module Devise::Models::Expirable
Deactivate the account after a configurable amount of time. To be able to tell, it tracks activity about your account with the following columns:
-
last_activity_at - A timestamp updated when the user requests a page (only signed in)
Options¶ ↑
:expire_after
- Time interval to expire accounts after
Additions¶ ↑
Best used with two cron jobs. One for expiring accounts after inactivity, and another, that deletes accounts, which have expired for a given amount of time (for example 90 days).
Public Instance Methods
Overwrites active_for_authentication? from Devise::Models::Activatable for verifying whether a user is active to sign in or not. If the account is expired, it should never be allowed.
@return [bool]
# File lib/devise_security_extension/models/expirable.rb, line 54 def active_for_authentication? super && !self.expired? end
Expire an account. This is for cron jobs and manually expiring of accounts.
@example
User.expire! User.expire! 1.week.from_now
@note expired_at
can be in the future as well
# File lib/devise_security_extension/models/expirable.rb, line 44 def expire!(at = Time.now.utc) self.expired_at = at save(:validate => false) end
Tells if the account has expired
@return [bool]
# File lib/devise_security_extension/models/expirable.rb, line 29 def expired? # expired_at set (manually, via cron, etc.) return self.expired_at < Time.now.utc unless self.expired_at.nil? # if it is not set, check the last activity against configured expire_after time range return self.last_activity_at < self.class.expire_after.ago unless self.last_activity_at.nil? # if last_activity_at is nil as well, the user has to be 'fresh' and is therefore not expired false end
The message sym, if {#active_for_authentication?} returns false
. E.g. needed for i18n.
# File lib/devise_security_extension/models/expirable.rb, line 60 def inactive_message !self.expired? ? super : :expired end
Updates last_activity_at
, called from a Warden::Manager.after_set_user hook.
# File lib/devise_security_extension/models/expirable.rb, line 22 def update_last_activity! self.update_column(:last_activity_at, Time.now.utc) end