my project uses devise authentication (fairly standard). users can either normal users or administrator users.
i have requirement restrict login administrator users ip addresses (behind firewall).
i briefly considered use rails routing constraint, not applicable, since ordinary users , admin users log in through same login page.
so, want is:
- let devise handle authentication
- hook authentication cycle , verify administrators:
- if logged in user of type: administrator, verify ip address
- if valid ip, continue
- if ip address not within accepted range, don't login
how should hook devise login cycle here? , how either accept or reject login attempt based on custom validation?
i using rails 4.2 , devise 4.1 if relevant
don't use devise this. let them log in, user or admin - base access controllers on ip address. redirect if don't have access.
make admin namespace , base controller. can add routes easily. subclass other admin related controllers admin base controller inherit before action.
class admin::basecontroller > applicationcontroller before_action require_valid_ip def require_valid_ip # test ip. redirect if bad end end other classes subclassed basecontroller
class admin::othercontroller > admin::basecontroller ... end you can put lot of in authorization gem cancan, though can overly complicated if needs simple.
