Insufficient documentation for secure_validatable

phatworx / devise_security_extension

An enterprise security extension for devise, trying to meet industrial standard security demands for web applications.

MIT License

747 stars 346 forks source link

Insufficient documentation for secure_validatable #190

Open cameronbourgeois opened 8 years ago

cameronbourgeois commented 8 years ago

I just worked out how to configure email validation when using :secure_validatable

To disable email validation

config.email_validation = false

To specify options (Example is for rails_email_validator)

config.email_validation = { validate_mx: false, allow_idn: false }

If I find the time I will make a pull request.

atstockland commented 8 years ago

Is this the reason validation fails with "Email is invalid" if Im not online? If I'm not connected to the internet I can't run tests or update users due to email validation error---that led me here.

cameronbourgeois commented 8 years ago

Yep @atstockland the validate_mx feature does a DNS lookup to validate MX records.

pmargreff commented 7 years ago

@cameronbourgeois help me a lot, thanks.

jaredready commented 7 years ago

Adding onto this, it's not clear that email validation gets enabled by default. You need to explicitly disable if you don't want it, not just leave the config commented out.

DBDeveloper87 commented 5 years ago

When I use config.email_validator = true and I try to run Rails, it returns an error of Unknown Email Validator. So for now I set it to false and can use the functionality of the rest of this module fine.

I did install the email_address gem, but I can't make heads or tails of how I am supposed to incorporate that into this devise-security gem. I see above for the other gem (which you state on the readme is actually deprecated so I haven't bothered with it), but what is the configuration for the email_address gem for config.email_validator?

cameronbourgeois commented 5 years ago

@DBDeveloper87 as far as I can tell the only email validation gem that is compatible is rails_email_validator, which is well passed it's use-by date judging by the lack of commits in the last 8 years.

TBH the devise_security_extension gem looks to have fallen out of maintenance too.

I'd recommend integrating the email_validator gem directly with your own models rather than through this gem.

UPDATE: I just realised you are probably using this active fork of the project. My bleak comments are regarding the original gem, not that fork which I wasn't aware existed. If I was you I'd look for help by posting an issue on that project :)

atstockland commented 5 years ago

These are the gems I have been using for some time... They are maintained and have given me no trouble.

gem 'valid_email', require: 'valid_email/validate_email' gem 'devise-security'

Firebeam commented 5 years ago

If it helps someone, this supposedly makes valid_email2 work correctly with devise-security: https://github.com/micke/valid_email2/issues/121