So I am trying to restrict the login process, so that when a user logs in with a wrong IP address, the session is not created and I will show af flash explaining what happened.
Most of my logic works, but the issue is, that the session is created anyway, if the condition end in the else clause.
class Employees::SessionsController < Devise::SessionsController
before_action :validate_ip, only: [:create]
layout 'devise'
def validate_ip
# Pseudo code
if ENV['ip] == remote_ip
create
else
flash[:alert] = "Ip does not match"
end
end
end
I have no worked a lot of with devise, so I don't know the correct way of doing it.
But this code (and previous attempts) work fine, except for the fact that no matter what, the session continues to get created.
You'll want a redirect or a render in your validate_ip filter: if you simply return from the filter, devise will continue to execute normally, so the user will be logged in.
Something like redirect_to root_url, alert: "Ip does not match" on your else branch should work.