DEV Community

Discussion on: Is going for Devise for user authentication a good choice for a first Rails app or should I write it from scratch?

Collapse
guledali profile image
guledali • Edited on

I don't think I'm qualified to answer but here in some of my input

This is my personal opinion if you look at any gem and viewing the source code and you don't understand how it works. I think you're better of building your own or finding another gem that is easier to understand. The reason why I say this most often you will have to go back to the code and and tweak it, you may have to add feature on top of it and if you don't understand the underlying code then there is a problem. Just imagine yourself if a client comes up tomorrow with different requirements and request you to build something of top of that gem maybe extending the functionality

Going back to your original question about using devise, my follow up question is have you ever build your own auth before? It's surprisingly easy in rails with has_secure_password and the session method in the controller you could easily build your own in hour or even less.

What I do like about the devise gem it gives you a lot of nice helpers that you can use in your testing. I would probably recommend building your own and make sure you write some integration test as well.

Collapse
cristiano profile image
cristiano Author

Thanks guledali, appreciate your comment.

I ended up doing both to test it out. Writing my own implementation seems to be fast initially but it seems Devise comes with a lot of other useful features out of the box like email confirmation, password recovery and more.

For someone looking to get something going I think it's best to go with Devise if someone if trying to learn how auth works like Robert mentioned its worth doing one from scratch.

I guess these sort of questions are difficult to answer without giving it a try ourselves! Appreciate you taking the time to help out. 🙏

Collapse
guledali profile image
guledali

Yeah devise gives you the whole setup of-the-box, in all fairness you could still rebuild all that like email confirmation with action-mailer. I don't know this process on top of my head, has been a while ago but I recommend checking out the Michael Hartl railstutorial, it goes through much of that process really well, it used to be free. Just make sure you know what's happening behind the scenes because I would certainly avoid devise if I never build auth before.

One thing that this conversation has convinced me, is that rails should at this point really ship with some authentication helpers. A bit surprisingly that they ship with ActionText, it's not something that belongs in most apps, it's more suited if your are building a blog engine

Thread Thread
cristiano profile image
cristiano Author

Yeah that’s a good observation, it does include ActionText but no authentication helpers. Perhaps there’s a reason behind it, authentication could have different layers of complexity and maybe creating a convention for might not be that straight forward?

Thanks for the suggestion. I did read Hartl’s book last year cover to cover, super helpful!

I mean I do understand anything can be built from scratch in fact I have built an account creation system years ago in PHP and it is a great learning experience but it also shows how many things need to be taken into account and how much effort needs to be put into it. ReallY grateful these libraries exist otherwise it would take a long time until anything gets shipped. 😂