DEV Community

Cover image for Adding Authentication to a Rails Web App. The Devise Gem.
Sara LoG for Our Time For Tech

Posted on • Updated on


Adding Authentication to a Rails Web App. The Devise Gem.

Another week in Our Time for Tech has gone by.

I was assigned the app authentication, and in order to do that I had to investigate and install the Ruby Gem called Devise.

One thing I learnt in my previous developer experience was to don't reinvent the wheel. When working with a framework and as a newbie I always tried to do things by myself. (Even the authentication process).

But usually frameworks have that part covered with tools that have already been tested by a lot of developers and are secure and stable, saving you from hours and hours of work.

So, What is devise and what it is for?

Devise is an authentication solution for Rails based on Warden. It handles authentication with bcrypt, eliminating the need to hash and salt passwords manually.

It allows your user to be able to do basic things like sign up, log in and log out and it is composed of 10 modules, of which you can choose to use only the ones you need. These modules are:

  • Database Authenticable — Hashes and stores the password in database. Authentication is done by a POST request. Necessary to save user/hashed password in the DB.
  • Omniauthable — Adds support for Omniauth provider, allowing log in through third-party providers like Facebook, Twitter, etc
  • Confirmable — Disables access to the user account unless a user has confirmed their account through email.
  • Recoverable — Adds a ‘Forgot my Password’ link that allows the user to reset their password using email.
  • Registerable — Creates a registration process, users can now edit and delete their account.
  • Rememberable — Creates a token and stores a user session with a saved cookie (adds REMEMBER ME checkbox)
  • Trackable — Tracks user IP addresses, sign in count, last sign in, and timestamps
  • Timeoutable — Logs a user out after a certain amount of time.
  • Validatable — Uses built-in Devise validations for email address and password (length, characters, etc).
  • Lockable — Locks an account after a specific amount of time or specific amount of log in attempts.

Setting up devise in your Web App

These are the steps I followed (there are plenty or tutorials around)

  • Open up your Gemfile and add this line gem 'devise'
  • Run bundle install to install the gem
  • Restart your rails server
  • Run rails g devise:install
  • Open up config/environments/development.rb and add: config.action_mailer.default_url_options = { host: 'localhost', port: 3000 } before the end keyword.
  • Open up app/views/layouts/application.html.erb and add: <% if notice %> <p class="alert alert-success"><%= notice %></p> <% end %> <% if alert %> <p class="alert alert-danger"><%= alert %></p> <% end %> right above <%= yield %>
  • Setup the User model: rails g devise User (or the name you want to give, Admin...) rails db:migrate

Once that is done you can go and create your first user http://localhost:3000/users/sign_up and log in http://localhost:3000/users/sign_in

Image by Gerd Altmann from Pixabay

Top comments (4)

sturpin profile image
Sergio Turpín

Good post Sara!! 👌
When you don't set the model name, devise set User ?
I say it because I use:

$ rails g devise User

You tell me 😊

saradotlog profile image
Sara LoG

You have to specify the name of the model (User, Admin...). Good catch! I will edit it now. Thank you!

sturpin profile image
Sergio Turpín

You're welcome!!
If I don't write a post it's because I know I would make a thousand and one mistakes hahaha
I want more RoR post! :P

Kind regards friend Sara ;)

Thread Thread
saradotlog profile image
Sara LoG

There is nothing wrong with making mistakes, we are humans! 😉 Besides, they are the best way to learn 🙂

Super Useful CSS Resources

A collection of 70 hand-picked, web-based tools which are actually useful.
Each will generate pure CSS without the need for JS or any external libraries.