I'm building an app that has 3 models (Customer, Points, Admin). Customer has Points, Points belong to Customer. Then Admin has user_name and password_hash as attributes, storing the passwords via Bcrypt. Once a customer searches themselves via phone number, then their points show up. But to add points, an admin has to log in with just a password (code of 4 digits) then get access to adding points.
I'm having trouble how to find the admin via only a password, not user_name and password.
class AdminsController < ApplicationController
def new
@admin = Admin.new
end
def create
@Admin = Admin.new(admin_params)
if @admin.save
redirect_to root_path
else
flash[:error] = "incorrect data, please check form"
render new_admin_path
end
end
def login
@customer = Customer.find(params[:id])
# Need to get the input password
params[:password]
# Change the inputed password into a password hash
# inputed_password_hash (NEED HELP HERE)
# Compare the password hash with password hashes in the Admin model/database
# to see if it exists.
# if true, send to add points page
# if false, send back to customer page
if Admin.find_by(password_hash: inputed_password_hash)
redirect_to new_points_path
else
render customer_path
end
end
private
def admin_params
params.require(:admin).permit(:user_name, :password, :password_confirmation)
end
end