How to Remove the Ability for Users to Register in Devise
In this guide we are going to remove the ability for users to register. Since this is an enterprise application, users shouldn't have the option to register, from a security point of view.
Guide Tasks
  • Read Tutorial
  • Watch Guide Video
Video locked
This video is viewable to users with a Bottega Bootcamp license
APPLY NOWLEARN MORE

In this guide we are going to remove the ability for users to register. Since this is an enterprise application, users shouldn't have the option to register, from a security point of view. Log in details for every user should be provided by the organization because they should have control over which employees can access this system.

This feature conflicts with the way devise works, since by default devise automatically comes with a built-in option for new user registration.

To get started, go to your terminal and type rake routes | grep user, and this will list all the routes that have the name "user" in it.

large

Next, go to routes.rb, from here we can skip certain routes for devise with the code:

# config/routes.rb

devise_for :users, skip: [:registrations]

Now, this is going to break some parts of the application. If you go back to your terminal, and type rake routes | grep user, you'll find that all paths with the word "registration" have been removed.

large

Even though our implementation is complete, there are a few components we need to fix since Devise calls the registration module in a few places. Our log in page has a link called "sign up" and this link users to the new_registration_path. To test this out, go to your browser and hit the refresh button. This will throw an error.

large

When I have removed an entire component from an application and need to find out where else it was called I'll usually perform a universal search. Copy the route and do a universal search for this code in your application. Sublime Text will bring up all the files that have this route. You can find most of the results are in a file called _links.html.erb.

You can get rid of quite a bit of code here as we're never going to use features such as locking and confirming accounts. We need password recovery and log in features, so we'll keep those. This is how the code looks now.

<!-- app/views/devise/shared/_links.html.erb -->

<%- if controller_name != 'sessions' %>
  <%= link_to "Log in", new_session_path(resource_name) %><br />
<% end -%>

<%- if devise_mapping.recoverable? && controller_name != 'passwords' && controller_name != 'registrations' %>
  <%= link_to "Forgot your password?", new_password_path(resource_name) %><br />
<% end -%>

Next, remember that we used the edit_user_registration call in one of the nav bars elements? Now, that's not all of the registration routes have been removed this call will break the application. Let's fix that.

Open the _nav.html.erb partial and change "Edit details" to "Admin Users" and temporarily we'll set it to the root_path. We'll come back later and fix it for admin users, but for now, they'll be redirected to the root path.
That should fix everything. If you refresh the browser, you'll see that the "Sign up" link is not there anymore.

medium

Resources