Devise is Ruby gem and authentication solution for Rails. It is comprised of 10 modules that allow you to customize your process with options such as timeouts, lockouts, Omniauth, and database authentication. If you haven’t yet implemented simple user authentication in Rails on your own, it’s recommended that you do so before using Devise. Building authentication from scratch is a great way to learn the Rails framework. Here are two excellent resources to get you started:
- Micheal Hartl’s Ruby on Rails Tutorial (chapters 7 & 8)
- Ryan Bates’ Railscast ‘Authentication from Scratch’
After installing devise, you’ll generate a User model.
rails generate devise User
Once this command is executed, Devise will automatically create RESTful routes for you via devise_for :users in routes.rb (run rake routes from the command line to check all your nifty new routes.
If you aren’t familiar with RESTful routes, they are a web convention for naming routes semantically. In other words, the routes’ names communicate exactly what they are and where they are going. This is important stuff for keeping an app’s name spacing and flow clear and concise. For example, to access the sign up routes created by Devise, go to http://localhost:3000/users/sign_up. Note the first time you do this, if you get the error undefined method `registration_path’, try restarting your server. That should do the trick.
Next, it’s a good idea to add sign/sign out functionality to your nav bar because most users other than admins aren’t going to know the RESTful routes even exist. Head over to layout.html.erb and write your code. Note that the snippet below is borrowed from Ryan Bates’ Railscast ‘Introducing Devise‘. If you follow that link and scroll down you’ll see all sorts of code snippets.
Now that you’ve added sign-in/sign out functionality, you can customize which controller actions require authentication in your controller by adding a before_filter. For example, the following filter triggers a devise method that redirects to login for all actions except show and index.
You’ll probably want to generate your own views so you can customize the sign in pages to conform to your project’s style. No problem. Devise has a handy command for creating views.
rails generate devise:views
Customizing views is particularly important if you’re using a framework like Bootstrap so you can add the proper classes to sign-in/out forms. In my project, I added class container to my <div> tag and form-signin-heading to my <h2> tag. You can explore Bootstrap examples here (just view source to see which classes are used).
Last, for my project, I wanted to limit access to CRUD actions, so I added an admin column to my users table.
rails generate migration add_admin_to_users admin:boolean
In my migration, I set the default value to false.
You can grant a user admin access in rails console by updating a users admin attribute to true, like so:
Throughout your project views, insert conditional logic to check whether a user is an admin before displaying creative or destructive CRUD actions.
I’m looking forward to learning more about Devise in the coming days. Gems are great shortcuts, but the fun part is diving deep into the documentation and customizing them to meet your needs.