rails-auth-with-devise
SKILL.md
Rails Authentication with Devise
Devise is the most popular authentication solution for Rails, providing a complete MVC solution with 10 modular components.
Quick Setup
# Add to Gemfile
bundle add devise
# Install Devise
rails generate devise:install
# Generate User model with authentication
rails generate devise User
# Run migrations
rails db:migrate
Essential Configuration
After devise:install, configure in config/environments/development.rb:
config.action_mailer.default_url_options = { host: 'localhost', port: 3000 }
Set root route in config/routes.rb:
root to: 'home#index'
Devise Modules Reference
Enable modules in the model (e.g., app/models/user.rb):
| Module | Purpose | Migration Columns |
|---|---|---|
:database_authenticatable |
Password hashing/storage | email, encrypted_password |
:registerable |
Sign up, edit, destroy account | - |
:recoverable |
Password reset via email | reset_password_token, reset_password_sent_at |
:rememberable |
"Remember me" cookie | remember_created_at |
:trackable |
Sign in stats | sign_in_count, current_sign_in_at, last_sign_in_at, current_sign_in_ip, last_sign_in_ip |
:validatable |
Email/password validations | - |
:confirmable |
Email confirmation | confirmation_token, confirmed_at, confirmation_sent_at, unconfirmed_email |
:lockable |
Lock after failed attempts | failed_attempts, unlock_token, locked_at |
:timeoutable |
Session expiration | - |
:omniauthable |
OAuth provider support | - |
Controller Helpers
# Require authentication
before_action :authenticate_user!
# Check if signed in
user_signed_in?
# Get current user
current_user
# Access session
user_session
For other models (e.g., Admin):
before_action :authenticate_admin!
admin_signed_in?
current_admin
admin_session
Common Tasks
Add Custom Fields (e.g., username)
- Generate migration:
rails g migration AddUsernameToUsers username:string:uniq
rails db:migrate
- Permit in
ApplicationController:
class ApplicationController < ActionController::Base
before_action :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.permit(:sign_up, keys: [:username])
devise_parameter_sanitizer.permit(:account_update, keys: [:username])
end
end
Customize Views
# Generate all views
rails generate devise:views
# Scoped views for specific model
rails generate devise:views users
# Specific modules only
rails generate devise:views -v registrations confirmations
Customize Controllers
# Generate controllers
rails generate devise:controllers users
# Or specific controller
rails generate devise:controllers users -c sessions registrations
Update routes:
devise_for :users, controllers: {
sessions: 'users/sessions',
registrations: 'users/registrations'
}
Custom Redirect After Sign In
In ApplicationController:
def after_sign_in_path_for(resource)
stored_location_for(resource) || dashboard_path
end
def after_sign_out_path_for(resource_or_scope)
root_path
end
Hotwire/Turbo Configuration (Rails 7+)
In config/initializers/devise.rb:
Devise.setup do |config|
config.responder.error_status = :unprocessable_entity
config.responder.redirect_status = :see_other
end
Ensure responders gem version >= 3.1.0.
Testing
RSpec Setup
In spec/support/devise.rb:
RSpec.configure do |config|
config.include Devise::Test::ControllerHelpers, type: :controller
config.include Devise::Test::ControllerHelpers, type: :view
config.include Devise::Test::IntegrationHelpers, type: :feature
config.include Devise::Test::IntegrationHelpers, type: :request
end
Usage:
sign_in user
sign_out user
Minitest Setup
class ActionDispatch::IntegrationTest
include Devise::Test::IntegrationHelpers
end
Additional Guides
- OmniAuth setup: See references/omniauth.md
- API authentication: See references/api-auth.md
- Advanced patterns: See references/advanced.md
Weekly Installs
5
Repository
shoebtamboli/ra…e_skillsGitHub Stars
4
First Seen
Feb 17, 2026
Security Audits
Installed on
opencode5
gemini-cli5
github-copilot5
amp5
codex5
kimi-cli5