Posted 6 months ago. Visible to the public. Repeats. Linked content.

Devise: Don't forget to lock users with soft delete

There are two ways to lock a user in devise.

  1. Using the lockable module
  2. Customizing the user account status validation when logging in.

It depends on your requirements which methods works best.

Locking a user on soft delete

We recommend to use option 2 when you want to couple the lock to the model's soft delete logic. Option 1 might also work when setting both the lock_strategy and unlock_strategy to none.

Copy
class User < ApplicationRecord def active? !trashed? end def active_for_authentication? # You can also choose a different I18n key (default :inactive), if you don't want to show the message "Your account is not activated yet." super && active? end end

Your tests should at least cover:

  • Signed in users are logged out on the next request once they get trashed
  • Resetting the password will not allow the user to sign in again

makandra has been working exclusively with Ruby on Rails since 2007. Our laser focus on a single technology has made us a leader in this space.

Owner of this card:

Avatar
Emanuel De
Last edit:
5 months ago
by Emanuel De
About this deck:
We are makandra and do test-driven, agile Ruby on Rails software development.
License for source code
Posted by Emanuel De to makandra dev
This website uses cookies to improve usability and analyze traffic.
Accept or learn more