Module: Devise::Models::Expirable::InstanceMethods

Defined in:

lib/devise_security_extension/models/expirable.rb

Instance Method Summary

• #active_for_authentication? ⇒ bool

  Overwrites active_for_authentication? from Devise::Models::Activatable for verifying whether a user is active to sign in or not.

• #expire!(at = Time.now.utc) ⇒ Object

  Expire an account.

• #expired? ⇒ bool

  Tells if the account has expired.

• #inactive_message ⇒ Object

  The message sym, if #active_for_authentication? returns false.

• #update_last_activitiy! ⇒ Object

  Updates last_activity_at, called from a Warden::Manager.after_set_user hook.

Instance Method Details

#active_for_authentication? ⇒ bool

Overwrites active_for_authentication? from Devise::Models::Activatable for verifying whether a user is active to sign in or not. If the account is expired, it should never be allowed.

Returns:

• (bool)

# File 'lib/devise_security_extension/models/expirable.rb', line 56

def active_for_authentication?
  super && !self.expired?
end

#expire!(at = Time.now.utc) ⇒ Object

Note:

expired_at can be in the future as well

Expire an account. This is for cron jobs and manually expiring of accounts.

Examples:

User.expire!
User.expire! 1.week.from_now

# File 'lib/devise_security_extension/models/expirable.rb', line 46

def expire!(at = Time.now.utc)
  self.expired_at = at
  save(:validate => false)
end

#expired? ⇒ bool

Tells if the account has expired

Returns:

• (bool)

# File 'lib/devise_security_extension/models/expirable.rb', line 31

def expired?
  # expired_at set (manually, via cron, etc.)
  return self.expired_at < Time.now.utc unless self.expired_at.nil?
  # if it is not set, check the last activity against configured expire_after time range
  return self.last_activity_at < self.class.expire_after.ago unless self.last_activity_at.nil?
  # if last_activity_at is nil as well, the user has to be 'fresh' and is therefore not expired
  false
end

#inactive_message ⇒ Object

The message sym, if #active_for_authentication? returns false. E.g. needed for i18n.

# File 'lib/devise_security_extension/models/expirable.rb', line 62

def inactive_message
  !self.expired? ? super : :expired
end

#update_last_activitiy! ⇒ Object

Updates last_activity_at, called from a Warden::Manager.after_set_user hook.

# File 'lib/devise_security_extension/models/expirable.rb', line 23

def update_last_activitiy!
  self.last_activity_at = Time.now.utc
  save(:validate => false)
end