disabling Devise registration for production environment only

ruby-on-rails devise production-environment registration

I am launching a beta site with a select group of users. I want to disable registration in the production environment only, and only for a short period of time (i.e. I don't want to nuke my registration altogether). I know I can simply hide the "sign up" link, but I suspect that hackers smarter than I can still use the RESTful routes to accomplish registrations. What's the best way to disable registration so my test/development environments still work, but production is affected? Thanks for any pointers.

I've tried pointing named scopes in such a way that "sign_up" goes to "sign_in", but it didn't work. Here's what I've tried:

devise_scope :user do
    get "users/sign_in", :to => "devise/sessions#new", :as => :sign_in
    get "users/sign_up", :to => "devise/sessions#new", :as => :sign_up
end

Ideally, we'd send the user to a "pages#registration_disabled" page or something like that. I just wanted to get something working I can play around with.

EDIT: I've changed the model as requested, then added the following to /spec/user_spec.rb

describe "validations" do
    it "should fail registration if in production mode" do
      ENV['RAILS_ENV'] = "production"
      @user = Factory(:user).should_not be_valid
    end
end

it is passing as "true" rather than false. Is there a way to mock up the production environment? I'm just spit-balling this one.

Thanks!


Solution 1:

Edit the user model and remove :registerable, I think that should give you what you want.

Edit:

I think this would work:

if Rails.env.production?
  devise :database_authenticatable, :recoverable, :rememberable, :trackable, :validatable
else
  devise :database_authenticatable, :recoverable, :rememberable, :trackable, :validatable, :registerable 
end

Solution 2:

Since others are having the problem I'm having (see my comments). Here is exactly how I fixed it. I used murphyslaw's idea. But you also need to make sure devise uses your new controller for the registration routing, or it won't do much for you.

Here is my controller override:

class RegistrationsController < Devise::RegistrationsController
  def new
    flash[:info] = 'Registrations are not open yet, but please check back soon'
    redirect_to root_path
  end

  def create
    flash[:info] = 'Registrations are not open yet, but please check back soon'
    redirect_to root_path
  end
end

I've added flash messages to inform anyone who somehow stumbles upon the registration page why it isn't working.

Here is what is in my routes.rb

  if Rails.env.production?
    devise_for :users, :controllers => { :registrations => "registrations" } 
  else
    devise_for :users
  end

The controllers hash specifies that I want it to use my overridden registrations controller.

Anyways, I hope that saves someone some time.

Solution 3:

Only remove :registerable will not solve the problem. If you have some routes in your view you will get an error:

undefined local variable or method 'edit_user_registration_path'

Take care of this.

Related

How can I get the length of an array in awk?
Property 'filter' does not exist on type 'Observable<Event>'
Is it possible to specify multiple gravity values in spinner item custom_style.xml?
How to determine if network type is 2G, 3G or 4G
Git pushing to remote branch
Stop all docker containers at once on Windows
Permutation of array
How can I get all a form's values that would be submitted without submitting [duplicate]
Create mysql table directly from CSV file using the CSV Storage engine?
Display SnackBar in Flutter
DLL load failed error when importing cv2
react-testing-library why is toBeInTheDocument() not a function