Rails uses devise to authenticate users

Source: Internet
Author: User
Tags mail account
1. install and configure devise

Add a line in gemfile:

gem 'devise'

After running the bundle install, install devise to the project:

rails generate devise:install

Create a verified user model, which is usually named "user" or "other names:

rails generate devise userrake db:migrate

View the user. RB File Created by devise in the models Folder:


The devise method is from devise gem. database_authenticatable and registerable modules are enabled by default. The comments section lists that other modules are not enabled by default and can be enabled as needed according to the devise document.

Attributes defined by attr_accessible can be used by create and update_attributes. Attributes not defined here will cause the mass-assignment exception of the two methods.

View the route file routes. RB. Devise gem added the following to the route file when creating the model:

devise_for :users

Run rake routes to view the URL created by devise:


Note: The account logout and user logout methods provided by devise GEM are the default Delete method. This URL design often leads to encoding errors, but it does comply with the restful specification. Pay attention to this.
Register the login code on the webpage (above the yield statement in application.html. ERB ):


When the rails server starts the server, you can view the registration logon page:



2. Common methods provided by devise

A. authenticate_user !, Used to verify whether a user logs in.

before_filter :authenticate_user!

In addition, if the devise model you created is called admin, the method is authenticate_admin !, The following methods are the same. This is another trick Ruby is playing.

B. user_signed_in ?, Are there login users currently?

C. CURRENT_USER, get the current Login User

D. user_session, user session, similar to session, is also a hash table that can be used to save user-specific data.

E. after_sign_in_path_for and after_sign_out_path_for specify the Redirection URL after the user logs in or out.


3. Custom views

Devise gem provides sufficient functions for user verification. However, the view provided by devise gem is not too simple. To customize a view, copy the default view of devise to the rails project:

rails generate devise:views


This command copies views of devise to the app/views directory of the project and classifies them into multiple folders. Modify the required view template to change the corresponding interface.

4. Custom Controller

A. If you need to customize the controller, such as devise: sessioncontroller:

class Admins::SessionsController < Devise::SessionsControllerend

B. Update the configuration in the routing file routes. RB to notify devise to use the new controller.

devise_for :users, :controllers => { :sessions => "admins/sessions" }

C. after the controller is updated, views under APP/views/devise/sessions will not be used again. Therefore, you need to copy these views to APP/views/admins/sessions, or create a new view in the directory.

5. Confirm by email

If you need more secure registration verification, you can use the mail confirmation method.

First, modify the user. RB file to enable the confirmable module of devise:


Add the following fields to the users table:

rails g migration add_confirmable_fields_to_users


New users confirm by email. Therefore, you need to change the environment configuration of rails. The environment configuration of rails is in config/environments/xxx. RB file. XX indicates develepment/test/production. The configuration options of the three files are similar. The following uses the production environment as an example to open config/environments/production. RB, add the following before the end:


To configure the mail account, rails recommends using the mail service such as Mandrill during production. Here, the Gmail account example is used for simplicity.

Add the SMTP configuration in the file. The newly added content is as follows:


Finally, modify the devise. RB file.

config.mailer_sender = "replyme@126.com" 

Now, when the new user new@test.com is registered, it receives a confirmation message from: your_gmail_username@gmail.com, to: new@test.com, reply_to: replyme@126.com, which contains a link pointing to the user activation address. You can click this link to activate your account before logging on to the website.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.