module Devise::Models::Expirable

Deactivate the account after a configurable amount of time. To be able to tell, it tracks activity about your account with the following columns:

Options

:expire_after - Time interval to expire accounts after

Additions

Best used with two cron jobs. One for expiring accounts after inactivity, and another, that deletes accounts, which have expired for a given amount of time (for example 90 days).

Public Instance Methods

active_for_authentication?() click to toggle source

Overwrites active_for_authentication? from Devise::Models::Activatable for verifying whether a user is active to sign in or not. If the account is expired, it should never be allowed.

@return [bool]

Calls superclass method
# File lib/devise_security_extension/models/expirable.rb, line 54
def active_for_authentication?
  super && !self.expired?
end
expire!(at = Time.now.utc) click to toggle source

Expire an account. This is for cron jobs and manually expiring of accounts.

@example

User.expire!
User.expire! 1.week.from_now

@note expired_at can be in the future as well

# File lib/devise_security_extension/models/expirable.rb, line 44
def expire!(at = Time.now.utc)
  self.expired_at = at
  save(:validate => false)
end
expired?() click to toggle source

Tells if the account has expired

@return [bool]

# File lib/devise_security_extension/models/expirable.rb, line 29
def expired?
  # expired_at set (manually, via cron, etc.)
  return self.expired_at < Time.now.utc unless self.expired_at.nil?
  # if it is not set, check the last activity against configured expire_after time range
  return self.last_activity_at < self.class.expire_after.ago unless self.last_activity_at.nil?
  # if last_activity_at is nil as well, the user has to be 'fresh' and is therefore not expired
  false
end
inactive_message() click to toggle source

The message sym, if {#active_for_authentication?} returns false. E.g. needed for i18n.

Calls superclass method
# File lib/devise_security_extension/models/expirable.rb, line 60
def inactive_message
  !self.expired? ? super : :expired
end
update_last_activity!() click to toggle source

Updates last_activity_at, called from a Warden::Manager.after_set_user hook.

# File lib/devise_security_extension/models/expirable.rb, line 22
def update_last_activity!
  self.update_column(:last_activity_at, Time.now.utc)
end