Able to log in without activating account using Restful

All of the restful authentication in my rails application is working but users are able to log in without activating their account.

When they use the URL that is emailed to them the account is activated (开发者_高级运维the activated_at column is updated).

Rails 2.3.5, Ruby 1.8.7

In the user.rb model there an authenticate method that should look like this:

def self.authenticate(login, password)
    return nil if login.blank? || password.blank?
    u = find :first, :conditions => 
        ['email = ? and activated_at IS NOT NULL', login]
    u && u.authenticated?(password) ? u : nil
end

If the account has not been activated the activated_at field will be NULL, if NULL do not allow the user to login until the account is activated.

If i remember correctly, you have to use the switch --include-activation to get it to work with activation.

If you have the time, i would suggest that you switch to Devise for authentication, though. It's much more Rails 3 oriented.