User Authentication and Authorization System in Minutes with Devise

You may be considering a full authentication solution for your Ruby on Rails app. Well, what if I told you can create an entire MVC setup for user authentication by just installing a gem?

That’s right! By using the Devise gem you can get an entire system for User login/signup features (and much more!) by simply typing in some rails generator commands. You can have this done immediately after you start a new app doing rails new. This blog will exhibit how to get started using Devise and some of the commands you can enter to see all of the manual code you’ve been writing, written for you automatically!

As usual, begin with the standard way of installing gems: add gem ‘devise' to your Gemfile. Next, run bundle install and enter the installer command: rails generate devise:install. This will prompt additionally setup that is highly recommended and explains what each step will do:

To briefly describe the steps: The first step enables the Rails app to send emails. Second, it wants to make sure you have your root url setup, like this:

Third, you can copy and paste those lines into app/views/layouts/application.html.erb to display error messages when users enter invalid inputs. Fourth, generate the Devise views folders/files that you can use and customize. Look at what typing rails g devise:views in the terminal creates for you:

If you wish not have all these folders generated for you and only want specific ones you may choose to do so (example: rails g devise:views -v registrations confirmations). So far it seems as if Devise creates all of these things and enforces certain functionality upon your app. You may feel you don’t have a say in the matter but truth is Devise is highly customizable. However, you would have to do a lot of reading of the main documentation with additional research to form Devise to your desire. A large number of settings can be found in the config/initializers/devise.rb file that gets created when you install Devise. In this file, you can make a lot of changes to suit your liking. For instance, config.unlock_in = 1.hour will determine how long it will take for an account to be unlocked if they are locked out. Another example, config.confirm_within = 3.days sets the time for how long a user has to activate his/her account by an email link. There’s many settings to check out but as previously mentioned it requires additional knowledge to fully take control of Devise.

At this point you can create a controller and give it the home action that was prompted earlier in your routes.rb file. You can now run rails s and go to localhost:3000 in your browser and you will now see:

This is because Devise will write out all that nice code for you in each of the views file you generated, so you won’t have to! (you can make whatever changes you like to the views to fit your style).

Since this is a rails new, we don’t have a User model yet. Devise can take care of that for you by entering rails g devise User. You can run rails routes here to see all of the routes that this one generation created for you:

You can write out rails db:migrate and restart the rails server and you will now have a working app that has sign-in/sign-up capabilities. Yep! Just install the gem and input a couple lines of code and Devise will create a simple User login/logout structure for your app.

Devise will also create the helper methods we write out to authorize users when you generate the model. Look familiar?

With Devise you don’t have to write out this code for your User model (if you don’t name your model ‘user’ you can just replace the parts ‘_user’ with whatever your model name is to use the helper methods). For instance, we can invoke the :authenticate_user! method to require a logged in user access to whatever pages you like:

Additionally, the current_user helper:

As well as the user_sign_in? method you can write in your views/layouts/application.html.erb


The User model generation comes with a total of 10 modules you can set or remove to add additional attributes to your user migration. One example is :trackable will log tracking information about the user’s login times, number of logins, etc. A comprehensive list can be found on the Devise docs.

There’s a ton Devise can do. Devise has a plethora of models, controllers, views, routes, classes, and more that you can utilize. In fact,’s lesson on Devise describes this gem as a rails app within a rails app (Railsception?!), you can look at the lesson here (and see one of my favorite memes being used).

To conclude, Devise is great and so far it’s one of my favorite gems I’v uncovered throughout my Ruby on Rails journey. Having said that, I wouldn’t suggest using Devise for your first Rails app/project. Simply due to the notion it’s extremely vital for you as a developer to understand what’s going on “under the hood”. Yes, Devise can write all of that nice code for the typical auth helper methods and provide boilerplates for a ton of forms with one line of code. HOWEVER, what good is that actually doing you if you don’t know whats happening and when its happening? Devise is excellent but extremely complex and frankly requires in-depth knowledge of the Rails framework to utilize its potential. That’s why I highly encourage you to read the official Devise documentation before you start using it. This blog won’t do you justice if you want to gem install Devise after reading this. I just wanted to introduce the Devise tool and show some of the power it contains. Thank you for reading and below are some really helpful links on Devise.


Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store