Devise::Revokable

A module for Devise

This gem was created by “borrowing” heavily from Devise::Invitable

It exists to extend Devise to provide the basis for what is essentially the reverse of the standard confirmable module. Where confirmable sends an email and awaits a response, before confirming a new registration, revokable allows immediate access and sends an email which provides a link to “revoke” the account if it was created fraudulently.

This is useful if you want to lower the barrier to entry to creating accounts, and clearly, if account security isn’t a concern.

Note that tests are non-existent. Use freely but at your own risk.

Configuring

It works like normal Devise modules. Add the :revokable module to the declaration.

# in user.rb
devise :revokable # plus other devise modules

If the user who received the revocation email follows the provided link and confirms revocation, the account will effectively be “revoked” and inactive, unable to log in.

Additionally, you may want to override #revoke! to perfom additional revocation on the account, e.g. deleting posts made, resetting personal information, etc. The super method yields to a block for this purpose.

# in user.rb
def revoke!
  super do
    self.some_method_that_resets_me!
  end
end

That’s about the extent of it. As with typical devise modules you can override the mailers and views with your own. Additionally you can define the module accessor @@mailer on the module with a proc to handle your mail if you need to. This proc is yielded two arguments, the method name (e.g. :revocation_instructions), and the affected resource.

# in config/initializers/devise_revokable.rb
require 'devise_revokable'
require 'my_mailer'

DeviseRevokable.mailer = proc {|method_name, resource| MyMailer.send(:method_name, resource) }