failure_app.rb

class FailureApp < Devise::FailureApp
  def respond

    # We override Devise's handling to throw our own custom errors on AJAX auth failures,
    # because Devise provides no easy way to deal with them:
    if request.xhr? && (warden_message == :unconfirmed  || warden_message == :invalid)
      if warden_message == :unconfirmed
        flash.now[:alert] = "You need to confirm your account before continuing."
      elsif warden_message == :invalid
        user = Store::User.where(email: params[:user][:email].to_s).first
        if user
          if user.encrypted_password.present?
            flash.now[:alert] = "Invalid email or password"
          else
            flash.now[:alert] = "You need to reset your password before you can sign in."
          end
        else
          flash.now[:alert] = "Invalid email or password"
        end
      end

      self.response = Store::SessionsController.action(:unconfirmed_error).call(env)
      return self.response
    end

    # Original code:
    if http_auth?
      http_auth
    elsif warden_options[:recall]
      recall
    else
      redirect
    end
  end

end