Why won't Devise allow unconfirmed users to login even when allow_unconfirmed_access_for is set?

Question

We have an existing user base and are adding email confirmation. Confirmation is optional, but will allow additional features. Users are not required to confirm. I\'ve ad

Answer 1

I simply needed to do this in my User model, instead of using allow_unconfirmed_access_for:

  protected
    def confirmation_required?
      false
    end

Answer 2

The Devise team have released a version (2.2.4) that supports nil as a valid value for allow_unconfirmed_access_for, meaning no limit. Issue: https://github.com/plataformatec/devise/issues/2275

You can now do:

config.allow_unconfirmed_access_for = nil 

Answer 3

I've got the same issue: after turning on devise confirmations previously created accounts are unable to login.

The reason is here:

def confirmation_period_valid?
  self.class.allow_unconfirmed_access_for.nil? || (confirmation_sent_at && confirmation_sent_at.utc >= self.class.allow_unconfirmed_access_for.ago)
end

Old accounts have confirmation_sent_at set to nil, that's why they are unable to log in.

One solution is to force confirmation_sent_at like that:

update users set confirmation_sent_at=created_at where confirmation_sent_at is NULL;

You can do it manually, or create a migration.