#209 Devise (revised)
Jul 06, 2012 | 8 minutes | Plugins, Authentication
Devise is one of the most popular authentication plugins for Rails. Here I show how to set it up with a User model and configure the modules, views, routes, and more.
-
watch on iTunes
-
follow on Twitter
-
follow on Facebook
-
subscribe to RSS feed
How do you make it so when they edit their profile they don't need to put in their password to save changes? I have tried looking around to no avail for some time.
There is a pretty good writeup in the devise wiki: https://github.com/plataformatec/devise/wiki/How-To:-Allow-users-to-edit-their-account-without-providing-a-password
It's straight-forward, and I can confirm it works.
Thanks!
In your model you can do something like this
validates_presence_of :password, :on => :createSorry. Didn't fully understand your question. Answered prior to watching episode. ><
Every time I've tried Devise, I've run into some sort of use-case that it doesn't handle. My typical workflow was to waste lots of time trying to configure Devise to fit my app, then rip it out.
Now I do authentication from scratch every time.
For me, lower-level abstractions like 'has_secure_password' work perfectly. Devise not so much.
I agree with this 100%. While I'm sure many will find Devise great (and Ryan's screen cast to back it up), I myself find that authentication is so easy in Rails that I just don't need Devise.
And the has_secure_password works great.
lol. On a different note...anyone here ever do the same time with Spring and Java? OMG what a chore.
I have to agree with Andy. I have had to fight Devise a lot more than I would like to and therefore, I tried Sorcery for my current project. So far, it is working out great and it stays out of my way when I don't need it. Ryan has a screencast on it. Check it out.
Link for the lazy
I'm tending to agree after my initial relooks at Devise. I liked how Sorcery is very non invasive. However, it doesn't seem to be as fully functional out of the box. There's a bit more configuration work to be done with it (not always a bad thing).
Agreed about Devise. It gave me a super quick setup that I almost immediately needed to modify. I'll be taking a look at Sorcery next.
I'm wondering if the encrypted password that Devise uses is more secure or equally as secure as the salted password that Sorcery users. The last thing that I would want to happen is to be a repeat of what LinkedIn recently faced. Any thoughts?
what would be the best strategy to combine it with e.g. omniauth-facebook?
I think this might be what you're looking for: https://github.com/plataformatec/devise/wiki/OmniAuth%3A-Overview
Devise is really great as are all Ryan's episodes. But I don't believe that everyone uses only this type of authentication/user management (database stored). What about LDAP for enterprise deployments? Any good gem for LDAP backed user/group database?
Try OmniAuth with the LDAP strategy: https://github.com/intridea/omniauth-ldap
https://github.com/cschiewek/devise_ldap_authenticatable
Thank you guys. Both seem promising.
Devise has been great for me. I am now looking to start authenticating into the devise powered web app I have built from a Native iOS app. Any guidelines, resources or best practices on this sort of integration?
I'm looking to do the same thing.. have you found any best practices for this?
kind of answered my own question: this looks promising but have not validated it. http://jessewolgamott.com/blog/2012/01/19/the-one-with-a-json-api-login-using-devise/
Anyone else have this issue?:
undefined method `user_signed_in?' for #<#Class:0x007f146c06a3d8:0x007f146c067700>
I'm sure I've done something wrong but...what?
I got the following error: /blog/app/views/layouts/application.html.erb:16: syntax error, unexpected ':', expecting ')'
...royuser_session_path, method: :delete);@output_buffer.safe...
basically -- the app doesn't like the following line:
<%= link_to "Logout", destroy_user_session_path, method: :delete%>
specifically, does not like "method: :delete" -- remove those, it loads but then errors because the controller isn't found.
You have this:
<%= link_to "Logout", destroy_user_session_path, method: :delete%>Try this instead:
<%= link_to "Logout", destroy_user_session_path, method: :delete %>You might want to use stackoverflow for help with these questions in the future. You'll probably get a faster and more helpful response.
I learned more in those 9 minutes than in any other 9 minutes i can recall.
After logging into https://myapp.com using devise, it does not recognize https://www.myapp.com (it shows login page) . Any ideals?
Can you update this video again? The version of devise used in this video isn't easily compatible with Rails 4.
Thanks!
First sign in through GitHub to post a comment.