Flexible authentication solution for Rails.

Devise is a Rack-based, complete MVC solution (based on Rails engines). Allows you to have multiple models signed in at the same time. The most important it’s a modularity concept, use only what you really need.

The Devise is recommended for no-beginners in Rails application. Devise requires a good understanding of the Rails Framework. But to be honest is seems to be more convenient for me.

Devise 4.0 works with Rails 4.1 onwards. Add the following line to your Gemfile:

gem 'devise'

and thank run bundle install. Classic :)

Next use generator:

rails generate devise:install

The generator will install an initializer which describes ALL of Devise’s configuration options. Check it out
At this point, a number of instructions will appear in the console. Among these instructions, you’ll need to set up the default URL options for the Devise mailer in each environment. Here is a possible configuration for config/environments/development.rb:

config.action_mailer.default_url_options = { host: 'localhost', port: 3000 }

Let’s assume that we want to be able to create a User account. Unusual :)

rails generate devise User

This will create a model (if one does not exist) and configure it with the default Devise modules. The generator also configures your config/routes.rb file to point to the Devise controller. Next, check the MODEL for any additional configuration options you might want to add, such as confirmable or lockable.

Include default devise modules. Others available are:# :confirmable, :lockable, :timeoutable, :trackable and :omniauthabledevise :database_authenticatable, :registerable,:recoverable, :rememberable, :validatable

But what are those and what we can use them for?

Confirmable is responsible to verify if an account is already confirmed to sign in and to send emails with confirmation instructions. Confirmation instructions are sent to the user email after creating a record and when manually requested by a new confirmation instruction request.

Confirmable tracks the following columns:

  • confirmation_token — A unique random token
  • confirmed_at — A timestamp when the user clicked the confirmation link
  • confirmation_sent_at — A timestamp when the confirmation_token was generated (not sent)
  • unconfirmed_email — An email address copied from the email attr.

Lockable accepts two different strategies to unlock a user after it’s blocked: email and time. Handles blocking user access after a certain number of attempts. The former will send an email to the user when the lock happens, containing a link to unlock its account. The second will unlock the user automatically after some configured time (ie 2.hours). It’s also possible to set up lockable to use both email and time strategies.

Timeoutable takes care of verifying whether a user session has already expired or not. When a session expires after the configured time, the user will be asked for credentials again, it means, they will be redirected to the sign in page.

Trackable it’s track information about your user sign in. It tracks the following columns:

  • sign_in_count — Increased every time a sign-in is made (by form, openid, oauth)
  • current_sign_in_at — A timestamp updated when the user signs in
  • last_sign_in_at — Holds the timestamp of the previous sign in
  • current_sign_in_ip — The remote ip updated when the user sign in
  • last_sign_in_ip — Holds the remote ip of the previous sign in

Omniauthable adds OmniAuth support to your model.

Database_Authenticatable it’s an Authenticatable Module, responsible for hashing the password and validating the authenticity of a user while signing in.

Registerable is responsible for everything related to registering a new resource (ie user sign up).

Recoverable takes care of resetting the user password and send reset instructions.

Rememberable manages generating and clearing token for remembering the user from a saved cookie. Rememberable also has utility methods for dealing with serializing the user into the cookie and back from the cookie, trying to lookup the record based on the saved information. You probably wouldn’t use rememberable methods directly, they are used mostly internally for handling the remember token.

Validatable creates all needed validations for a user email and password. It’s optional, given you may want to create the validations by yourself. Automatically validate if the email is present, unique and its format is valid. Also tests presence of password, confirmation and length.

If you add an option, be sure to inspect the migration file (created by the generator if your ORM supports them) and uncomment the appropriate section. For example, if you add the confirmable option in the model, you’ll need to uncomment the Confirmable section in the migration. Then run:

rails db:migrate

You should restart your application after changing Devise’s configuration options (this includes stopping spring). Otherwise, you will run into strange errors, for example, users being unable to login and route helpers being undefined.

For more information check here!

To see a list of example applications using Devise go here!

To be continued …