All threads / User Authentication with Devise | GoRails
Ask A Question


You’re not receiving notifications from this thread.

User Authentication with Devise | GoRails

Chris Oliver asked in General

This was a good video. Thank you. I am currently implementing Devise with a Rails JSON API but this gave me a good foundation.

@N8Guard I'm in the same situation. Are you able to share any info on how you implemented it?

Anthony Candaele ·

Good video. Are there scenarios where you would roll out your own authentication system instead of using Devise?

Plenty of cases, but most of those revolve around building out a very custom onboarding flow. Most of the time (including OAuth) is handled well enough with Devise.

Anthony Candaele ·

I see, thanks for your reply


Excelente muchas gracias por el video :)

This was an excellent episode Chris!

If you are intending to use an authorisation gem such as cancancan or pundit then the the other videos use 'rails generate devise User role'. Save you a couple of clicks going back to see.

The form-group class that is added doesn't render my form as Bootstrap at all :( hmm

Here is a link to the forum post where I shared links to my Gist code to Bootstrap the Devise views.

icsvortex666 ·

Hey Chris, I saw an old post from your blog about devise session sharing between subdomains (different apps?), do you know how to achieve this with rails 4?
Thanks :)

If you're authenticating between different apps, then you want them to share the same secret key. The cookie_store is signed with that key (I believe) so you would simply want to modify both apps to use the same SECRET_TOKEN in your application.yml files in production. That should do the trick (along with setting the domain on the cookies in the other post you mentioned).

Jon Yorg ·

Great video. I have a question about 'correct users'. Let's say the user who submitted the book could also edit their submission. However we would only want this user to edit it and not other users. Does devise have a way to handle correct users - or would we need to create our own?

They way you could solve the authorization problem is by updating your Edit/Update/Destroy actions to use current_user.books.find() instead of Book.find(). That will scope it to only the ones that user owns so they cannot edit other user's books.

Jon Yorg ·

Thanks Chris. Would it be best practice to place this in a before_action method? =>

def correct_user
unless current_user.books.find_by_id(params[:book_id])
flash[:warning] = "You didn't post this"
redirect_to root_path


Yeah that's what I would do. Remember to have this only: [:edit, :update, :destroy] so that it doesn't override your show action's lookup which is normally set in a before_filter as well.

Vishal Deepak ·

can you instruct me if I need to create two devise models . Basically in my app there are 2 users. One are typical users that ask questions and the other are expert users that answer the questions posted by the typical users. The expert users account can only be created with approval from developers/admin? I posted a question on stackoverflow -

Awesome video. Very clear and easy to follow. Thanks much!

am trying to set up a simple blog with devise.How can i restrict users from editing the profiles of other users. so mush so that if the try something users/edit.3, there will be redirected to somewhere with flash message. Thanks

I have used Devise for authentication and it worked fine with one devise User model.
Now, I have 2 to 3 User models using 2 or 3 separate Devise functionalities.
I have having a problem with the update functionality of the second Devise. The original first one works well, but for the second one, I get this error when I click on "update" after updating the user's profile parameters:
The action 'update' could not be found for User2Controller

What does that normally mean?

Hi Chris. Any indications/directions on how to turn the edit profile into a modal like on gorails website? Best

Nothing too special, just toss them in a Bootstrap modal and that's it. :)

thkss Chris. but may be this is worth a video. i could see the question hanging here and there on the web. sign_in, register and edit user details. personally i guess i am close to the solution in my implementation but for any reason, edit modal form is not submitting. not sure if due to error in javascript or else. will find out but a nice tutorial could help subscribers.

It would been great if we could know how the alert message gets auto removed from the screen?

thisiswhy1called ·

simple procedure attempts!

Join the discussion

Want to stay up-to-date with Ruby on Rails?

Join 70,337+ developers who get early access to new tutorials, screencasts, articles, and more.

    We care about the protection of your data. Read our Privacy Policy.

    logo Created with Sketch.

    Screencast tutorials to help you learn Ruby on Rails, Javascript, Hotwire, Turbo, Stimulus.js, PostgreSQL, MySQL, Ubuntu, and more. Icons by Icons8

    © 2023 GoRails, LLC. All rights reserved.