I have my rails application and I am running into a major issue with devise. I have a controller:
class Users::SessionsController < Devise::SessionsController prepend_before_filter :require_no_authentication, :only => [ :new, :create ] include Devise::Controllers::InternalHelpers def new clean_up_passwords(build_resource) respond_to do |format| format.html { render :layout => "sessions" } format.mobile end end # POST /resource/sign_in def create resource = User.find_by_email(params[:user][:email]) resource = warden.authenticate!(:scope => resource_name, :recall => "#{controller_path}#new") set_flash_message :notice, :signed_in sign_in_and_redirect(resource_name, resource) end end
The problem is it never logs the user in, it always stops at this line
resource = warden.authenticate!(:scope => resource_name, :recall => "#{controller_path}#new")
I even put tons of loggers in the actual gem files to see if I could see anything off but nothing and I really have no idea how to fix this. If I comment this line out then the user gets logged in but fails if the email is not in the db and works for any password (which is definitely not the right solution)
How do I fix this?
UPDATE
this works but seems very hackish
# POST /resource/sign_in def create resource = User.find_by_email(params[:user][:email]) redirect_to(new_user_session_path, :notice => 'Invalid Email Address or Password. Password is case sensitive.') and return if resource.encrypted_password.blank? bcrypt = BCrypt::Password.new(resource.encrypted_password) password = BCrypt::Engine.hash_secret("#{params[:user][:password]}#{resource.class.pepper}", bcrypt.salt) valid = Devise.secure_compare(password, resource.encrypted_password) # resource = warden.authenticate!(:scope => resource_name, :recall => "#{controller_path}#new") if valid set_flash_message :notice, :signed_in sign_in_and_redirect(resource_name, resource) else redirect_to(new_user_session_path, :notice => 'Invalid Email Address or Password. Password is case sensitive.') and return end end
Devise initially stores the original password by encrypting it. The encrypted_password (field name in your model) gets stored in the database. Now, when you call User. find_by :email => "[email protected]" the password field is non existing.
Devise is similar to rails, where Devise hides a lot of what happens from the user. Devise has been around for 10 years now (2009 - 20019). It's still being actively maintained and is still the most popular option for authentication. Why would you want to use Devise?
Just copy and paste what devise shows you on the terminal wherever you want it to be visible. The last point is, in my opinion, the most important one. It's telling us to do generate the views of the devise for customization. We will run the command now and modify the files later.
$ rails generate migration add_username_to_users username:string This command generates a new migration responsible for adding a username column to the users database table. We need a way to denote if the new login id is either a username or email.
Default messages are already included on the devise gem so you don't have to write them. Just copy and paste what devise shows you on the terminal wherever you want it to be visible. The last point is, in my opinion, the most important one. It's telling us to do generate the views of the devise for customization.
If you want to sign in a user, use the sign_in
helper inside your controller's action:
sign_in(:user, user)
resource = warden.authenticate!(:scope => resource_name) sign_in(resource_name, resource)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With