2

I have a controller filter that should logout a user if their account is expired, but I can't figure out an easy way to do it.

I tried:

if user_signed_in? && current_user.status == 'expired'
  redirect_to destroy_user_session_path
end

But the above doesn't work, because Devise wants a DELETE action on the logout path, so you can't just redirect to it.

Yarin
  • 173,523
  • 149
  • 402
  • 512

1 Answers1

5

active_for_authentication?

After authenticating a user and in each request, Devise checks if your model is active by calling model.active_for_authentication?. This method is overwritten by other devise modules. For instance, :confirmable overwrites .active_for_authentication? to only return true if your model was confirmed.

You overwrite this method yourself, but if you do, don't forget to call super:

def active_for_authentication?
  super && special_condition_is_valid?
end

Look at the documentation to find out more details and an example. This doc will also help you.

Gopal S Rathore
  • 9,885
  • 3
  • 30
  • 38
  • Thanks, this almost gets me there. The problem with this is that I can't distinguish between a user that hasn't yet been confirmed (I use confirmable) and a user that's inactive for another reason (expired/suspended/etc). Any ideas? – Yarin Dec 13 '13 at 13:56
  • 2
    Figured it out- you just have to override `inactive_message` on the user for the correct condition- see http://stackoverflow.com/a/14966003/165673 – Yarin Dec 13 '13 at 15:00