Devise: Devise cannot create new sessions with correct credentials

I create a sessions controller inherited from devise sessions controller and put a binding.pry before self.resource = warden.authenticate!(auth_options), and when I call self.resource = warden.authenticate!(auth_options) in the pry, it says unauthorize and print out something as shown below:

Completed 401 Unauthorized in 14ms (ActiveRecord: 0.0ms)
Processing by SessionsController#new as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"rqUvgDQBUY+Syj6vi1qq07bhC+opQIa0xeXFS45Dprmyb4lQ4c1uuUwBdG0ZXDxwqA+EhdyYmXfIFfbs4MBwqw==", "email"=>"[email protected]", "password"=>"[FILTERED]", "user"=>{"remember_me"=>"0"}, "commit"=>"Log in"}
Rendered devise/shared/_links.html.erb (17.5ms)
Rendered devise/sessions/new.html.erb within layouts/application (35.2ms)
Rendered shared/_flash_messages.html.slim (2.7ms)

Here is the routes:
devise_for :users, :controllers => { omniauth_callbacks: "callbacks", registrations: 'registrations', sessions: 'sessions'}

Registration controller:

class RegistrationsController < Devise::RegistrationsController
  def create
    super
  end

  def after_sign_in_path_for(resource)
    request.env['omniauth.origin'] || stored_location_for(resource) || root_path
  end

  protected

  def after_update_path_for(resource)
    user_path(resource)
  end

  def update_resource(resource, params)
    resource.update_without_password(params)
  end

  def sign_up_params
    params.require(:user).permit(:name, :email, :password, :password_confirmation, :avatar)
  end

  def account_update_params
    params.require(:user).permit(:name, :email, :password, :password_confirmation, :current_password, :avatar)
  end
end

Sessions controller:

class SessionsController < Devise::SessionsController
  def create
    self.resource = warden.authenticate!(auth_options)
    set_flash_message!(:notice, :signed_in)
    sign_in(resource_name, resource)
    yield resource if block_given?
    respond_with resource, location: after_sign_in_path_for(resource)
  end
end

Found the problem. it is the form with email field with name="email" that make the params include email into user's hash value instead of outside user's hash value.

Thanks for sharing!

Hi andychong1996 Can you please elaborate on the solution?

@Wynandstolp name="email" in the html means that the params hash will have email as a top level key instead of inside the "user" key.

Example:

params: {"email":"[email protected]","user":{"password":["FILTERED"]}}

vs

params: {"user":{"email":"[email protected]","password":["FILTERED"]}}

email needs to be inside of the user hash of the params. So on the html side the email input needs a name like name="user[email]"

@jpamarohorta ^^

its is getting authenticated for this params:
{"utf8"=>"✓", "authenticity_token"=>"5BMAUoZLUEgPZBVOAcQ8lFD4+pumP9kEvvXyelbnjeO36AZJQt2oRlraicQ6quvh/dccS0ELUkxjACgFcWFYAg==", "user"=>{"email"=>"[email protected]", "password"=>"voonik", "phone"=>"9443429932"}, "action"=>"create", "controller"=>"sessions", "format"=>"json", "session"=>{"user"=>{"email"=>"[email protected]", "password"=>"voonik", "phone"=>"9443429932"}}}

but failing for this:

{"utf8"=>"✓", "authenticity_token"=>"/ly2phwfsD3HEVkHK39ajYQGv6R4uj2z3B+3eiZEU0qtp7C92IlIM5KvxY0QEY34KSlZdJ+OtvsB6m0FAcKGqw==", "user"=>{"phone"=>"9443429932", "password"=>"voonik", "email"=>"[email protected]"}, "action"=>"create", "controller"=>"sessions", "format"=>"json", "session"=>{"user"=>{"phone"=>"9443429932", "password"=>"voonik", "email"=>"[email protected]"}}}

Only the order of the data has changed, everything else is the same.

Don't know what is causing the trouble, stuck with this issue for long.

Some times is the orther in the routes file, change the order of the devise routes, thats how I fixed an error that told me to delete the cookies