Rails Authentication

For most applications authentication is a necessary evil and my current project is no exception. I always dread having to write the authentication logic in applications. Some frameworks have OK authentication plugins available but I always finding myself writing some piece of it before it's over with. I was really hoping to avoid that with rails and thanks to devise I have. It has everything I was looking for and more.

It comes with pre-canned (but modifiable) sign-up, password reminder, login, logout, password change etc... forms. And quite a few feature that put it in a class above most other auth modules I've used. Confirmation (click link in email) functionality, OAuth2 support, Token auth, tracks sign-in/ out IP, supports idle timeout, lock outs on excessive failed attempts and can re-enable the account after a timeout period or via email. Way more than I expected for the low low price of free :)

Getting it going was as easy as:

sudo gem install devise
rails generate devise:install
rails generate devise User #creates the user model, you can add extra fields you want to track for the user here


Your now ready to pick your features by editing the User model (or whatever you called it) and doing a db migration. Protecting a controller is incredibly easy, adding this line will ensure an auth'd user before allowing any callbacks:

before_filter :authenticate_user!


If there were a section of the controller you do want accessable to guests you modify the above to look like:

before_filter :authenticate_user! :except => [:index, :faq]


There are a couple of good rails casts on the subject:
Introducing Devise
Customizing Devise