We have recently encrypted all our auth_tokens in the users table. I have modified the authenticate_user_from_token! in ApplicationController to encrypt the params[:auth_token] before comparing in database. It fetches the user record and sign_in user, store: false creates an entry in sessions table.
def authenticate_user_from_token!
user_token = encrypt(params[:auth_token].presence)
user = user_token && User.find_by_authentication_token(user_token)
if user
sign_in user, store: false
end
end
However, it doesn't actually log the user in. It takes me to the login page. Is Devise using the auth_token somewhere else where I need to encrypt it or am I missing something else?
