Devise Soft Email Confirmation

Question

I have a rails 3 application that uses Devise and the confirmable module. However, preventing newly registered users from accessing the the site until they confirm their email is causing retention problems. Instead, we would like to instantly grant access to the user and still send them a confirmation email. We would then run a background task to lock out user's who have not confirmed their email within a fixed period of time.

Is this possible with the confirmable module? Is there a way to still create an active resource (user) who hasn't confirmed their email with the confirmable module? Any general advice on implementing this?

Answer 1

I believe you can use confirm_within to specify a lockout constraint. You can enable this when you call devise_for.

http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Confirmable

Also, you can choose to constrain certain behaviors "only" to confirmed users by checking the confirmed? status of your user model. You could do this in the controller, or using CanCan, or whatever. Some tasks on your site probably don't require confirmation; you probably need this more when the user interacts with other people or can use your site to send certain notifications/emails, etc.

Answer 2

To add a litte more detail to the accepted answer. Yes, you can use confirm_within but you need to do this when you call devise not devise_for.

class User
  devise :database_authenticatable, :encryptable, :confirmable, :rememberable,      :timeoutable, :lockable,
     :stretches => 15, :pepper => 'abcdef', :confirm_within => 5.days,
     :remember_for => 7.days, :timeout_in => 15.minutes, :unlock_in => 10.days
end

The above code comes from the models test for devise

You can also set the setting in the config/initializers/devise.rb file with config.confirm_within = 10.days