In this post I’ll be dipping into Devise, the most popular authentication gem for Rails. I’ll talk about what authentication is, how Devise works and why it is a good solution for authentication.
What is Authentication
The process of identifying an individual, usually based on a username and password. In security systems, authentication is distinct from authorization, which is the process of giving individuals access to system objects based on their identity. Authentication merely ensures that the individual is who he or she claims to be, but says nothing about the access rights of the individual.
In essence, when you sign in to an application you are authenticating yourself. When you try to access a restricted area of an application, the application with check your authorization.
Before using a gem to manage your authentication you should understand how to implement a simple authentication solution. This will give you a basic understanding of how authentication works. I recommend watching this excellent Railscast episode to give you that grounding, it will only take 10 minutes :).
Devise for Authentication
Now that we understand what authentication is and why it is required. The question is, why use Devise? There are many authentication gems that are more simple and lightweight. If you want something lightweight then you should not use Devise. The reason that Devise is the most popular authentication gem is because of it’s flexibility and power.
When your application is small you may not need to use all of Devise’s features but as your requirements grow Devise will likely be able to handle all of your authentication needs. Lots of developers will add Devise to their projects, even if they don’t need all of the features right away.
Devise also has great documentation and is well supported. Devise has a good readme, wiki and rdocs.
If you work as a Rails developer I would highly recommend that you learn Devise. It’s likely that you’ll end up working on a project that uses Devise, at some point.
rails generate devise:install
Next, you need to choose which model will represent the ‘users’ in your system. In this example I’ve gone with
User. This is the model that Devise will authenticate against. The generator command below will setup the
User model for authentication. If you haven’t already defined the model (in this case
User) this command will generate the model for you.
$ rails generate devise User
Running this will create a migration to add a number of fields to your
User model that Devise needs for authentication (
Lastly, you can run the migration with
At this point you can add authentication by adding the following before action to any controller:
When a user hits a controller that has this before action, devise will check whether the user has an existing session. If not, the user will be redirected to the login page. If the user does have an existing session, they will be able the view the page as normal.
If you want to customise any of the Devise’s default view templates then you need to copy the templates from devise into your project. You can do that using the following generator:
$ rails generate devise:views
This will copy Devise’s templates into
app/views/devise. For example, if you want to modify the ‘Sign In’ page then you should modify
This post covers the basics of how to install Devise, how to add authentication and how to customise views. This post will provide the foundation for my next blog post which will be about the various Devise modules.
You can checkout the source code for this blog post on Github.