How do I login a user with devise?

ruby-on-rails ruby ruby-on-rails-3 devise warden
Matt Elhotiby picture Matt Elhotiby · Feb 18, 2012 · Viewed 24.9k times · Source

I have my rails application and I am running into a major issue with devise. I have a controller:

class Users::SessionsController < Devise::SessionsController
  prepend_before_filter :require_no_authentication, :only => [ :new, :create ]
  include Devise::Controllers::InternalHelpers

def new
    clean_up_passwords(build_resource)

    respond_to do |format|
      format.html { render :layout => "sessions" }
      format.mobile
    end
  end


    # POST /resource/sign_in
    def create
      resource = User.find_by_email(params[:user][:email])  
      resource = warden.authenticate!(:scope => resource_name, :recall => "#{controller_path}#new")
      set_flash_message :notice, :signed_in
      sign_in_and_redirect(resource_name, resource)
    end

end

The problem is it never logs the user in, it always stops at this line

resource = warden.authenticate!(:scope => resource_name, :recall => "#{controller_path}#new")

I even put tons of loggers in the actual gem files to see if I could see anything off but nothing and I really have no idea how to fix this. If I comment this line out then the user gets logged in but fails if the email is not in the db and works for any password (which is definitely not the right solution)

How do I fix this?

UPDATE

this works but seems very hackish

# POST /resource/sign_in
def create
  resource = User.find_by_email(params[:user][:email])

  redirect_to(new_user_session_path, :notice => 'Invalid Email Address or Password. Password is case sensitive.') and return if resource.encrypted_password.blank?      
  bcrypt   = BCrypt::Password.new(resource.encrypted_password)
  password = BCrypt::Engine.hash_secret("#{params[:user][:password]}#{resource.class.pepper}", bcrypt.salt)
  valid = Devise.secure_compare(password, resource.encrypted_password)
 # resource = warden.authenticate!(:scope => resource_name, :recall => "#{controller_path}#new")
  if valid
    set_flash_message :notice, :signed_in
    sign_in_and_redirect(resource_name, resource)
  else
    redirect_to(new_user_session_path, :notice => 'Invalid Email Address or Password. Password is case sensitive.') and return    
  end

end

Answer

Ryan Bigg picture Ryan Bigg · Feb 18, 2012

If you want to sign in a user, use the sign_in helper inside your controller's action:

sign_in(:user, user)

Related questions

Devise password reset from Rails console

While running an app how do you select a user by email address and then set the password manually within rails console for Devise? Also, where would I go to review documentation to cover more details in this regard to …

Read More
Devise and Strong Parameters

I would like to know how to integrate both of this gems(devise + Strong Parameters), since strong params will likely be added to the rails core in 4.0 any help is welcome thanks

Read More
Rails 3 with Devise for Authentication - How do I manually create a user?

I would like to manually create new Users, without forcing them to verify their email address. The idea is to allow existing users to automatically add their friends without requiring their registration. It makes sense for the business case I'm …

Read More