Thursday, September 22, 2016

Exploring Devise, Part 1

Exploring Devise, Part 1

In some of my previous articles about image uploading in Rails, I made mention of Devise but did not go deep into it. In this tutorial, I will be teaching you about Devise.

Ready? Let's get started!

Devise Introduction and Modules

Devise is an authentication solution for Rails built with Warden and provided by the awesome people at Plataformatec. Devise provides different modules:

  • Database Authenticatable: This encrypts and stores a password to the database to validate the authenticity of a user while signing in.
  • Omniauthable: This attaches OmniAuth support to Devise. Users of your application will be able to sign in using accounts such as Facebook, Twitter, and Google.
  • Confirmable: This enables the sending of emails with instructions that will help in the verification of an account.
  • Recoverable: This module helps in times when users forget their password and need to recover it. With this, the user will be able to reset the password.
  • Registerable: This handles the signup of users. It also allows users to edit and delete their accounts.
  • Rememberable: This module makes it possible for your application to remember a logged-in user by storing a cookie.
  • Trackable: This module helps track sign-in count, timestamps, and IP address.
  • Timeoutable: This module is responsible for expiring a session that has not been active for a period of time.
  • Validatable: With this module, email and password get to be validated.
  • Lockable: This provides an extra layer of security—when activated, an account can be locked after a given number of failed sign-in attempts.

Devise Integration

For the purpose of this tutorial, we are going to generate a Rails application that we'll use to check out the workings of Devise. Let's proceed!

rails new devise-app -T

The -T flag tells Rails to generate the application without the default test suite. Navigate to your application directory and drop the following gems into your Gemfile.

Now install the Devise and Bootstrap gems you just added.

bundle install

Rename your app/assets/stylesheets/application.css file to app/assets/stylesheets/application.scss and add the following lines in it:

Open up the app/assets/javascripts/application.js file and require bootstrap-sprockets. Mine looks like this:

Next, you need to run the Rails command to install the configuration files for Devise. You do so by running this command:

rails generate devise:install

The command generates the following on your terminal. You should read it to understand what happened.

The command also generates two files, which you can find in the config directory. It also gives us some instructions on what we should do.

Navigate to your application layout, app/views/layouts/application.html.erb, and make it look like what I have below:

You need to define the default URL options for your development environment. Add the code below in config/environments/development.rb.

Now you need to create a User model for Devise. You can do so using your terminal.

rails generate devise User

This will generate a user.rb file in your app/models directory. The file generated will look like this:

You can see that it contains the default modules I mentioned above. The command you ran also modified your config/routes.rb file by adding a route for devise. You should check that out.

At this point, you need to migrate your database. You do so by running: 

rake db:migrate

Authentication Using Devise

Now you need to create a PagesController and wrap Devise authentication around it—this will prevent unauthorized persons from seeing the page.

rails generate controller Pages index

Open up your routes file and set the root of your application.

Open up your PagesController and add authentication for your index and new pages.

The code shows that the index and new pages are accessible only to registered users. Open up your terminal and start your rails server. Point your browser to http://localhost:3000 and you will automatically be redirected to the Devise sign-in page.

Signing in Without Using Email

The default means of signing into Devise involves the use of email address and password. What if you want to enable users to sign in with their unique username? If that is what you want, it is possible. Let's see how.

Run the command:

rails generate migration AddUsernameToUSers username:string

This will add a new column for username in your users table. Migrate your database.

rake db:migrate

You need to add a field to your views where your users can enter their username. When you go to your app/views directory, you will not find any file that renders the Devise views. This is because Devise loads the views from its gemset. To customize it, you have to generate copies of the views. The command below does the magic.

rails generate devise:views

This will generate some folders and files in your app/views directory.

You will need to edit the page for signing in, signing up, and updating user information. Just paste the blocks of code below into their respective files.

Sign-Up

Edit

Sign-In

Using your text editor, navigate to app/controllers/application_controller.rb. You need to modify it to permit the use of username. Modify it to look like this:

Now a user can sign in with his/her username. At this point there is something not right about your application. When a user signs in, there is no way of signing out. This does not result in a great user experience. I'll show you how to fix that.

From your terminal, create a new directory called shared in your app/views folder.

The file you created above is a partial where the code for your navigation bar will be written. Drop in the following code.

Now you need to render the navigation bar in your application layout. Open up app/views/layouts/application.html.erb and drop in the code to render your navigation bar.

Conclusion

In this part you learned how to install Devise and add authentication to your pages. I also made mention of a partial. I will cover that in a separate tutorial. 

In the next part, we will cover some areas more advanced than this. I hope this was worth your time!


No comments:

Post a Comment