I have a Sessions controller that requires authentication for creating a session using .authenticate method of has_secure_password defined in the User model, as per below:
Edit:
class User < ApplicationRecord
before_save { self.email = email.downcase }
# Relationships
has_secure_password
has_many :pedidos
# Validations
VALID_EMAIL_REGEX = /\A[\w+\-.][email protected][a-z\d\-.]+\.[a-z]+\z/i
validates :nome, presence: true
validates :empresa, presence: true
validates :email, presence: true, length: { maximum: 255 },
format: { with: VALID_EMAIL_REGEX }
validates :cpf, presence: true, length: { minimum: 11, maximum: 14 }
validates :password, presence: true, length: { minimum: 6 }
def admin?
self.admin
end
end
def create
user = User.find_by(email: params[:sessions][:email])
if user && user.authenticate(params[:sessions][:password])
flash[:success] = "Seja bem vindo(a), #{user.nome}!"
session[:user_id] = user.id
redirect_to user
else
flash.now[:danger] = 'Não foi possível realizar o login, '
flash.now[:danger] += 'combinação usuário/senha inválido'
render 'new'
end
end
If presumably your problem is that you'd like to be able to save new Users to your db without needing a password, one way might be to just add a dummy password for admins as explained here
Another might be to skip validations when saving an admin to the db. (I haven't tried this with has_secure_password
so I'm not positive that it'd work but worth a shot)