So if you know me or have been following my work and/or blog, you probably know that I have been building a few sites for some small businesses. In order to create a way for the site owner of one of these sites to update upcoming events, etc. without having to go through me, I have decided to build an accessible backend for a site which is currently operating as a frontend-only site (feat. a good deal of hardcoding).
I am building that backend with Ruby on Rails using a Postgres database. I decided to add authentication so that the site can be login-able (meaning, something that can only be accessed via password by a user that is meant to have access) and, to accomplish this, I decided to use Devise.
So what is Devise? Devise is a gem (or package) that makes authentication super easy. There's a lot that makes Devise cool, but one of the best things about Devise is that it has bcrypt built in! This means that it will salt and hash passwords for you!
For those of you who don't know what that means: when a password is "salted" a unique and random string of additional characters is added to the given password. When the password is "hashed", all of those characters (both given and added during salting) are scrambled and converted into an indecipherable new string that cannot be converted back. NB: The addition of the "salt" is what would differentiate the passwords of two users who both chose "password" as their password, for example. When a user logs in, the site is able to compare the value of the entered password to the saved salted and hashed password to validate the password.
But while that's all awesome, my favorite thing about Devise is how much it does for you while being so simple to use! You generally want to add Devise immediately upon generating the application and, by simply by adding
gem 'devise' to your Gemfile, running
bundle install (or
bundle update if you already have Devise on your machine), and then running
rails g devise:install, you can add Devise to your application. You'll note that there is now a
devise.rb file in your
config/initializers folder and in your
config/locales folder, there is a
devise.en.yml file, which holds all of the notifications that Devise will use. (More things have been generated, but at this time, these are the two changes that you can actually see.)
config/routes.rb, add a root route, such as:
root to: "home#index"
<p class="notice"><%= notice %></p> <p class="alert"><%= alert %></p>
to add flash messages.
You can then generate your users by running
rails g devise user. This will generate a migration for you, as well as a model, and routes (in
config/routes.rb, you'll now notice
devise_for :users)! Run
rails db:migrate to migrate the database.
Now, if you recall, I was mentioning how much Devise does for you. If you start up your server and check out your routes, you'll see a bunch there! Follow one of those and you'll even see a view that already exists for you! And believe it or not, we already have working signup, flash messages, etc. Crazy, right?!
But in order to give us access to all of those things we saw in our routes, we're going to want to generate our views as well. So popping back over to our terminal, we can run
rails g devise:views and that will add an
app/views/devise folder! Now we can access and edit those views.
And like I said before, Devise does a lot for you and that includes giving you access to built-in helper methods, like
current_user (which returns the Current user object) and
user_signed_in? (which returns either
false depending on if user has been signed in and a session exists for them).
This is just an intro to Devise and what it can do for you, and I wanted to share it with you since I think it's so great and handy! I'm very happy to be using it again for this project and, should you find yourself using Devise on a project at some point in the future, I hope that you enjoy it too!