Generating unique urls to share with other users

I would like Users who are members in a Group to be able to share and invite other users through a unique url. I’m having trouble figuring out how to do this. My initial assumption is to generate a link using Digest::MD5.hexdigest and adding a method to the Group model. I’m not sure if this is the right approach.

The functionality is as followed:

  • User creates a group (automatically set as the admin)

  • Admin user can invite other users through the unique share link. He emails, messages, etc. this unique url to the people he would link in the group

  • The invited user clicks the link and is directed to the groups show page where he is prompted to login or create an account

  • Newly added user can now also invite other users with a unique share link.

        class Group < ActiveRecord::Base
        attr_accessible :name, :share_link
        has_many :memberships
        has_many :users, :through => :memberships
        validates: name, presence: :true
        def generate_link(user)
      class Membership < ActiveRecord::Base
        belongs_to :user
        belongs_to :group
        attr_accessible :group_id, :user_id, :admin
      class Post < ActiveRecord::Base
        belongs_to :user
        attr_accessible :title, :url, :user_id
        validates :title, presence: :true
      class User < ActiveRecord::Base
        attr_accessible :name, :provider, :uid
        has_many :memberships
        has_many :groups, :through => :memberships
        has_many :posts


WeeklyTrim::Application.routes.draw do

  resources :groups, :except => [:index] do
    resources :posts

  get "sessions/create"

  get "pages/home"
  get "pages/welcome"
  get "pages/no_access"
  post "groups/email"
  post "/join_groups/create"
  delete "/join_groups/destroy"
  match "/welcome" => "pages#welcome"
  match "/pages/no_access" => "pages#no_access"
  match "/auth/:provider" => redirect("http://#{DOMAIN_NAME}/auth/#{:provider}"), :as => :signin
  match '/auth/:provider/callback' => 'sessions#create'
  match '/signout' => 'sessions#destroy', :as => :signout
  root :to => 'pages#index'

I think you’re going to run into trouble with this approach.

The issue is that in some controller you’re going to need to take a hex digest and figure out which Group and User it’s for. But you can’t reverse MD5 hashes in this way. So you’d need to generate all the possible digests for a Group and its set of Users and do a lookup.

I’d recommend taking roughly the same approach, but using something reversible, like a Base64 encoding of the user_id and group_id. Give that a shot and see if you can get it to work.

just provide a unique md5 for each invite (like invite/big-md5-hash-value ). google for password reset examples (which is about what you are asking for). That way you can manage expirations etc …