Module: Devise::Models::Expirable
- Extended by:
- ActiveSupport::Concern
- Defined in:
- lib/devise_security_extension/models/expirable.rb
Overview
Deactivate the account after a configurable amount of time. To be able to tell, it tracks activity about your account with the following columns:
-
last_activity_at - A timestamp updated when the user requests a page (only signed in)
Options
:expire_after
- Time interval to expire accounts after
Additions
Best used with two cron jobs. One for expiring accounts after inactivity, and another, that deletes accounts, which have expired for a given amount of time (for example 90 days).
Defined Under Namespace
Modules: ClassMethods
Instance Method Summary collapse
-
#active_for_authentication? ⇒ bool
Overwrites active_for_authentication? from Devise::Models::Activatable for verifying whether a user is active to sign in or not.
-
#expire!(at = Time.now.utc) ⇒ Object
Expire an account.
-
#expired? ⇒ bool
Tells if the account has expired.
-
#inactive_message ⇒ Object
The message sym, if #active_for_authentication? returns
false
. -
#update_last_activity! ⇒ Object
Updates
last_activity_at
, called from a Warden::Manager.after_set_user hook.
Instance Method Details
#active_for_authentication? ⇒ bool
Overwrites active_for_authentication? from Devise::Models::Activatable for verifying whether a user is active to sign in or not. If the account is expired, it should never be allowed.
54 55 56 |
# File 'lib/devise_security_extension/models/expirable.rb', line 54 def active_for_authentication? super && !self.expired? end |
#expire!(at = Time.now.utc) ⇒ Object
expired_at
can be in the future as well
Expire an account. This is for cron jobs and manually expiring of accounts.
44 45 46 47 |
# File 'lib/devise_security_extension/models/expirable.rb', line 44 def expire!(at = Time.now.utc) self.expired_at = at save(:validate => false) end |
#expired? ⇒ bool
Tells if the account has expired
29 30 31 32 33 34 35 36 |
# File 'lib/devise_security_extension/models/expirable.rb', line 29 def expired? # expired_at set (manually, via cron, etc.) return self.expired_at < Time.now.utc unless self.expired_at.nil? # if it is not set, check the last activity against configured expire_after time range return self.last_activity_at < self.class.expire_after.ago unless self.last_activity_at.nil? # if last_activity_at is nil as well, the user has to be 'fresh' and is therefore not expired false end |
#inactive_message ⇒ Object
The message sym, if #active_for_authentication? returns false
. E.g. needed for i18n.
60 61 62 |
# File 'lib/devise_security_extension/models/expirable.rb', line 60 def !self.expired? ? super : :expired end |
#update_last_activity! ⇒ Object
Updates last_activity_at
, called from a Warden::Manager.after_set_user hook.
22 23 24 |
# File 'lib/devise_security_extension/models/expirable.rb', line 22 def update_last_activity! self.update_column(:last_activity_at, Time.now.utc) end |