🔑

Devise

Rails standard authentication system

Devise is the most widely used authentication gem in Rails.

10 modules:

database_authenticatable — password hashing and login
registerable — sign up
recoverable — password reset
rememberable — auto login (Remember Me)
validatable — email/password validation
confirmable — email verification
lockable — account lock on login failures
timeoutable — session timeout
trackable — login tracking
omniauthable — OAuth (Google, GitHub, etc.)

Auto-generated helpers:

current_user — currently logged-in user
user_signed_in? — login status check
authenticate_user! — redirect if not logged in

Customization is done through controller inheritance and view overrides.

Key Points

1

Add gem "devise" to Gemfile and bundle install

2

rails generate devise:install → generate initial config files

3

rails generate devise User → User model + migration generated

4

rails db:migrate → create devise tables

5

before_action :authenticate_user! → add to controllers requiring auth

6

Use helpers like current_user, user_signed_in?

Pros

✓ Rich features (10 modules)
✓ Large community with rich documentation
✓ Security best practices applied (bcrypt, CSRF)
✓ Easy social login with OmniAuth

Cons

✗ Customization can be complex
✗ Too much magic makes internals hard to understand
✗ Excessive features for API-only apps
✗ Need generate devise:views for view customization

Use Cases

Member-based web services Google/GitHub OAuth login Email verification flow Admin panel authentication

← 🎮 Stimulus 🛡️ CSRF Protection →