access devise user email before create session rails 4

Question

I am building a before_filter that checks to see if a Devise User has accepted the most current Terms & Conditions.

I am trying to figure out how to block the sign in and redirect to my "accept new terms" page before allowing the User access to the page.

I can't figure out how to access the email/password in a secure way to find the user and check for users.has_expired_terms?

here is what I'm trying on my Users:Sessions Overwrite Controller

class Users::SessionsController < Devise::SessionsController
  before_action :expired_terms, only: [:create]
  #other filters redacted



  def expired_terms
    redirect_to reauthenticate_terms_path(self.resource) if self.resource.has_expired_terms?
  end

  def create
    self.resource = warden.authenticate!(auth_options)
    sign_in(resource_name, resource)
    yield resource if block_given?
    check_for_token("invite_token", session[:invite_token]) if session[:invite_token].present?
    if session[:invite_token].present?
      [:invite_token].each { |k| session.delete(k) }
    end
    redirect_to after_sign_in_path_for(resource)
  end
end

I'm sure there is a best practice on how to do it, but I can't seem to find one.

Answer 1

You could add a before_action :redirect_to_accept_terms for any signed in user. So, perhaps in your ApplicationController:

before_action :redirect_to_accept_terms

def redirect_to_accept_terms
  if current_user? && !current_user.accepted_new_terms?
     #redirect to accept new terms
  end
end

Also, be sure to exclude the controller action that deals with your new terms logic, wherever you decide that goes:

skip_before_action :redirect_to_accept_terms, only: [:accept_new_terms]