How to verify a user's password in Devise

Solution 1:

I think this is a better, and more elegant way of doing it:

user = User.find_by_email(params[:user][:email])
user.valid_password?(params[:user][:password])

The other method where you generate the digest from the user instance was giving me protected method errors.

Solution 2:

Use Devise Methods

Devise provides you with built-in methods to verify a user's password:

user = User.find_for_authentication(email: params[:user][:email])

user.valid_password?(params[:user][:password])

For Rails 4+ with Strong Params, you can do something like this:

def login
  user = User.find_for_authentication(email: login_params[:email])

  if user.valid_password?(login_params[:password])
    user.remember_me = login_params[:remember_me]
    sign_in_and_redirect(user, event: :authentication)
  end
end

private
def login_params
  params.require(:user).permit(:email, :password, :remember_me)
end