I am proud to report that I have successfully installed and used the Devise authentication gem in my little test app that I am building learn Rails. I’m still a newbie at all this stuff, so anything that I can “gem install” and then hack my way through configuring and actually see the thing work in my app always brings a smile to my face. The Introducing Devise (#209) and Customizing Devise (#210) screencasts on RailsCasts.com really helped me a lot by showing how simple it is to set it up and do some customization. Plus, the documentation for basic configuration and use is pretty easy to follow. That’s always a good thing to see in these gems. Since I’m still playing around on Rails 2.3.5, I had to use version 1.0.7 of Devise, but they do have a Rails 3 version on the download page too, so be sure you use the right version.
With Devise in place in your app (it only requires a few lines to configure it, see the documentation on the web site for how to set it up), not only can you handle all the basic needs of authenticating a user login from your Users table (without writing as single line of code!), it also gives you built-in functions to create new user accounts, emailing them their forgotten password, and letting them change their password while logged in. Beyond those basics, you can then easily restrict access to certain parts of your app to only those users of a certain role. You simply create a Model for each role that you want to work with in your app.
I originally found some code samples for a roll-your-own authentication approach on the Building a New Web Site with Rails blog post over at a ThinkingInRails.com, and it did show me how to approach this if I wanted to have and maintain my own code base for this matter, but I really wanted to use a ready-made solution for this so I could move on to other matters in my Rails learning.
So, at this point, I must say that I’m going with the Devise gem for authentication in my Rails apps (like I have a lot of Rails apps, but hey, this thing is a great way to go when that does happen).
Other Devise resources:
- Railscasts episode #209 Introducing Devise
- Railscasts episode #210 Customizing Devise
- Blog post by authors at <plataformatec/> introducing Devise
- There is a fairly active Devise discussion group over on Google Groups.
- Devise ver 1.0.07 Readme (for Rails 2.3.5)
- Devise ver 1.1.rc1 Readme (for Rails 3 Beta 4)
- Blog post: Comparison of various Rails authentication solutions
- Rails authentication solutions discussed on Stack Overflow
- Article 1: Getting Started with Devise and CanCan The article includes very detailed steps and code samples for both Devise and CanCan.
- Article 2: Devise and CanCan – Restful Resources for Administrators