Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Whitelisting with devise

Tags:

authentication

ruby-on-rails

devise

whitelist

I am using devise to manage user authentication in my rails app. Devise is really great for that.

However I have a special requirement for my application: A user must be whitelisted before he can register as a User.

So there is a admin which creates a list of allowed emails. A user registers with a email and if the email is in the whitelist table he will be registered. If however, the mail is not in the whitelist, the registration should be aborted with a message like "You are not yet invited".

Do you have an idea how that could be solved with devise?

Thanks in advance.

like image 391
Simon Avatar asked Mar 02 '11 12:03

Simon

3 Answers

I would just use model validation. I'm assuming your User class has the devise method

class User < ActiveRecord::Base
  devise :database_authenticatable, :registerable #etc

  before_validation :whitelisted

  def whitelisted
    unless celebrityemail.include? email
      errors.add :email, "#{email} is not on our invitation list"  
    end
  end 

end
like image 180
Jesse Wolgamott Avatar answered Sep 17 '22 13:09

Jesse Wolgamott

What you can do is create your own registrations controller and extend the device one like:

class MyRegistrationController < Devise::RegistrationsController
  def create
    # do your checks
    super
  end
end

see: https://github.com/plataformatec/devise/blob/master/app/controllers/devise/registrations_controller.rb And: https://github.com/plataformatec/devise/wiki/How-to:-Customize-routes-to-user-registration-pages

Good luck!

like image 26
Danny Hiemstra Avatar answered Sep 20 '22 13:09

Danny Hiemstra

I did create my own controller as suggested:

class Users::RegistrationsController < Devise::RegistrationsController
    def create
        email = params[:user][:email]
        if Admin::Whitelist.find_by_email(email) != nil
            super
        else
            build_resource

            set_flash_message :error, "You are not permitted to sign up yet. If you have already payed your registration fee, try again later."
            render_with_scope :new
        end
    end
end

I placed it in app/users/registrations_controller.rb. Then I had to copy the devise registration views into app/views/users/registrations because the default views were not used.

It is working now, thanks for your help

like image 40
Simon Avatar answered Sep 20 '22 13:09

Simon
Sign in to Comment

Related questions

Multiple layouts in ror
Rails link to file in public folder
undefined method `map' for nil:NilClass , what causes this?
update query with where clause
rails 4, change default form builder globally
Rails: Cancelling a scheduled job in Sidekiq
Rails 4 Sanitizing User Input
MultipartEntityBuilder to send pictures to rail server
Rails exec_query bindings ignored
NoMethodError: undefined method `current_sign_in_at' for #User:0x000055ce01dcf0a8 by using Devise_token_auth rails gem is not working
Error running 'requirements_debian_libs_install libssl-dev',
How do I view the HTTP response to an ActiveResource request?
One controller, different views for normal users and admins
HTTP POST XML content from cucumber
How to use Rails I18n.t to translate an ActiveRecord attribute?
Multiple forms for the same model in a single page
Resolving a class name conflict in a Rails application
How add hash parameter to url using redirect_to?
how to handle errors like 404 / 500 in rails3
Best practise for updating single attribute on multiple records

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!