Add Authentication to Rails with Devise

Use this when adding Devise authentication to an existing Rails app.

Add Devise

Add Devise to the Gemfile.

gem "devise"

Install the gem.

bundle install

Install Devise

Run the Devise installer.

bin/rails generate devise:install

Set the default URL options

In development, Devise needs a host for mailer URLs. Add this inside the development environment config.

config.action_mailer.default_url_options = { host: "localhost", port: 3000 }

Generate the user model

Generate the Devise user model and run the migration.

bin/rails generate devise User
bin/rails db:migrate

Choose Devise modules

Devise modules are enabled in the model file. For a generated User model, edit app/models/user.rb.

class User < ApplicationRecord
  devise :database_authenticatable, :registerable,
         :recoverable, :rememberable, :validatable
end

Common modules:

Module	What it does	Main file to edit
`database_authenticatable`	Stores an encrypted password and authenticates users from the database.	`app/models/user.rb`
`registerable`	Lets users sign up, edit, and delete their account.	`app/models/user.rb`
`recoverable`	Adds password reset emails and reset tokens.	`app/models/user.rb`, Devise migration
`rememberable`	Lets users stay signed in with a remember-me cookie.	`app/models/user.rb`, Devise migration
`validatable`	Adds default email and password validations.	`app/models/user.rb`
`confirmable`	Requires users to confirm their email before signing in.	`app/models/user.rb`, Devise migration
`lockable`	Locks an account after too many failed sign-in attempts.	`app/models/user.rb`, Devise migration, `config/initializers/devise.rb`
`timeoutable`	Signs users out after a period of inactivity.	`app/models/user.rb`, `config/initializers/devise.rb`
`trackable`	Tracks sign-in count, timestamps, and IP addresses.	`app/models/user.rb`, Devise migration
`omniauthable`	Adds OmniAuth provider support, such as GitHub or Google login.	`app/models/user.rb`, `config/initializers/devise.rb`

To enable a module, add it to the devise line.

devise :database_authenticatable, :registerable,
       :recoverable, :rememberable, :validatable,
       :confirmable

Some modules need database columns. If the module is commented out in the generated Devise migration, uncomment that section before running bin/rails db:migrate.

## Confirmable
t.string   :confirmation_token
t.datetime :confirmed_at
t.datetime :confirmation_sent_at
t.string   :unconfirmed_email

Some modules also have settings in config/initializers/devise.rb.

config.timeout_in = 30.minutes
config.maximum_attempts = 5

Add authentication links

Use Devise route helpers for sign in, sign out, and registration links.

<% if user_signed_in? %>
  <%= button_to "Sign out", destroy_user_session_path, method: :delete %>
<% else %>
  <%= link_to "Sign in", new_user_session_path %>
  <%= link_to "Sign up", new_user_registration_path %>
<% end %>

Protect a controller

Require a signed-in user before accessing a controller action.

before_action :authenticate_user!

Check the routes

Confirm the Devise routes are available.

bin/rails routes | grep user

Commit the authentication setup

Commit the Devise setup after the migration and views are working.

git add .
git commit -m "Add Devise authentication"