In my Rails app I use Devise for authentication. Now I want to extend the login screen with an extra field where the user needs to fill in a value only he knows, like the date when he started at the company or something.
How can I add this extra check, besides the regular email and password fields, to the Devise authentication check process?
I read something about the active_for_authentication? which you can extend in the User model:
def active_for_authentication?
super && special_condition_is_valid?
end
Is this the correct way to do this?
Edit: In the end I have overwritten the SessionsController:
class SessionsController < Devise::SessionsController
protected
def after_sign_in_path_for(resource)
if resource.is_a?(User) && !resource.correct_token?(params[:user][:security_token])
sign_out resource
flash[:error] = I18n.t('.devise.failure.invalid_token')
root_path
else
super
end
end
end
This was inspired on the solution here: Rails + Devise - Is there a way to BAN a user so they can't login or reset their password?
The only issue I have left is that when an invalid token is submitted, both the success and error message are visible...