@scott, what is this a create action for? A session?
I think your code is more complicated than it needs to be because
authenticate is implemented as an instance method on
User. It’s important that
User have credentials, but I don’t think that it needs to know how to perform that authentication. What if authentication were the responsibility of a controller method?
now your create looks like this:
# sign them in
# tell them to verify
# tell them they are invalid
@user || authenticate
That’s still not great, but we’re getting somewhere. You could extract the lines that set
render 'new' into a method that takes the error message. That would eliminate some duplication. As you start cleaning it up, you might see more possible refactorings - maybe extracting a before filter to handle some of the error cases?
The key is to take small steps, run your tests to verify, and see how things feel to you.
As an aside, it appears your authentication scheme here is relying on plaintext passwords being stored in the database. If this code is anything more than an exercise I would probably move to something like Clearance for authentication as it worries about such things so you don’t have to