Devise for user auth — Rails

If you’ve built rails apps before, you know that it is possible to build a full user authentication system from scratch. Let’s talk about what goes into an authentication system first.

For users — using the app:

1. The ability to sign up for the application
   — hashed password, so that you don’t store the string version of the password directly to your database to avoid security issues
   -if you’re looking at advanced features, there are confirmation links, when a user signs up using an email address, an email is sent with a confirmation link that needs to be clicked in order to verify that the user is indeed the owner of the email address
2. Once the user is signed up and has an account, user can log in
   -remember user, so that the user doesn’t have to log in using the credentials every time to use the application
3. Once the user is done with the app, the user can log out

Although these can all be built from scratch, Devise makes constructing user auth easier by handling all of this out of the box (especially the basic sign up, log in and log out functionality). With this in mind, let’s take a look at the devise gem. There is excellent documentation on devise implementation into your rails project on GitHub. Devise is a very popular gem that is used extensively, providing a lot of power with minimal effort.

There is also a lot of configuration and custom content that can be built on the basic functionality. Because this gem provides a lot of power, it is important to learn how to use it and get good at using it properly (especially if you want to customize features). A good strategy to work with a gem such as this is to first use the basic functionality, get good at using the basic functionality and then venture to customize.

Implementing core functionality into rails

1. add the gem ‘devise’ to the gem file in your application
2. Save and run bundle install
3. Run the generator in your terminal:
   rails generate devise:install
4. As you can probably see in your terminal, this generator will give create a couple of files, some manual setup (setting the root route — which ideally should be created before installing devise to your project), flash messages, and devise views — devise is a package gem, which means that the views will not show up in the application by default. You will add it manually by running the command provided (rails g devise:views or bootstrap devise views)

This is the basic setup is now complete. You have added devise to your application at this point. The next step would be to create your users resource using this gem.

Create users using devise

1. run the command:
   rails generate devise MODELNAME (in our case USER)
2. This will create a migration file for devise, user model, and some tests along with routes for devise (you can view these by running ‘rails routes — expanded | grep users, where you will see all of the registration and login/logout paths). If you take a look at the migration file that was created, you will see all of the fields added by devise (and you can configure this as you like). The model file that was generated will show specific functionalities for the user that devise provides such as :confirmable — which is used to send an email to confirm user at registration.
3. run rails db:migrate to create your users table. You can test this using the rails console (ie: User.all).

Now that you have the users resource created, you have the authentication functionality that we were looking to have! However, if you start the server at this point you will not see anything regarding user registration/sign-in. This is because you haven’t authenticated the user. This can be done simply by adding a before_action :authenticate_user! method in your controller. For now, the best place to add this would be in the application controller so it is implemented throughout your entire app.

If you now reload your server, you will see a login form instead of your root route. But, it doesn’t explicitly state that you have to sign in. This is because the flash messages that we spoke about earlier haven’t been added to the application. If you go back to the instructions in your terminal that were listed right after running rails g devise:install, you will see the two message tags under step 3. You can add these messages to your application.html.erb file.

Great! You have successfully added the sign-in, sign up and log-out functionality. Now it’s time to test! Go ahead and sign up a user in the browser and see if you are able to log back in with the same credentials.