Unconfirmed Access in Devise Confirmable Doesn’t Work Properly
So recently I had a problem with confirmable module in Devise. According to documentation “+allow_unconfirmed_access_for+: the time you want to allow the user to access their account before confirming it”. But hell, it didn’t work. I was very confused and questioning my sanity.
The code is usual Devise setup:
devise :database_authenticatable, :recoverable, :rememberable, :timeoutable, :trackable, :validatable, :confirmable, :lockable, :registerable
Long story short, on model User there was state from aasm state machine gem called active, which also creates
User#active? method. And that is bad, because Devise also uses
Confirmable really allows access for unconfirmed user. You don’t need fancy
failure_app, hacks in controller actions,
authenticate_user! or warden hacks.
User#active? is overridden by aasm, everything is messed up and confirmable doesn’t work. You’ll see message You have to confirm your email address before continuing. even when an account should be allowed for unconfirmed access. I tried to change
active? method to handle aasm and devise at the same time and while it sort of worked, it was fragile as hell and confirmation mailer didn’t work properly. Overriding mailer checks is really long rabbit hole and actually not worth it. Just rename aasm state.
And then everything works as it should.