verifies the letter's code

app/controllers/verification/letter_controller.rb

@@ -1,9 +1,12 @@
 class Verification::LetterController < ApplicationController
-  before_action :authenticate_user!, except: :edit
-  before_action :verify_resident!
-  before_action :verify_phone!
-  before_action :verify_verified!
-  before_action :verify_lock
+  before_action :authenticate_user!, except: [:edit, :update]
+  before_action :check_credentials, only: :update
+
+  before_action :verify_resident!, except: :edit
+  before_action :verify_phone!, except: :edit
+  before_action :verify_verified!, except: :edit
+  before_action :verify_lock, except: :edit
+
   skip_authorization_check
 
   def new
@@ -24,8 +27,8 @@ class Verification::LetterController < ApplicationController
   end
 
   def update
-    @letter = Verification::Letter.new(letter_params.merge(user: current_user))
-    if @letter.verified?
+    @letter = Verification::Letter.new(letter_params.merge(user: current_user, verify: true))
+    if @letter.valid?
       current_user.update(verified_at: Time.now)
       redirect_to account_path, notice: t('verification.letter.update.flash.success')
     else
@@ -37,7 +40,7 @@ class Verification::LetterController < ApplicationController
   private
 
     def letter_params
-      params.require(:letter).permit(:verification_code)
+      params.require(:verification_letter).permit(:verification_code, :email, :password)
     end
 
     def verify_phone!
@@ -46,4 +49,13 @@ class Verification::LetterController < ApplicationController
       end
     end
 
+    def check_credentials
+      user = User.where(email: letter_params[:email]).first
+      if user && user.valid_password?(letter_params[:password])
+        sign_in(user)
+      else
+        redirect_to edit_letter_path, alert: t('devise.failure.invalid', authentication_keys: 'email')
+      end
+    end
+
 end