gogogarrett/application_controller.rb

## application_controller.rb
class ApplicationController < ActionController::Base
  # Prevent CSRF attacks by raising an exception.
  # For APIs, you may want to use :null_session instead.
  protect_from_forgery with: :exception

  before_action :authorize_user!

  protected

  def authorize_user!
    unauthorized! unless current_user
  end

  def unauthorized!(path = main_app.login_path, message = "Unauthorized!")
    redirect_to path, alert: message
  end

  def warden
    env['warden']
  end

  def current_user
    warden.user
  end
  helper_method :current_user

  def logged_in?
    current_user.present?
  end
  helper_method :logged_in?
end

## sessions_controller.rb
class SessionsController < ApplicationController
  skip_before_action :authorize_user!, only: [:new, :create]

  def new
    flash.now.alert = warden.message if warden.message
  end

  def create
    if warden.authenticate!
      redirect_to root_path, notice: "Logged in!"
    else
      logout("There was an error processing your login. Please try again.")
    end
  end

  def destroy
    logout("Logged out!")
  end

  private

  def logout(message)
    warden.logout
    redirect_to root_url, alert: message
  end
end

## sessions_new.html.haml
= form_tag sessions_path, method: :post do

  = label_tag :login, "Email or login"
  = text_field_tag :login, params[:email], placeholder: "example@example.org"

  = label_tag :password, "Password"
  = password_field_tag :password, nil, placeholder: "Password"

  = button_tag "Login", type: "submit"

## user.rb
class User < ActiveRecord::Base
  has_secure_password

  def to_s
    "#{first_name} #{last_name}".titleize
  end

  def to_param
    login
  end
end

## warden.rb
require 'warden'

Rails.application.config.middleware.use Warden::Manager do |config|
  config.default_strategies :password
  config.failure_app = lambda { |env| SessionsController.action(:new).call(env) }
end

Warden::Manager.serialize_into_session { |user| user.id }
Warden::Manager.serialize_from_session { |id| User.find(id) }

Warden::Strategies.add(:password) do
  def valid?
    params['login'] && params['password']
  end

  def authenticate!
    user = User.find_by(email: params['login']) || User.find_by(login: params['login'])
    if user && user.authenticate(params['password'])
      success! user
    else
      fail "Invalid email or password"
    end
  end
end
	class ApplicationController < ActionController::Base
	# Prevent CSRF attacks by raising an exception.
	# For APIs, you may want to use :null_session instead.
	protect_from_forgery with: :exception

	before_action :authorize_user!

	protected

	def authorize_user!
	unauthorized! unless current_user
	end

	def unauthorized!(path = main_app.login_path, message = "Unauthorized!")
	redirect_to path, alert: message
	end

	def warden
	env['warden']
	end

	def current_user
	warden.user
	end
	helper_method :current_user

	def logged_in?
	current_user.present?
	end
	helper_method :logged_in?
	end
	class SessionsController < ApplicationController
	skip_before_action :authorize_user!, only: [:new, :create]

	def new
	flash.now.alert = warden.message if warden.message
	end

	def create
	if warden.authenticate!
	redirect_to root_path, notice: "Logged in!"
	else
	logout("There was an error processing your login. Please try again.")
	end
	end

	def destroy
	logout("Logged out!")
	end

	private

	def logout(message)
	warden.logout
	redirect_to root_url, alert: message
	end
	end
	= form_tag sessions_path, method: :post do

	= label_tag :login, "Email or login"
	= text_field_tag :login, params[:email], placeholder: "example@example.org"

	= label_tag :password, "Password"
	= password_field_tag :password, nil, placeholder: "Password"

	= button_tag "Login", type: "submit"
	class User < ActiveRecord::Base
	has_secure_password

	def to_s
	"#{first_name} #{last_name}".titleize
	end

	def to_param
	login
	end
	end
	require 'warden'

	Rails.application.config.middleware.use Warden::Manager do \|config\|
	config.default_strategies :password
	config.failure_app = lambda { \|env\| SessionsController.action(:new).call(env) }
	end

	Warden::Manager.serialize_into_session { \|user\| user.id }
	Warden::Manager.serialize_from_session { \|id\| User.find(id) }

	Warden::Strategies.add(:password) do
	def valid?
	params['login'] && params['password']
	end

	def authenticate!
	user = User.find_by(email: params['login']) \|\| User.find_by(login: params['login'])
	if user && user.authenticate(params['password'])
	success! user
	else
	fail "Invalid email or password"
	end
	end
	end