I am using Devise for authentication in my application.
How do I forbid certain users from signing in - kind of disable a user?
Asked
Active
Viewed 2.2k times
116
-
43This is a valid question and should be reopened - OP is asking "How do I forbid certain users from signing in" using [devise](https://github.com/plataformatec/devise). – Zabba Jun 04 '11 at 18:57
4 Answers
165
Do it like this:
Create a column called is_active for the User model.
Then add the code below to the User model:
class User < ActiveRecord::Base
#this method is called by devise to check for "active" state of the model
def active_for_authentication?
#remember to call the super
#then put our own check to determine "active" state using
#our own "is_active" column
super and self.is_active?
end
end
UPDATE
As Matt Huggins notes, the method is now called active_for_authentication? (Documentation)
-
22Looks like this has been renamed to `active_for_authentication?` instead of just `active?`. – Matt Huggins Jul 30 '11 at 21:31
-
1`the method is now called active_for_authentication?` means that your method name should be `active_for_authentication?` instead of `active?`. – fotanus Feb 12 '14 at 01:07
-
5Devise Wiki - [How to customize user account status validation when logging in](https://github.com/plataformatec/devise/wiki/How-To%3a-Customize-user-account-status-validation-when-logging-in) – jaustin Mar 17 '15 at 17:40
-
Important note: `active_for_authentication?` has to be a public method! – Mladen Jablanović Feb 17 '16 at 22:20
-
2
-
To customize the error message, see the Devise docs here: https://github.com/heartcombo/devise/wiki/How-To%3A-Customize-user-account-status-validation-when-logging-in#customize-error-message – stwr667 Jan 19 '20 at 12:23
-
26
Add a column to the User model: allowed_to_log_in.
Then add this to /app/models/user.rb:
def active_for_authentication?
super and self.allowed_to_log_in?
end
If you want to inform the user with a custom message you can add this as well:
def inactive_message
"You are not allowed to log in."
end
I think that is quite important because the standard message from Devise says:
"Your account is not activated yet."
That is confusing for users and the real reason is that you have "banned" them from logging in.
Oyvkva
- 491
- 6
- 9
-
I am implementing a user suspension feature which works however the inactive_message "Your account is currently suspended" is displayed for now user signups too. Can I have different inactive messages for new account activation and user suspension? – Dercni Aug 08 '17 at 00:21
-
http://kiprosh.com/blog/customizing-devise-authentication-to-disable-or-enable-user-authentication – Dercni Aug 08 '17 at 00:56
-
1
-
I have defined same method as you mentioned here. but devise default message is showing. I am expecting custom message for inactive account. Can someone help me? Thank you. – Pooja Mane Apr 05 '22 at 11:05
0
You want to do authorization, not authentication. Devise only does authetication, though.
I.e. devise only tells you that a user is who he says he is.
You need something else to forbid him from using the site.
Authorization is a popular topic and there's a whole list of gems that can help you with it:
http://ruby-toolbox.com/categories/rails_authorization.html
Take your pick.
x10
- 3,820
- 1
- 24
- 32
-
6I know the difference. The thing is that I want to forbid the user to signin, not accessing certain controller. – Dimitar Vouldjeff May 14 '11 at 20:01
-2
Sounds like you may be interested in cancan
ecoologic
- 10,202
- 3
- 62
- 66
-
1This isn't an answer to the question asked. Most people know the difference between authorization and authentication. The question was how do you make it so a user can't login. – isaacsloan Jul 02 '15 at 17:47