Now you want to force some users to add a facebook login to their account. Maybe you just want to see if their name and avatar match what they've set up in your service to make sure they really are who they say they are. Whatever.
It seems like you might need to add a custom Devise strategy. You start googling. Doesn't seem like a lot of work, you just extend
Authorizable and override the
authorize! function and then ... do something. Seems you'll have to mostly override how authorization works. Will that play well with
But that only solves the problem of forcing Facebook on authorization. Who's going to check the conditions on every page load and sign the user out?
You set up a filter. Put it in
application_controller and it's just a big mess. You're still not sure how to tie everything together and the clusterfuck of code is growing and growing.
There's a better way!
I stumbled on this solution almost by accident after ending up on an obscure API doc page on my gazillionth google search. Turns out you can force a user to sign up with facebook in just under 19 lines of code.
We have to extend how models behave, not create a new Devise strategy. The function we're looking to override is
This function is called on every page load when a user is signed in and checks that they're still active. If it returns
false the user will be signed out and asked to login before continuing. They won't be let through until the function returns
All you have to do is put something like this in your
module Facebookableextend ActiveSupport::Concerndef needs_facebook?needs_facebook && services.where("provider = 'Facebook'").count < 1enddef should_flag?condition # get a score somehowif conditionself.needs_facebook = trueself.save!endenddef active_for_authentication?super && !needs_facebook? && !should_flag?()enddef inactive_messageneeds_facebook? ? "Please sign in with Facebook." : superendend
And that's essentially it. Add a boolean
needs_facebook field to your user model and add
:facebookable to the strategies list and you're done. Everything works.
Facebookable will automatically take care of checking whether a user has facebook connected and kick them out if they don't but should. On every page load it will also check whatever condition you've set and flag the user.
It took me four days to come up with those 19 lines of code because nobody's written a blogpost about how to do this properly. Now someone has.
PS: testing this works the same as testing any other model methods.
Here's how it works 👇
And get thoughtful letters 💌 on mindsets, tactics, and technical skills for your career. Real lessons from building production software. No bullshit.
"Man, love your simple writing! Yours is the only newsletter I open and only blog that I give a fuck to read & scroll till the end. And wow always take away lessons with me. Inspiring! And very relatable. 👌"
Ready to Stop copy pasting D3 examples and create data visualizations of your own? Learn how to build scalable dataviz components your whole team can understand with React for Data Visualization
Curious about Serverless and the modern backend? Check out Serverless Handbook, modern backend for the frontend engineer.
Ready to learn how it all fits together and build a modern webapp from scratch? Learn how to launch a webapp and make your first 💰 on the side with ServerlessReact.Dev
By the way, just in case no one has told you it yet today: I love and appreciate you for who you are ❤️