disabling Devise registration for production environment only
I am launching a beta site with a select group of users. I want to disable registration in the production environment only, and only for a short period of time (i.e. I don't want to nuke my registration altogether). I know I can simply hide the "sign up" link, but I suspect that hackers smarter than I can still use the RESTful routes to accomplish registrations. What's the best way to disable registration so my test/development environments still work, but production is affected? Thanks for any pointers.
I've tried pointing named scopes in such a way that "sign_up" goes to "sign_in", but it didn't work. Here's what I've tried:
devise_scope :user do
get "users/sign_in", :to => "devise/sessions#new", :as => :sign_in
get "users/sign_up", :to => "devise/sessions#new", :as => :sign_up
end
Ideally, we'd send the user to a "pages#registration_disabled" page or something like that. I just wanted to get something working I can play around with.
EDIT: I've changed the model as requested, then added the following to /spec/user_spec.rb
describe "validations" do
it "should fail registration if in production mode" do
ENV['RAILS_ENV'] = "production"
@user = Factory(:user).should_not be_valid
end
end
it is passing as "true" rather than false. Is there a way to mock up the production environment? I'm just spit-balling this one.
Thanks!
Solution 1:
Edit the user
model and remove :registerable
, I think that should give you what you want.
Edit:
I think this would work:
if Rails.env.production?
devise :database_authenticatable, :recoverable, :rememberable, :trackable, :validatable
else
devise :database_authenticatable, :recoverable, :rememberable, :trackable, :validatable, :registerable
end
Solution 2:
Since others are having the problem I'm having (see my comments). Here is exactly how I fixed it. I used murphyslaw's idea. But you also need to make sure devise uses your new controller for the registration routing, or it won't do much for you.
Here is my controller override:
class RegistrationsController < Devise::RegistrationsController
def new
flash[:info] = 'Registrations are not open yet, but please check back soon'
redirect_to root_path
end
def create
flash[:info] = 'Registrations are not open yet, but please check back soon'
redirect_to root_path
end
end
I've added flash messages to inform anyone who somehow stumbles upon the registration page why it isn't working.
Here is what is in my routes.rb
if Rails.env.production?
devise_for :users, :controllers => { :registrations => "registrations" }
else
devise_for :users
end
The controllers hash specifies that I want it to use my overridden registrations controller.
Anyways, I hope that saves someone some time.
Solution 3:
Only remove :registerable
will not solve the problem. If you have some routes in your view you will get an error:
undefined local variable or method 'edit_user_registration_path'
Take care of this.