Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Whitelisting with devise

I am using devise to manage user authentication in my rails app. Devise is really great for that.

However I have a special requirement for my application: A user must be whitelisted before he can register as a User.

So there is a admin which creates a list of allowed emails. A user registers with a email and if the email is in the whitelist table he will be registered. If however, the mail is not in the whitelist, the registration should be aborted with a message like "You are not yet invited".

Do you have an idea how that could be solved with devise?

Thanks in advance.

like image 391
Simon Avatar asked Mar 02 '11 12:03

Simon


3 Answers

I would just use model validation. I'm assuming your User class has the devise method

class User < ActiveRecord::Base
  devise :database_authenticatable, :registerable #etc

  before_validation :whitelisted

  def whitelisted
    unless celebrityemail.include? email
      errors.add :email, "#{email} is not on our invitation list"  
    end
  end 

end
like image 180
Jesse Wolgamott Avatar answered Sep 17 '22 13:09

Jesse Wolgamott


What you can do is create your own registrations controller and extend the device one like:

class MyRegistrationController < Devise::RegistrationsController
  def create
    # do your checks
    super
  end
end

see: https://github.com/plataformatec/devise/blob/master/app/controllers/devise/registrations_controller.rb And: https://github.com/plataformatec/devise/wiki/How-to:-Customize-routes-to-user-registration-pages

Good luck!

like image 26
Danny Hiemstra Avatar answered Sep 20 '22 13:09

Danny Hiemstra


I did create my own controller as suggested:

class Users::RegistrationsController < Devise::RegistrationsController
    def create
        email = params[:user][:email]
        if Admin::Whitelist.find_by_email(email) != nil
            super
        else
            build_resource

            set_flash_message :error, "You are not permitted to sign up yet. If you have already payed your registration fee, try again later."
            render_with_scope :new
        end
    end
end

I placed it in app/users/registrations_controller.rb. Then I had to copy the devise registration views into app/views/users/registrations because the default views were not used.

It is working now, thanks for your help

like image 40
Simon Avatar answered Sep 20 '22 13:09

Simon