find_by_* method is not returning the object

Question

I am trying to set up a simple authentication for my rails application. I have a security_users scaffold and have created some users.

When, I am trying to log in using some of these accounts it seams that the "find_by_*" method is not able to detect the current one.

This is how my session controller looks like (I have comment the password check in purpose in order to debug the issue):

class SessionsController < ApplicationController

  def new
  end

  def create
    @security_user = SecurityUser.find_by_email(params[:email])
    if @security_user #&& @security_user.authenticate(params[:password])
      session[:security_user_id] = @security_user.id
      redirect_to root_url, notice: "Logged in!"
    else
      flash.now.alert = "Email or password is invalid"
      render 'new'
    end
  end

  def destroy
    session[:user_id] = nil
    redirect_to root_url, notice: "Logged out!"
  end
end

So, when I try to create a session (to log in) I am redirect to the session 'new' template. This is the debug information:

which seems to be all right. Why the following statement could not find the record:

SecurityUser.find_by_email(params[:email])

EDIT:

When I entered the line above in the console it is returning the record:

Answer 1

First off, unless this is a simple exercise in Rails authentication, you should use Devise or AuthLogic at this stage.

Second, are you sure that params[:email] contains the email you are looking for? From your params, it looks to me like you want to use params[:session][:email].

Third, you should move this down into the model. For example:

class SecurityUser < ActiveRecord::Base
  def self.authenticate(params)
    user = where(email: params[:email]).first
    (user && user.password == params[:password]) ? user : false
  end
end

And in the controller:

@user = SecurityUser.authenticate params[:session]
session[:user_id] = user.id if @user

Note above that the password is not hashed - you should not save a plain text password - but that's not what this is about.

Also note that now you should use where().first instead of find_by.