How to sign in a user using Devise from a Rails console?

You can add an action inside one of your controller, and use the technique explained here.

class MyController < ApplicationController
  # POST /my_controller/become {'email': '[email protected]'}
  def become
    raise 'not in development environment' unless Rails.env == 'development'
    sign_in User.find_by_email(params[:email])
  end
end

Here's one way I was able to do it:

>> ApplicationController.allow_forgery_protection = false
>> app.post('/sign_in', {"user"=>{"login"=>"login", "password"=>"password"}})

Then you can do:

 >> app.get '/some_other_path_that_only_works_if_logged_in'
 >> pp app.response.body

Here is another example which uses the csrf token, authenticates the user, and makes a POST/GET request.

# get csrf token
app.get  '/users/sign_in'
csrf_token = app.session[:_csrf_token]

# log in
app.post('/users/sign_in', {"authenticity_token"=>csrf_token, "user"=>{"email"=>"foo", "password"=>"bar"}})

# get new csrf token, as auth user
app.get ''
csrf_token = app.session[:_csrf_token]

# make a POST request
app.post '/some_request.json', {"some_value"=>"wee", "authenticity_token"=>csrf_token}

# make a GET request
app.get '/some_other_request.json'

Important to note that since Rails 5, the params parsing has been changed to take only one argument and params (instead of params being a second argument.

ActionDispatch::ParamsParser is deprecated and was removed from the middleware stack. To configure the parameter parsers use ActionDispatch::Request.parameter_parsers=

So these earlier examples will no longer work in modern Rails without patching your middleware. To make them work, simply include the arguments in the POST params like:

app.post('/users/sign_in', {"user"=>{"email"=>"[email protected]", "password"=>"mycoolpassword"}}) <-- No longer valid

app.post('/users/sign_in', params: {"user"=>{"email"=>"[email protected]", "password"=>"mycoolpassword"}}) <-- valid