According to this issue, if I do not require my users to "confirm" their account after creating it, then I can pass this option to the config, config.allow_unconfirmed_access_for = nil, which I found in this issue. However, what is unclear to me is the rest of the configuration for confirmable:
i) Do I need update my Devise User model with devise :confirmable? Right now it looks like this and does not have :confirmable passed:
devise :database_authenticatable, :registerable, :recoverable, :rememberable, :validatable
ii) Also, what needs to change with regards to the migration file? With config.allow_unconfirmed_access_for = nil, do I need to uncomment the confirmable fields in my migration file as specified in these docs? Or do I leave the comments alone?
Currently I am using Rails 6.0.1 and Devise 4.7.1.
The confirmable module is not enabled by default. To "disable" it you just remove the module name from the call to the devise method in the model:
class Person < ApplicationRecord
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :validatable
end
The config.allow_unconfirmed_access_for setting does absolutely nothing without the confirmable module enabled.
The reason you would want to use config.allow_unconfirmed_access_for = nil is if you want to use Devise::Confirmable to confirm emails but not use it to restrict authorization. Many apps for example restrict certain features to users that have confirmed their email - but you can still log in how ever long you want with an unconfirmed email.