ruby-on-railsdevisedevise-confirmable

Devise Confirmable -- How To Disable Confirmation Feature?


According to this issue, if I do not require my users to "confirm" their account after creating it, then I can pass this option to the config, config.allow_unconfirmed_access_for = nil, which I found in this issue. However, what is unclear to me is the rest of the configuration for confirmable:

i) Do I need update my Devise User model with devise :confirmable? Right now it looks like this and does not have :confirmable passed:

devise :database_authenticatable, :registerable, :recoverable, :rememberable, :validatable

ii) Also, what needs to change with regards to the migration file? With config.allow_unconfirmed_access_for = nil, do I need to uncomment the confirmable fields in my migration file as specified in these docs? Or do I leave the comments alone?

Currently I am using Rails 6.0.1 and Devise 4.7.1.


Solution

  • The confirmable module is not enabled by default. To "disable" it you just remove the module name from the call to the devise method in the model:

    class Person < ApplicationRecord
      # Include default devise modules. Others available are:
      # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
      devise :database_authenticatable, :registerable,
             :recoverable, :rememberable, :validatable 
    end
    

    The config.allow_unconfirmed_access_for setting does absolutely nothing without the confirmable module enabled.

    The reason you would want to use config.allow_unconfirmed_access_for = nil is if you want to use Devise::Confirmable to confirm emails but not use it to restrict authorization. Many apps for example restrict certain features to users that have confirmed their email - but you can still log in how ever long you want with an unconfirmed email.