What does development sign_in do
I am doing rails api authentication with an app but couldn't figure out correctly what sign_in does for us.
I have a session controller with a create method to log into a user.
def create
user_email = params[:session][:email]
user_password = params[:session][:password]
user = user_email.present? && User.find_by(email: user_email)
if user.valid_password?(user_password)
sign_in user, store: false /* exactly this line */
render json: user, status: 200, location: [:api, user]
else
render json: { errors: "Invalid email or password" }, status: 422
end
end
In rubydoc, its description is written like this:
Sign in to an account that has already been authenticated. This wizard is useful for registering users after registration. All parameters assigned to sign_in are passed to the set_user method in the caretaker.
But I don't understand this. Thank.
source to share
sign_in
is intended for those cases where you already have an object User
that you created or loaded / authenticated yourself and therefore want to be stored in the session as an authenticated user for the rest of the current as well as future requests.
If you look at the source code for theSessionsController
default Devise , you can see what it uses sign_in
for user registration as well.
Devise is a layer on top of warden , so you can look at it to understand this level of functionality. As the development documentation you listed sign_in
just calls the method set_user
from the boss. What Devise adds on top is a lot of convenience, like the ability to work with multiple domains and different boss authentication strategies.
source to share