Skip to content

Instantly share code, notes, and snippets.

@romchambe

romchambe/devise_setup.md

Last active April 27, 2018 10:53
Show Gist options
  • Save romchambe/8dececd3f5cde87a3a029d95c4d85d8d to your computer and use it in GitHub Desktop.
Save romchambe/8dececd3f5cde87a3a029d95c4d85d8d to your computer and use it in GitHub Desktop.
Download ZIP
Raw
devise_setup.md

Setup

  1. Install Devise in a Rails app (after making sure it is in your Gemfile): $ rails g devise:install
  2. Generate standard Devise models: $ rails g devise User
  3. Generate standard Devise views: $ rails g devise:views
  4. Enforce strong parameters

Enforcing strong parameters

The following lines needs to be copied in the ApplicationController, so that no additional params are passed in Devise fields:

#app/controllers/application_controller.rb

class ApplicationController < ActionController::Base
  protect_from_forgery with: :exception

  before_action :sanitize_devise_params, if: :devise_controller?

  def sanitize_devise_params
    devise_parameter_sanitizer.permit(:sign_up, keys: [:username, address:[:city, :postcode]])
  end
end

Customise authentication and registration process

Main source: Sitepoint tutorial

  1. Set devise mailer: in config/initializers/devise.rb, update the value of config.mailer_sender, to have mails sent from a custom address. To visualise emails in the local server in development:
#config/environments/development
config.action_mailer.default_url_options = { host: 'localhost', port: 3000 }
  1. Edit modules in the User model. Some lines might need to be uncommented in the migration file.
  2. Set up mailer for Heroku production use, with Sendgrid add-on, you only need to add the following lines in config/production.rb replacing 'your-domain.com' by the appropriate domain name:
config.action_mailer.perform_caching = false

config.action_mailer.raise_delivery_errors = true
config.action_mailer.delivery_method = :smtp
host = 'your-domain.com'
config.action_mailer.default_url_options = { host: host }
ActionMailer::Base.smtp_settings = {
  :address        => 'smtp.sendgrid.net',
  :port           => '587',
  :authentication => :plain,
  :user_name      => ENV['SENDGRID_USERNAME'],
  :password       => ENV['SENDGRID_PASSWORD'],
  :domain         => 'heroku.com',
  :enable_starttls_auto => true
}

Restrain access to a controller's actions to logged in users

To set up a controller with user authentication, just add this before_action (assuming your devise model is 'User'):

before_action :authenticate_user!

Devise helpers to control whether users are signed in:

  • To verify if a user is signed in, use the following helper: user_signed_in?
  • To get the currently signed in user: current_user
  • To access the session for this scope: user_session

Change routes linked to Devise

Devise standard routes names can be customised thanks to the helpers devise_for and devise_scope (details in the helper doc):

#config/routes.rb
devise_for :users, path: 'auth', path_names: { sign_in: 'login', sign_out: 'logout', password: 'secret'}

If additional customisation is needed, use devise_for to skip the relevant controllers, and devise_scopeto define your routes:

#config/routes.rb
devise_for :users, skip: [:registrations, :sessions]
devise_scope :user do
	get 'inscription', to: 'devise/registrations#new', as: :new_user_registration
	post 'inscription', to: 'devise/registrations#create', as: :user_registration
	get 'profil/editer', to: 'devise/registrations#edit', as: :edit_user_registration
	post 'profil/editer', to: 'devise/registrations#update', as: :users_edit
	get 'login', to: 'devise/sessions#new', as: :new_user_session
	post 'login', to: 'devise/sessions#create', as: :user_session
	delete 'logout', to: 'devise/sessions#destroy', as: :destroy_user_session
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment