I watched several of the Railscasts and read a few tutorials, they didn't really apply to my situation or involved a complicated gem to handle it all (Devise). Also, it was always assumed in tutorial for Devise that I was starting from scratch, which is not the case as I have said. Can anyone help me or point me in the right direction for accomplishing these two features with the limited experience that I have that is considered safe and simple to implement?

Also, it is worth mentioning that I ultimately chose state_machine as a useful gem to utilize for this functionality as well as future functionality. If anyone has thoughts on that one way or the other, I would love to hear. Right now, two states exist in my User model: inactive and active.

Please let me know if I can clarify anything. Thanks!

Edit:

I'm choosing to implement the signup registration link in the email I send users who signup for my site. I have created a UserMailer class that successfully sends an email to the user upon signup. I'm contemplating where to put the update to the email_token attribute of my users table:

• Option 1:

/app/controllers/users_controller.rb

 ...
 def create
   redirect_to_root_if_signed_in

   @user = User.new(user_params)

   if @user.save
     sign_in @user
+    @user.update_attribute(email_token: User.encrypt(User.new_token))
     UserMailer.signup_confirmation(@user).deliver
     flash[:success] = "Welcome to the Sample App!"
     redirect_to @user
   else
     render 'new'
   end
 end
 ...

• Option 2:

/app/models/user.rb

   before_create :create_email_token

 ...

   private

     def create_email_token
       self.email_token = User.encrypt(User.new_token)
     end

Also:

1. What would I name the controller responsible for responding to the click of the url in the email by the user? How would one format the url so the controller will respond with the toggling the activation state I have? The state is an integer value with names :active and :inactive using the state_machine gem.
2. What is the RESTful way of specifying the route? How do I generate the url in the user_mailer.rb? Should it be a get or put in my routes.rb?

Answer 1

Here is a high level overview of a solution.

On the user model you will need a boolean column with a default state of false. You will also need a string column to store token. A token would be a random string obtained by something like SecureRandom.urlsafe_base64.

Then you should need a controller which will accept the token as a parameter and then find the user by its token and change the value of the aforementioned boolean field.

Next you would need a mailer that would send a email to the user with the url to active the account.

If you have any additional questions let me know.

Answer 2

You could just do it with the token field. When they login and put in the right token (proving they have put in the right email), the token column in their user database entry gets set to null, which means they are validated.