According to this issue, if I do not require my users to "confirm" their account after creating it, then I can pass this option to the config, config.allow_unconfirmed_access_for = nil
, which I found in this issue. However, what is unclear to me is the rest of the configuration for confirmable:
i) Do I need update my Devise User model with devise :confirmable
? Right now it looks like this and does not have :confirmable
passed:
devise :database_authenticatable, :registerable, :recoverable, :rememberable, :validatable
ii) Also, what needs to change with regards to the migration file? With config.allow_unconfirmed_access_for = nil
, do I need to uncomment the confirmable fields in my migration file as specified in these docs? Or do I leave the comments alone?
Currently I am using Rails 6.0.1
and Devise 4.7.1
.
The confirmable module is not enabled by default. To "disable" it you just remove the module name from the call to the devise
method in the model:
class Person < ApplicationRecord
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :validatable
end
The config.allow_unconfirmed_access_for
setting does absolutely nothing without the confirmable module enabled.
The reason you would want to use config.allow_unconfirmed_access_for = nil
is if you want to use Devise::Confirmable
to confirm emails but not use it to restrict authorization. Many apps for example restrict certain features to users that have confirmed their email - but you can still log in how ever long you want with an unconfirmed email.