sorcery icon indicating copy to clipboard operation
sorcery copied to clipboard
verified publisher icon NoamB

Ensure user isn't soft deleted when querying for user

Open chadwilken opened this issue 10 years ago • 2 comments

We soft delete our user records, is there a way to ensure a property has a certain value in the query executed to find the user by the login method?

chadwilken avatar Sep 23 '15 14:09 chadwilken

Hi @chadwilken, that's a good question. Currently there is no way to add custom scope to finding user, however since version 0.9.1, there's a support for method called active_for_authentication? which you may use to prevent user from logging in - just simply add this method to User class like this:

def active_for_authentication?
  !deleted_at
end

However, if in your case it is possible to create a next account with the same email/login (after one is soft deleted, if user creates a new account, you create new record instead of reusing old on), this will not work, because it's still old user, not new, that will be fetched from database

arnvald avatar Sep 23 '15 15:09 arnvald

@arnvald, thanks for the quick reply. I worked around it for now using a default_scope, but it isn't an ideal setup long term. There are rare circumstances where a email can be used twice in the old setup and is causing headaches still :). Maybe if I get some time I can make this contribution.

chadwilken avatar Sep 23 '15 16:09 chadwilken