How to Use Devise for Authentication in Rails
As a beginner rails developer, I learnt very fast that your application needs to have an authentication system. A user should be able to register/sign up to create an account and get saved in the database and once that is successful, they should be able to log in and access what the app has to offer.
Well I learned how to create an authentication system where if you are familiar with rails you need to create a users_controller.rb, sessions_controller.rb, some good dose of useful helper method for keeping track of user’s information needed for enforcing authentication and authorization, some validations to sanitize users sign up data, some activerecord macro methods like password_digest, has_secure_password, .authenticate, a gem for encrypting users password like bcrypt and so on and so forth.
As you can see thats quite a lot of things to keep track of. It is time consuming, error prone and overall not quite good practice to create your own authentication system. On the flip side of this, its really good for beginners to learn about authentication by building it from scratch, but once you have understood all the moving pieces its time to graduate to using a well tested solution built for rails to handle authentication. This solution is called Devise.
Devise is the bedrock gem for Ruby on Rails authentication. With devise creating a User model that can sign up and log in is easy because devise takes care of all the controllers necessary for User creation (users_controllers) and for user sessions (users_sessions_controller).
How does Devise work?
I relied heavily on the devise readme which can be found here.
I will leave it up to you to go through the documentation and learn how to set up and configure devise. Instead I will go through some of the advantages of using devise.
Devise Controller filters and helpers
Devise will create some helper methods to use in your app’s controllers and views, below are some of the helper methods and a brief overview of how they are used!
authenticate_user!
To set up a controller with user authentication add this before_action on top of the controller class (assuming your devise model is ‘User’). Use it to limit access to an action unless a user is logged in.
before_action :authenticate_user! except: [:show, :index]
before_action :authenticate_user! only: [:show, :index]user_signed_in?
is used to verify if a user is signed in. Add to controller or view and it returns a boolean value.
if user_signed_in?
do something
else
do something else
end
current_user
This method returns the model class relating to the signed in user. It returns a signed in user or nil if a user is not yet signed in
user_session
returns metadata on a logged in user
Devise Modules
database_authenticatable
Ensures a user enters a correct password and encrypts the password before saving it.
confirmable
Ensures newly registered users confirm their accounts by confirming an email sent by devise. Disables access to the user account unless a user has confirmed their account through email.
validatable
Validates email/password and ensure they conform to a particular standard.
lockable
Limits the number of login attempts or if a user has tried to log in a specific number of times
Omniauthable
Adds support for Omniauth provider, allowing log in through third-party providers like Facebook, Twitter, GitHub and Google.
There you go, you now know something about devise. This was not meant to be an exhaustive resource. Visit the devise documentation and learn more. I wrote this to document some of the stuff I found useful when building my project in ruby and rails as a student at Flatiron.
Here are some links I found useful:
https://launchschool.com/blog/how-to-use-devise-in-rails-for-authentication
