Blog Details

Secure Your Rails App with Devise Gem

Authentication is a crucial part of most web applications. Instead of building everything from scratch, Rails developers can use the Devise gem, a powerful and flexible tool for handling user authentication.

In this blog post, I’ll walk you through setting up and using Devise in your Rails app.

What is Devise?

Devise is a gem that helps you manage user authentication in Rails. It takes care of common tasks like user registration, login, and password recovery. It’s modular, so you can pick and choose which features you need.

Key Features of Devise:- 

Modularity : You can include only the features you need, such as login, registration, password recovery, and more.

Customizability : You can easily customize the look and feel, as well as the functionality.

Security : Devise handles things like password hashing and CSRF protection to keep your app secure.

Setting Up Devise:- 

Let’s get Devise set up in a Rails app.

Step 1: Add Devise to Your Gemfile

First, add Devise to your Gemfile:

gem 'devise'

Run bundle install to install the gem.

Step 2: Install Devise

Run the install generator:

rails generate devise:install

This sets up an initializer file where you can configure Devise.

Step 3: Configure Devise

Follow the instructions that the generator provides. This typically involves setting up your mailer and ensuring you have default URLs for your environments.

Step 4: Generate the User Model

Create a User model with Devise:

rails generate devise User

This command creates a migration file for the users table and a User model with Devise modules included.

Step 5: Run the Migrations

rails db:migrate

Using Devise in Your App :-

Now that Devise is set up, let’s use it in your application.

Restricting Access to Controllers

To restrict access to certain actions, use the before_action filter in your controllers:

class PostsController < ApplicationController
  before_action :authenticate_user!, only: [:new, :create, :edit, :update, :destroy]
end

Customizing Devise Views :-

To customize Devise’s default views, generate them into your application:

rails generate devise:views

This creates the view files in app/views/devise, which you can then modify to fit your needs.

Adding Custom Fields to the User Model

If you need to add extra fields to your User model, generate a migration:

rails generate migration add_username_to_users username:string

Permit the new parameters in a custom controller:

class Users::RegistrationsController < Devise::RegistrationsController
  before_action :configure_permitted_parameters

  protected

  def configure_permitted_parameters
    devise_parameter_sanitizer.permit(:sign_up, keys: [:username])
    devise_parameter_sanitizer.permit(:account_update, keys: [:username])
  end
end

Update your routes to use the custom controller:

devise_for :users, controllers: { registrations: 'users/registrations' }

Conclusion:- 

Devise is a great tool for adding user authentication to your Rails applications. It’s modular, customizable, and secure, making it a top choice for many developers. By following the steps above, you can set up and start using Devise in your Rails app quickly. Happy coding!