Rails 3 + Devise: How do I set a "Universal" password?

I'm using Rails 3 with Devise. Is there an开发者_JAVA百科y way I can set a "universal/root/skeleton key" password in my app -- so I can login to my user's account with their email address + a universal password?

p.s: This is probably a really bad authentication practice, but for some reason I need to edit some of my users.

What you want is highly NOT recommended.

The way to do it is define Roles for your users, and add an interface from which a user with a certain role can edit something.

If you still want to do it your way, probably the best way to do it would be to extend DatabaseAuthenticatable like this

module Devise
  module Models
    module DatabaseAuthenticatable
      def valid_password?(incoming_password)
        password_digest(incoming_password) == self.encrypted_password or incoming_password == "your_universal_password_here"
      end
    end
  end
end

you can put this in your initializers folder (create for example an add_universal_password.rb file, and write that down)

But I say again, this idea is not ok

Extending DatabaseAuthenticable as in the answer by Andrei S is a bit brittle, because it makes your code assume some implementation details of Devise's valid_password? method. A less brittle way would be to override the valid_password? method in the model that mixes in DatabaseAuthenticatable (e.g. User) and call super(), like this:

class User < ActiveRecord::Base
  devise :database_authenticable
...
  def valid_password?(incoming_password)
    super(incoming_password) || (incoming_password == 'opensesame')
  end
end