rails-auth-with-devise
Rails Authentication with Devise
Devise is the most popular authentication solution for Rails, providing a complete MVC solution with 10 modular components.
Quick Setup
# Add to Gemfile
bundle add devise
# Install Devise
rails generate devise:install
# Generate User model with authentication
rails generate devise User
# Run migrations
rails db:migrate
Essential Configuration
After devise:install, configure in config/environments/development.rb:
config.action_mailer.default_url_options = { host: 'localhost', port: 3000 }
Set root route in config/routes.rb:
root to: 'home#index'
Devise Modules Reference
Enable modules in the model (e.g., app/models/user.rb):
| Module | Purpose | Migration Columns |
|---|---|---|
:database_authenticatable |
Password hashing/storage | email, encrypted_password |
:registerable |
Sign up, edit, destroy account | - |
:recoverable |
Password reset via email | reset_password_token, reset_password_sent_at |
:rememberable |
"Remember me" cookie | remember_created_at |
:trackable |
Sign in stats | sign_in_count, current_sign_in_at, last_sign_in_at, current_sign_in_ip, last_sign_in_ip |
:validatable |
Email/password validations | - |
:confirmable |
Email confirmation | confirmation_token, confirmed_at, confirmation_sent_at, unconfirmed_email |
:lockable |
Lock after failed attempts | failed_attempts, unlock_token, locked_at |
:timeoutable |
Session expiration | - |
:omniauthable |
OAuth provider support | - |
Controller Helpers
# Require authentication
before_action :authenticate_user!
# Check if signed in
user_signed_in?
# Get current user
current_user
# Access session
user_session
For other models (e.g., Admin):
before_action :authenticate_admin!
admin_signed_in?
current_admin
admin_session
Common Tasks
Add Custom Fields (e.g., username)
- Generate migration:
rails g migration AddUsernameToUsers username:string:uniq
rails db:migrate
- Permit in
ApplicationController:
class ApplicationController < ActionController::Base
before_action :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.permit(:sign_up, keys: [:username])
devise_parameter_sanitizer.permit(:account_update, keys: [:username])
end
end
Customize Views
# Generate all views
rails generate devise:views
# Scoped views for specific model
rails generate devise:views users
# Specific modules only
rails generate devise:views -v registrations confirmations
Customize Controllers
# Generate controllers
rails generate devise:controllers users
# Or specific controller
rails generate devise:controllers users -c sessions registrations
Update routes:
devise_for :users, controllers: {
sessions: 'users/sessions',
registrations: 'users/registrations'
}
Custom Redirect After Sign In
In ApplicationController:
def after_sign_in_path_for(resource)
stored_location_for(resource) || dashboard_path
end
def after_sign_out_path_for(resource_or_scope)
root_path
end
Hotwire/Turbo Configuration (Rails 7+)
In config/initializers/devise.rb:
Devise.setup do |config|
config.responder.error_status = :unprocessable_entity
config.responder.redirect_status = :see_other
end
Ensure responders gem version >= 3.1.0.
Testing
RSpec Setup
In spec/support/devise.rb:
RSpec.configure do |config|
config.include Devise::Test::ControllerHelpers, type: :controller
config.include Devise::Test::ControllerHelpers, type: :view
config.include Devise::Test::IntegrationHelpers, type: :feature
config.include Devise::Test::IntegrationHelpers, type: :request
end
Usage:
sign_in user
sign_out user
Minitest Setup
class ActionDispatch::IntegrationTest
include Devise::Test::IntegrationHelpers
end
Additional Guides
- OmniAuth setup: See references/omniauth.md
- API authentication: See references/api-auth.md
- Advanced patterns: See references/advanced.md
More from shoebtamboli/rails_claude_skills
rspec-testing
This skill should be used when writing, reviewing, or improving RSpec tests for Ruby on Rails applications. Use this skill for all testing tasks including model specs, controller specs, system specs, component specs, service specs, and integration tests. The skill provides comprehensive RSpec best practices from Better Specs and thoughtbot guides.
5rails-controllers
Controller actions, routing, REST conventions, filters, and response handling
5plan-feature
Gather requirements, analyze codebase, and create structured task lists before starting Rails feature development. Use when planning new features, starting development work, breaking down requirements, or when the user mentions "plan", "requirements", "tasks", or "kickoff".
4rails-mailers
Use when sending emails - ActionMailer with async delivery via SolidQueue, templates, previews, and testing
4rails-views
ERB templates, helpers, layouts, partials, and view patterns
4rails-hotwire
Hotwire (Turbo Drive, Turbo Frames, Turbo Streams, Stimulus)
4