Rails: Make all users change their passwords within Devise?

Is there a way to ask all users to change their passwords upon logging into a Rails application using Devise authentication? In other words开发者_开发问答, I'd like a way to "expire" a password, so that the next time a user signs in, they have to change it.

I don't think that Devise can do that out of the box, but i guess it's pretty to do it yourself. What i would do :

1. Upon user sign in, i would nil out the encrypted_password field of the database.

2. I would have overriden devise's session controller (responsible for the logins), in order to check whether encrypted_password of a user that tries to log in is nil.

3. If that was nil, i would redirect them to login, also flashing an error like "Your password has expired. Please create a new one."