- Install Devise in a Rails app (after making sure it is in your Gemfile):
$ rails g devise:install
- Generate standard Devise models:
$ rails g devise User
- Generate standard Devise views:
$ rails g devise:views
- Enforce strong parameters
The following lines needs to be copied in the ApplicationController
, so that no additional params are passed in Devise fields:
#app/controllers/application_controller.rb
class ApplicationController < ActionController::Base
protect_from_forgery with: :exception
before_action :sanitize_devise_params, if: :devise_controller?
def sanitize_devise_params
devise_parameter_sanitizer.permit(:sign_up, keys: [:username, address:[:city, :postcode]])
end
end
Main source: Sitepoint tutorial
- Set devise mailer: in
config/initializers/devise.rb
, update the value ofconfig.mailer_sender
, to have mails sent from a custom address. To visualise emails in the local server in development:
#config/environments/development
config.action_mailer.default_url_options = { host: 'localhost', port: 3000 }
- Edit modules in the User model. Some lines might need to be uncommented in the migration file.
- Set up mailer for Heroku production use, with Sendgrid add-on, you only need to add the following lines in
config/production.rb
replacing 'your-domain.com' by the appropriate domain name:
config.action_mailer.perform_caching = false
config.action_mailer.raise_delivery_errors = true
config.action_mailer.delivery_method = :smtp
host = 'your-domain.com'
config.action_mailer.default_url_options = { host: host }
ActionMailer::Base.smtp_settings = {
:address => 'smtp.sendgrid.net',
:port => '587',
:authentication => :plain,
:user_name => ENV['SENDGRID_USERNAME'],
:password => ENV['SENDGRID_PASSWORD'],
:domain => 'heroku.com',
:enable_starttls_auto => true
}
To set up a controller with user authentication, just add this before_action (assuming your devise model is 'User'):
before_action :authenticate_user!
Devise helpers to control whether users are signed in:
- To verify if a user is signed in, use the following helper:
user_signed_in?
- To get the currently signed in user:
current_user
- To access the session for this scope:
user_session
Devise standard routes names can be customised thanks to the helpers devise_for
and devise_scope
(details in the helper doc):
#config/routes.rb
devise_for :users, path: 'auth', path_names: { sign_in: 'login', sign_out: 'logout', password: 'secret'}
If additional customisation is needed, use devise_for
to skip the relevant controllers, and devise_scope
to define your routes:
#config/routes.rb
devise_for :users, skip: [:registrations, :sessions]
devise_scope :user do
get 'inscription', to: 'devise/registrations#new', as: :new_user_registration
post 'inscription', to: 'devise/registrations#create', as: :user_registration
get 'profil/editer', to: 'devise/registrations#edit', as: :edit_user_registration
post 'profil/editer', to: 'devise/registrations#update', as: :users_edit
get 'login', to: 'devise/sessions#new', as: :new_user_session
post 'login', to: 'devise/sessions#create', as: :user_session
delete 'logout', to: 'devise/sessions#destroy', as: :destroy_user_session
end