#209 Devise (revised)
Jul 06, 2012 | 8 minutes | Plugins, Authentication
Devise is one of the most popular authentication plugins for Rails. Here I show how to set it up with a User model and configure the modules, views, routes, and more.
- Download:
- source code
- mp4
- m4v
- webm
- ogv
How do you make it so when they edit their profile they don't need to put in their password to save changes? I have tried looking around to no avail for some time.
There is a pretty good writeup in the devise wiki: https://github.com/plataformatec/devise/wiki/How-To:-Allow-users-to-edit-their-account-without-providing-a-password
It's straight-forward, and I can confirm it works.
Thanks!
In your model you can do something like this
validates_presence_of :password, :on => :createSorry. Didn't fully understand your question. Answered prior to watching episode. ><
Every time I've tried Devise, I've run into some sort of use-case that it doesn't handle. My typical workflow was to waste lots of time trying to configure Devise to fit my app, then rip it out.
Now I do authentication from scratch every time.
For me, lower-level abstractions like 'has_secure_password' work perfectly. Devise not so much.
I agree with this 100%. While I'm sure many will find Devise great (and Ryan's screen cast to back it up), I myself find that authentication is so easy in Rails that I just don't need Devise.
And the has_secure_password works great.
lol. On a different note...anyone here ever do the same time with Spring and Java? OMG what a chore.
I have to agree with Andy. I have had to fight Devise a lot more than I would like to and therefore, I tried Sorcery for my current project. So far, it is working out great and it stays out of my way when I don't need it. Ryan has a screencast on it. Check it out.
Link for the lazy
I'm tending to agree after my initial relooks at Devise. I liked how Sorcery is very non invasive. However, it doesn't seem to be as fully functional out of the box. There's a bit more configuration work to be done with it (not always a bad thing).
Agreed about Devise. It gave me a super quick setup that I almost immediately needed to modify. I'll be taking a look at Sorcery next.
I'm wondering if the encrypted password that Devise uses is more secure or equally as secure as the salted password that Sorcery users. The last thing that I would want to happen is to be a repeat of what LinkedIn recently faced. Any thoughts?
what would be the best strategy to combine it with e.g. omniauth-facebook?
I think this might be what you're looking for: https://github.com/plataformatec/devise/wiki/OmniAuth%3A-Overview
Devise is really great as are all Ryan's episodes. But I don't believe that everyone uses only this type of authentication/user management (database stored). What about LDAP for enterprise deployments? Any good gem for LDAP backed user/group database?
Try OmniAuth with the LDAP strategy: https://github.com/intridea/omniauth-ldap
https://github.com/cschiewek/devise_ldap_authenticatable
Thank you guys. Both seem promising.
Devise has been great for me. I am now looking to start authenticating into the devise powered web app I have built from a Native iOS app. Any guidelines, resources or best practices on this sort of integration?
I'm looking to do the same thing.. have you found any best practices for this?
kind of answered my own question: this looks promising but have not validated it. http://jessewolgamott.com/blog/2012/01/19/the-one-with-a-json-api-login-using-devise/
Anyone else have this issue?:
undefined method `user_signed_in?' for #<#Class:0x007f146c06a3d8:0x007f146c067700>
I'm sure I've done something wrong but...what?
Old thread as well, but perhaps this:
https://groups.google.com/forum/#!msg/plataformatec-devise/XFFrt4Gm-J4/NmEbV1rr8WcJ
could help you...
Short:
If you call your devise model differently (not "User" but "MyUser" for example) you have to make use of
my_user_signed_in?
resp.
current_my_user_registration_path etc. as in
I got the following error: /blog/app/views/layouts/application.html.erb:16: syntax error, unexpected ':', expecting ')'
...royuser_session_path, method: :delete);@output_buffer.safe...
basically -- the app doesn't like the following line:
<%= link_to "Logout", destroy_user_session_path, method: :delete%>
specifically, does not like "method: :delete" -- remove those, it loads but then errors because the controller isn't found.
You have this:
<%= link_to "Logout", destroy_user_session_path, method: :delete%>Try this instead:
<%= link_to "Logout", destroy_user_session_path, method: :delete %>You might want to use stackoverflow for help with these questions in the future. You'll probably get a faster and more helpful response.
OK, kind of old thread, but I just have run into this as well.
It seems to be the 1.9 ruby syntax for Hashes.
Use
:method => :delete
instead of
method: :delete
if you are still on ruby 1.8.x
I learned more in those 9 minutes than in any other 9 minutes i can recall.
After logging into https://myapp.com using devise, it does not recognize https://www.myapp.com (it shows login page) . Any ideals?
Can you update this video again? The version of devise used in this video isn't easily compatible with Rails 4.
Thanks!
Hi Ryan,
Any plan on updating the video on how to use devise with Rails 4? Or a small addition of code snippets to this episode?
Thank You.
Agreed!
The devise github readme has a good explanation of how to handle strong parameters with devise in Rails 4.
Hi, How I can do to make sign_in root is the main route from my app?
Did you figure this out? It is quite easy. If I am understanding what you are asking correctly, a simple change in the routes.rb file should do it.
Are you planning on doing a video that shows how to both use the User authentication as well as a separate Admin Auth that can manage all the Users that exist within the database?
I would like to see this too.
No route matches “/users/sign_out” devise rails 3
Solved by :
http://stackoverflow.com/questions/6557311/no-route-matches-users-sign-out-devise-rails-3
Hi
I have a problem with devise. Im trying to login on a custom page of my site and this redirected to the devise login page.
Im seeing into my log file and there are a line: Completed 401 Unauthorized in 2ms.
Also, I have this into my controller app file:
before_filter :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) << :email
devise_parameter_sanitizer.for(:sign_in) << :email
end
My log file shows this:
Started POST "/users/sign_in" for 127.0.0.1 at 2014-01-11 17:39:38 -0500
Processing by Devise::SessionsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"EoIQQ/IFKP4dtaTgb5IPYJulXSIHdT3lTtE4D5viT2o=", "user"=>{"email"=>"myemail@gmail.com", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"Sign in"}
Completed 401 Unauthorized in 2ms
Processing by Devise::SessionsController#new as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"EoIQQ/IFKP4dtaTgb5IPYJulXSIHdT3lTtE4D5viT2o=", "user"=>{"email"=>"myemail@gmail.com", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"Sign in"}
Rendered devise/shared/_links.erb (1.0ms)
Rendered devise/sessions/new.html.erb within layouts/application (8.0ms)
Completed 200 OK in 139ms (Views: 25.0ms | ActiveRecord: 0.0ms)
I hope you can help
Hi, I would you someone can help me.
Im using devise with Rails 4 and im getting an error in my log file trying to sign in.
Unpermitted parameters: password, remember_me
I have this code in my app controller:
class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception
before_filter :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:email, :password, :password_confirmation, :username) }
end
end
Hope you can help me. Thank you!
I like to change the devise to es.yml
and
any idea on how to use my on layout view for the sign in
Changing Authentication Fields is not working with Rails 4 and Devise. May be it's due to attr_accessible. What should I replace it with and why?
Same issue for me.
Edit:
It is a relatively simple fix for rails 4 due to the lack of attr_accessible.
Hi guys,
Is there a way to use LDAP to authenticate users without them keying in Login credentials. i.e the Rails Application should fetch windows domain and should match it with the details in Active directory and allow the user into the application if its a valid Active Directory entry. I am able to login using username password. but nnow trying without username password.
Thanks in advance
if you get
method_missing': undefined method `attr_accessible' for User (call 'User.connection' to establish a connection):Class (NoMethodError)
it may be fixable by installing the "protected_attributes" gem.