Devise - How do I forbid certain users from signing in?

Question

I am using Devise for authentication in my application.

How do I forbid certain users from signing in - kind of disable a user?

Answer 1

Do it like this:

Create a column called is_active for the User model.

Then add the code below to the User model:

class User < ActiveRecord::Base
  #this method is called by devise to check for "active" state of the model
  def active_for_authentication?
    #remember to call the super
    #then put our own check to determine "active" state using 
    #our own "is_active" column
    super and self.is_active?
  end
end

UPDATE

As Matt Huggins notes, the method is now called active_for_authentication? (Documentation)

Answer 2

Add a column to the User model: allowed_to_log_in.

Then add this to /app/models/user.rb:

def active_for_authentication?
    super and self.allowed_to_log_in?
end

If you want to inform the user with a custom message you can add this as well:

def inactive_message
    "You are not allowed to log in."
end

I think that is quite important because the standard message from Devise says:

"Your account is not activated yet."

That is confusing for users and the real reason is that you have "banned" them from logging in.