User Authentication and Authorization

Learn to set up the Rails app for user authentication and authorization.

We’ve gotten quite far in our example without adding a user model to it, which we’ll rectify now.

We need to get users and passwords into the system without spending too much time in the setup weeds, so we can focus our attention on the security issues that having users causes. To do that, we use the Devise gem for basic user authentication and focus on using Devise as part of our security and testing goals.

Installing Devise

Devise is a big, multifaceted gem, and we’ll only be scratching the surface of what it can do. It handles all kinds of login needs, including confirmation emails, password changes, “remember me” cookies, and much more. First up, we need to put it in the Gemfile:

gem "devise"

At the time of writing, the version of Devise was 4.4.1. The latest version is 4.8.1.

After we install the gem with bundle install, we need to take two-generation steps. The first is the general installation of the Devise setup:

Get hands-on with 1200+ tech skills courses.