Force users to sign out in Devise

Question

I have an app where users have a membership that expires.

I'm working on setting up a before_filter in my applications.rb file to check that they're membership is active prior to letting them in the site.

In my application.rb file:

before_filter :check_account

def check_account
  if user_signed_in?
     if current_user.account.expired
       flash[:error] = "Your account is expired. Please contact Navanti for renewal."
       redirect_to destroy_user_session_path
     end
  end
end

I keep getting a redirect loop error. I'm guessing that it's because of the logout page that's being called is also doing the before_filter, but if I put an except => [:users => :sign_out] it still throws the loop error.

Thanks for the help.

---

Requested Devise Method:

# DELETE /resource/sign_out

def destroy
  redirect_path = after_sign_out_path_for(resource_name)
  signed_out = (Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name))
  set_flash_message :notice, :signed_out if signed_out && is_navigational_format?  

  # We actually need to hardcode this as Rails default responder doesn't
  # support returning empty response on GET request
  respond_to do |format|
    format.any(*navigational_formats) { redirect_to redirect_path }
    format.all do
      head :no_content
    end
  end
end

Answer 1

Try querying the controller/action the following way:

def check_account
  return if params[:controller] == "devise/sessions" && params[:action] == "destroy"
  if user_signed_in?
     if current_user.account.expired
       flash[:error] = "Your account is expired. Please contact Navanti for renewal."
       redirect_to destroy_user_session_path
     end
  end
end

This should eliminate the redirection loop you're having.