How to sign in a user using Devise from a Rails console?

After loading the Rails console, how should I sign in a user?

Devise provides a test helper which can be used in tests and I've tried to use in console:

>> include Devise::TestHelpers
>&g开发者_如何学编程t; helper.sign_in(User.first)

But I get:

NoMethodError: undefined method `env' for nil:NilClass

Anyway, I would like to use the real devise helper and not this test helper. Is there any way to achieve this?

---

Here's one way I was able to do it:

>> ApplicationController.allow_forgery_protection = false
>> app.post('/sign_in', {"user"=>{"login"=>"login", "password"=>"password"}})

Then you can do:

 >> app.get '/some_other_path_that_only_works_if_logged_in'
 >> pp app.response.body

---

Here is another example which uses the csrf token, authenticates the user, and makes a POST/GET request.

# get csrf token
app.get  '/users/sign_in'
csrf_token = app.session[:_csrf_token]

# log in
app.post('/users/sign_in', {"authenticity_token"=>csrf_token, "user"=>{"email"=>"foo", "password"=>"bar"}})

# get new csrf token, as auth user
app.get ''
csrf_token = app.session[:_csrf_token]

# make a POST request
app.post '/some_request.json', {"some_value"=>"wee", "authenticity_token"=>csrf_token}

# make a GET request
app.get '/some_other_request.json'

---

You can add an action inside one of your controller, and use the technique explained here.

class MyController < ApplicationController
  # POST /my_controller/become {'email': 'test@example.com'}
  def become
    raise 'not in development environment' unless Rails.env == 'development'
    sign_in User.find_by_email(params[:email])
  end
end

---

Important to note that since Rails 5, the params parsing has been changed to take only one argument and params (instead of params being a second argument.

ActionDispatch::ParamsParser is deprecated and was removed from the middleware stack. To configure the parameter parsers use ActionDispatch::Request.parameter_parsers=

So these earlier examples will no longer work in modern Rails without patching your middleware. To make them work, simply include the arguments in the POST params like:

app.post('/users/sign_in', {"user"=>{"email"=>"me@mail.com", "password"=>"mycoolpassword"}}) <-- No longer valid

app.post('/users/sign_in', params: {"user"=>{"email"=>"me@mail.com", "password"=>"mycoolpassword"}}) <-- valid

---

There is a better way to do that. Add this code to the config/application.rb

# config/pplication.rb

  class Application < Rails::Application
    # ...
    console do
      class ActionDispatch::Integration::Session
        def host; 'localhost'; end
      end

      class ::BackdoorController < Devise::SessionsController
        def comeonin
          sign_in $current_user
          render json: {}
        end
      end
      Rails.application.routes.disable_clear_and_finalize = true
      Rails.application.routes.draw do
        devise_scope(:user) { get '/backdoor', to: "backdoor#comeonin" }
      end
    end
    # ...
  end

Now you can log in on behalf of any user:

$current_user = User.last
app.get '/backdoor' # sign in
app.get '/profile' # any other request

In the case of HTTPS, one may need to use the full hostname:

app.get 'https://localhost/backdoor'