Skip to main content

User Authentication with Devise | GoRails

General • Asked by Chris Oliver

This was a good video. Thank you. I am currently implementing Devise with a Rails JSON API but this gave me a good foundation.

@N8Guard I'm in the same situation. Are you able to share any info on how you implemented it?
Thanks!


Good video. Are there scenarios where you would roll out your own authentication system instead of using Devise?

Plenty of cases, but most of those revolve around building out a very custom onboarding flow. Most of the time (including OAuth) is handled well enough with Devise.

I see, thanks for your reply

Anthony


Excelente muchas gracias por el video :)


This was an excellent episode Chris!


If you are intending to use an authorisation gem such as cancancan or pundit then the the other videos use 'rails generate devise User role'. Save you a couple of clicks going back to see.



The form-group class that is added doesn't render my form as Bootstrap at all :( hmm

Here is a link to the forum post where I shared links to my Gist code to Bootstrap the Devise views.

https://gorails.com/forum/b...


Hey Chris, I saw an old post from your blog about devise session sharing between subdomains (different apps?), do you know how to achieve this with rails 4?
Thanks :)

If you're authenticating between different apps, then you want them to share the same secret key. The cookie_store is signed with that key (I believe) so you would simply want to modify both apps to use the same SECRET_TOKEN in your application.yml files in production. That should do the trick (along with setting the domain on the cookies in the other post you mentioned).


Great video. I have a question about 'correct users'. Let's say the user who submitted the book could also edit their submission. However we would only want this user to edit it and not other users. Does devise have a way to handle correct users - or would we need to create our own?

They way you could solve the authorization problem is by updating your Edit/Update/Destroy actions to use current_user.books.find() instead of Book.find(). That will scope it to only the ones that user owns so they cannot edit other user's books.

Thanks Chris. Would it be best practice to place this in a before_action method? =>

private
def correct_user
unless current_user.books.find_by_id(params[:book_id])
flash[:warning] = "You didn't post this"
redirect_to root_path
end

end

Yeah that's what I would do. Remember to have this only: [:edit, :update, :destroy] so that it doesn't override your show action's lookup which is normally set in a before_filter as well.


can you instruct me if I need to create two devise models . Basically in my app there are 2 users. One are typical users that ask questions and the other are expert users that answer the questions posted by the typical users. The expert users account can only be created with approval from developers/admin? I posted a question on stackoverflow -http://stackoverflow.com/qu...


Awesome video. Very clear and easy to follow. Thanks much!


am trying to set up a simple blog with devise.How can i restrict users from editing the profiles of other users. so mush so that if the try something users/edit.3, there will be redirected to somewhere with flash message. Thanks


Hi,
I have used Devise for authentication and it worked fine with one devise User model.
Now, I have 2 to 3 User models using 2 or 3 separate Devise functionalities.
I have having a problem with the update functionality of the second Devise. The original first one works well, but for the second one, I get this error when I click on "update" after updating the user's profile parameters:
The action 'update' could not be found for User2Controller

What does that normally mean?


Hi Chris. Any indications/directions on how to turn the edit profile into a modal like on gorails website? Best

Nothing too special, just toss them in a Bootstrap modal and that's it. :)

thkss Chris. but may be this is worth a video. i could see the question hanging here and there on the web. sign_in, register and edit user details. personally i guess i am close to the solution in my implementation but for any reason, edit modal form is not submitting. not sure if due to error in javascript or else. will find out but a nice tutorial could help subscribers.


It would been great if we could know how the alert message gets auto removed from the screen?


simple procedure attempts!


Login or Create An Account to join the conversation.

Subscribe to the newsletter

Join 24,647+ developers who get early access to new screencasts, articles, guides, updates, and more.

    By clicking this button, you agree to the GoRails Terms of Service and Privacy Policy.

    More of a social being? We're also on Twitter and YouTube.