Sign up now check if the user is active or not and redirect him accordingly setting the inactive_signed_up message. This commit also moves after_update_path_for to inside RegistrationsController, not allowing it to be overriden inside ApplicationController anymore.

CHANGELOG.rdoc

@@ -1,7 +1,6 @@
 * deprecations
-  * sign_out_all_scopes defaults to true as security measure
-  * http authenticatable is disabled by default
   * cookie_domain is deprecated in favor of cookie_options
+  * after_update_path_for can no longer be defined in ApplicationController
 
 * enhancements
   * Added OAuth 2 support
@@ -15,6 +14,11 @@
   * Store the salt in session and expire the session if the user changes his password
   * Allow :stateless_token to be set to true avoiding users to be stored in session through token authentication
   * cookie_options uses session_options values by default
+  * Sign up now check if the user is active or not and redirect him accordingly setting the inactive_signed_up message
+
+* default behavior changes
+  * sign_out_all_scopes defaults to true as security measure
+  * http authenticatable is disabled by default
 
 * bugfix
   * after_sign_in_path_for always receives a resource

app/controllers/devise/registrations_controller.rb

@@ -14,8 +14,13 @@ class Devise::RegistrationsController < ApplicationController
     build_resource
 
     if resource.save
-      set_flash_message :notice, :signed_up
-      sign_in_and_redirect(resource_name, resource)
+      if resource.active?
+        set_flash_message :notice, :signed_up
+        sign_in_and_redirect(resource_name, resource)
+      else
+        set_flash_message :notice, :inactive_signed_up, :reason => resource.inactive_message.to_s
+        redirect_to after_inactive_sign_up_path_for(resource)
+      end
     else
       clean_up_passwords(resource)
       render_with_scope :new
@@ -65,6 +70,35 @@ class Devise::RegistrationsController < ApplicationController
       self.resource = resource_class.new_with_session(hash, session)
     end
 
+    # The default hook used by oauth to specify the redirect url for success.
+    # You need to overwrite this method in your own RegistrationsController.
+    def after_sign_up_path_for(resource)
+      after_sign_in_path_for(resource)
+    end
+
+    # Overwrite redirect_for_sign_in so it takes uses after_sign_up_path_for.
+    def redirect_for_sign_in(scope, resource) #:nodoc:
+      redirect_to stored_location_for(scope) || after_sign_up_path_for(resource)
+    end
+
+    # The path used after sign up for inactive accounts. You need to overwrite
+    # this method in your own RegistrationsController.
+    def after_inactive_sign_up_path_for(resource)
+      root_path
+    end
+
+    # The default url to be used after updating a resource. You need to overwrite
+    # this method in your own RegistrationsController.
+    def after_update_path_for(resource)
+      if defined?(super)
+        ActiveSupport::Deprecation.warn "Defining after_update_path_for in ApplicationController " <<
+          "is deprecated. Please add a RegistrationsController to your application and define it there."
+        super
+      else
+        after_sign_in_path_for(resource)
+      end
+    end
+
     # Authenticates the current scope and gets a copy of the current resource.
     # We need to use a copy because we don't want actions like update changing
     # the current user in place.

config/locales/en.yml

@@ -24,7 +24,8 @@ en:
       send_instructions: 'You will receive an email with instructions about how to confirm your account in a few minutes.'
       confirmed: 'Your account was successfully confirmed. You are now signed in.'
     registrations:
-      signed_up: 'You have signed up successfully. If enabled, a confirmation was sent to your e-mail.'
+      signed_up: 'Welcome! You have signed up successfully.'
+      inactive_signed_up: 'You have signed up successfully. However, we could not sign you in because your account is %{reason}.'
       updated: 'You updated your account successfully.'
       destroyed: 'Bye! Your account was successfully cancelled. We hope to see you again soon.'
     unlocks:

lib/devise/controllers/helpers.rb

@@ -181,36 +181,6 @@ module Devise
         respond_to?(home_path, true) ? send(home_path) : root_path
       end
 
-      # The default url to be used after updating a resource. This is used by all Devise
-      # controllers and you can overwrite it in your ApplicationController to
-      # provide a custom hook for a custom resource.
-      #
-      # By default, it first tries to find a resource_root_path, otherwise it
-      # uses the root path. For a user scope, you can define the default url in
-      # the following way:
-      #
-      #   map.user_root '/users', :controller => 'users' # creates user_root_path
-      #
-      #   map.resources :users do |users|
-      #     users.root # creates user_root_path
-      #   end
-      #
-      #
-      # If none of these are defined, root_path is used. However, if this default
-      # is not enough, you can customize it, for example:
-      #
-      #   def after_update_path_for(resource)
-      #     if resource.is_a?(User) && resource.can_publish?
-      #       publisher_url
-      #     else
-      #       super
-      #     end
-      #   end
-      #
-      def after_update_path_for(resource_or_scope)
-        after_sign_in_path_for(resource_or_scope)
-      end
-
       # Method used by sessions controller to sign out an user. You can overwrite
       # it in your ApplicationController to provide a custom hook for a custom
       # scope. Notice that differently from +after_sign_in_path_for+ this method

lib/devise/failure_app.rb

@@ -46,7 +46,7 @@ module Devise
 
     def redirect
       store_location!
-      flash[:alert] = i18n_message unless flash[:notice]
+      flash[:alert] = i18n_message
       redirect_to redirect_url
     end
 

lib/devise/oauth/internal_helpers.rb

@@ -164,8 +164,8 @@ module Devise
       end
 
       # The default hook used by oauth to specify the redirect url for success.
-      def after_oauth_success_path_for(resource_or_scope)
-        after_sign_in_path_for(resource_or_scope)
+      def after_oauth_success_path_for(resource)
+        after_sign_in_path_for(resource)
       end
 
       # The default hook used by oauth to specify the redirect url for failure.

test/controllers/helpers_test.rb

@@ -154,14 +154,6 @@ class ControllerAuthenticableTest < ActionController::TestCase
     assert_equal admin_root_path, @controller.after_sign_in_path_for(:admin)
   end
 
-  test 'after update path defaults to root path if none by was specified for the given scope' do
-    assert_equal root_path, @controller.after_update_path_for(:user)
-  end
-
-  test 'after update path defaults to the scoped root path' do
-    assert_equal admin_root_path, @controller.after_update_path_for(:admin)
-  end
-
   test 'after sign out path defaults to the root path' do
     assert_equal root_path, @controller.after_sign_out_path_for(:admin)
     assert_equal root_path, @controller.after_sign_out_path_for(:user)

test/integration/registerable_test.rb

@@ -13,7 +13,7 @@ class RegistrationTest < ActionController::IntegrationTest
     fill_in 'password confirmation', :with => 'new_user123'
     click_button 'Sign up'
 
-    assert_contain 'You have signed up successfully.'
+    assert_contain 'Welcome! You have signed up successfully.'
     assert warden.authenticated?(:admin)
 
     admin = Admin.last :order => "id"
@@ -28,7 +28,7 @@ class RegistrationTest < ActionController::IntegrationTest
     fill_in 'password confirmation', :with => 'new_user123'
     click_button 'Sign up'
 
-    assert_contain 'You have signed up successfully'
+    assert_contain 'You have signed up successfully. However, we could not sign you in because your account is unconfirmed.'
     assert_contain 'Sign in'
     assert_not_contain 'You have to confirm your account before continuing'