Posted 9 months ago. Visible to the public. Repeats. Linked content.

Devise: Don't forget to lock users with soft delete

There are two ways to lock a user in devise.

  1. Using the lockable module
  2. Customizing the user account status validation when logging in.

It depends on your requirements which methods works best.

Locking a user on soft delete

We recommend to use option 2 when you want to couple the lock to the model's soft delete logic. Option 1 might also work when setting both the lock_strategy and unlock_strategy to none.

Copy
class User < ApplicationRecord def active? !trashed? end def active_for_authentication? # You can also choose a different I18n key (default :inactive), if you don't want to show the message "Your account is not activated yet." super && active? end end

Your tests should at least cover:

  • Signed in users are logged out on the next request once they get trashed
  • Resetting the password will not allow the user to sign in again
Growing Rails Applications in Practice
Check out our new e-book:
Learn to structure large Ruby on Rails codebases with the tools you already know and love.

Owner of this card:

Avatar
Emanuel De
Last edit:
9 months ago
by Emanuel De
About this deck:
We are makandra and do test-driven, agile Ruby on Rails software development.
License for source code
Posted by Emanuel De to makandra dev
This website uses cookies to improve usability and analyze traffic.
Accept or learn more