6. Adding user authentication

As defined in the beginning, our Case Management System application allows its users to perform certain actions.

In this section we focus on adding user management features, namely user registration (sign up) and authentication (log in).

Ruby gems

User authentication is a generic problem - many applications handle it. Therefore, it is safe to assume that there are standard practices or even readily available solutions for it. In Ruby, such a set of solutions is called a gem. You can think of a Ruby Gem as a library or plug-in.

The problems we need to address are generic and common across multiple Rails applications:

  • Manage a database of users
  • Allow your users to post content on your app

The gem we're using to solve these problems is Devise.

Adding the Devise gem

All the available gems for your app are kept track of in your app’s folder in a file called Gemfile. Open Gemfile in Sublime Text and add this line:

gem 'devise'

Save the file. Go to the terminal and run (if Rails is running, press ctrl + c to stop it first):

$ bundle install

to install the gem.

Set up Devise in your app

Run the following command in your terminal to let Devise set itself up:

$ rails generate devise:install

What it did is create a bunch of files where some of the settings for Devise are stored, such as config/devise.en.yml.

Devise uses text files to describe, for instance, what is the minimal number of characters for a valid password or what are the default labels or error messages users see.

Databases and migrations

To let our users register, we first have to define what a user is. This means creating a database.

Last year, you may have seen a user database in one of the data leaks from our favorite Internet Service Provider.

A database is an organised collection of data. There are various kinds of databases. Let's think of the simplest ones - the Excel spreadsheets. One Excel spreadsheet can be considered a table. A table has columns and rows, we can give names to our columns and fill in many rows of data.

We won't be using Excel spreadsheets for our data, because it is slow. Instead, we will be using a database called SQLite. It is simple database, that can be used without additional configuration.

A database can have multiple tables. For example, a database named Social Network can have table names such as Users, Groups, and Posts.

The User table

Now that we have Devise fully installed and configured, let's use it to generate a User table. Type this into the terminal:

$ rails generate devise user

This command told Devise to generate a model called User.

It also created a special file, called a migration.

Since Devise is adding a new table to our database, it changes the whole structure of our database.

Whenever we want to change the structure, we'll need to create a migration for the change.

You can think of a migration as of a change of architectural plans, where only the difference is stored. For instance, if we want to extend our balcony, we'll have to create an architectural plan for the balcony.

In order to apply the changes to our database, we need to ask Ruby to migrate the database from its previous state (without a users table) to the new state (with a users table).

To do all sorts of work like this, we will need to use a tool called rake (greblă).

Here’s the command that migrates the database. Type it into the terminal:

$ rake db:migrate


Signing in and signing up

Now you can check it out. Start Rails (using the rails server command) and in your browser go to


There’s a simple Sign in form that was created for you by Devise. Cool! But you don’t yet have a user account on your own website, so to create one either click on Sign Up, or go to


and sign up to your website.

Our users can now sign up and log in.

Next, we will add more content for them to see!

Note: if you need fake user credentials, use the default combination user01@example.com / 123123123. With @example.com you do not risk sending unwanted emails to an existing email address. Don't forget to remove these accounts once your application goes live, to avoid security vulnerabilities.

results matching ""

    No results matching ""