How to get Devise user account unconfirmed or locked state to use in AJAX?

Question

I'm trying to put the devise views using JS to handle the responses. I want to use default devise error messages but I cannot get individual types of errors (ex. Unconfirmed; Locked account) because of warden.authenticate. So, I'm using a "caught" so it doesn't throw a 406 or something Error. My problem: I know that "caught[:message] == :unconfirmed" gives me the "unconfirmed" state of the user, what should be the corresponding symbol for "locked"? :locked doesn't work, and i can't find the documentation.

I'm have my Sessions_controller like this: def create caught = catch(:warden) do self.resource = warden.authenticate :scope => resource_name end

    if resource 
      # User is confirmed
      sign_in(resource_name, resource)
      puts "LOGGED IN!!!"
      respond_to js{
          set_flash_message(:success, :signed_in)
          render :template => "remote_content/flashes.js.erb"
          flash.discard
        }
    elsif caught and caught[:message] == :unconfirmed
      # User is unconfirmed
      puts "UNCONFIRMED ACCOUNT!!!"
      # send the email or display the flash with link to send email
      respond_to js{
          set_flash_message(:error, :problem) #:problem is in devise.en.yml "There is problem in your account, check you email."
          render :template => "remote_content/form_flashes.js.erb"
          flash.discard
        }
    else
      # User is not signed in, should be... error in credentials or locked account....
      puts "ERROR IN CREDENTIALS!!!"
      respond_to js{
          set_flash_message(:error, :invalid)
          render :template => "remote_content/form_flashes.js.erb"
          flash.discard
        }
    end
  end

The flashes.js.erb/form_flashes.js.erb execute nicely, no problem! It's something like this:

$('.modal').modal('hide');
// append flash to the body
$('.body').append("<%= escape_javascript raw(flash_normal) %>");

What do you think about my approach? Should i be using a CustomFailure instead? I cannot find any example of a CustomFailure, or the Devise original, so i can put it to respond to my JS files.

Answer 1

I found out by inspecting caught that the only message was unconfirmed and it never caught unlocked state. So I had to get the User by email and use the devise helper access_locked? to get that information of him. I know it could be a security glitch but if it's locked you can't do nothing with it. Here it is the parte of the code missing above:

  ...
  else
  ## User is not signed in, should be... error in credentials or locked...
  ## Let's see if it's locked

  # This function is only used like this (without security)
  # only when the authentication already failed in that action
  # but we still need to get the user in order to check if its locked

  user = User.find_by email: params[:user][:email]
  if !user.nil? and user.access_locked?
    # The small issue: anyone can know that an email is locked without typing the password
    puts "ACCOUNT LOCKED!!!"
    respond_to js{
        set_flash_message(:error, :locked)
        render :template => "remote_content/form_flashes.js.erb"
        flash.discard
      }
  else
    ## If it's not Locked, then it's error in credentials
    puts "ERROR IN CREDENTIALS!!!"
    respond_to js{
        set_flash_message(:error, :invalid)
        render :template => "remote_content/form_flashes.js.erb"
        flash.discard
      }
  end
end

I know it's not the prettiest way, but works.