Thoughts on development, design and the world we live in.

Devise Authentication in Rails 3 (Updated for devise 2)

By Lee in Rails, Web Development. Posted on January 8th

Devise Github project page: https://github.com/plataformatec/devise

After some google searching I arrived at the decision to use Devise over Authlogic for my brand spanking new rails 3 app. I haven’t really had that much experience with authlogic in the past, besides using it in my previous rails 3 app. It was a little tricky to get it working with rails 3 and I wasn’t the biggest fan of the documentation (I felt it could have been a little more granular). That being said I have never used Devise but the yammering on the internet suggests it is a cleaner solution and works out of the box with rails 3. (http://stackoverflow.com/questions/4136121/rails-3-authentication-authlogic-vs-devise) I also liked some of the out of the box features it came with:

  • Database Authenticatable: encrypts and stores a password in the database to validate the authenticity of an user while signing in. The authentication can be done both through POST requests or HTTP Basic Authentication.
  • Token Authenticatable: signs in a user based on an authentication token (also known as “single access token”). The token can be given both through query string or HTTP Basic Authentication.
  • Confirmable: sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in.
  • Recoverable: resets the user password and sends reset instructions.
  • Registerable: handles signing up users through a registration process, also allowing them to edit and destroy their account.
  • Rememberable: manages generating and clearing a token for remembering the user from a saved cookie.
  • Trackable: tracks sign in count, timestamps and IP address.
  • Timeoutable: expires sessions that have no activity in a specified period of time.
  • Validatable: provides validations of email and password. It’s optional and can be customized, so you’re able to define your own validations.
  • Lockable: locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period.
  • Encryptable: adds support of other authentication mechanisms besides the built-in Bcrypt (the default).

The Exploration

First things first, add “devise” to your rails Gemfile in the root directory of your application.
Note: this example assumes knowledge of the bundler gem

Running bundle install will set you up with:

Following the install docs on the Devise project page..

Alright, based on the install output it looks like we need to do a little setup work… However, I will leave that to the reader since they may be using a pre-existing rails application…

After you are finished configuring the application its time to create your user model.

Great, lets take a look at what the generator created starting with the migration.

It looks like Devise gives you password encryption/storing, password recovery, session tokens, and login attempts by default. For my application I will also uncomment the lines for Confirmable, Lockable and Token authenticatable since I find these registration options useful out of the box and will save me time from writing those components later.

The only thing I needed to investigate of these options was the Lockable option since I wanted to understand the lock and unlock strategies.

Alright, now that we understand what they mean here is what my final migration looks like:

Now let’s take a look at our User model.

It looks like based on our migration options that we will also have to uncomment token_authenticatable, :confirmable, :lockable and :timeoutable and add it to the devise option.

We don’t need to setup our routes for user because devise has already added devise_for :users to our config/routes.rb for us. If we then run rake routes from the command line we get:

Finally it’s time to migrate our database and create our user model.

Now it’s time to start our rails server and see what devise has given us. Run rails server from the command line and lets travel to “localhost:3000/users/sign_up” and see whats going on.

My first thoughts are “Wow, that’s kind of ugly”. haha. Looks like down the line I will have to override those views and build custom ones (by overriding the routes!). I then attempt to sign up by filling out the form. The page reloads and tells me “You have signed up successfully. If enabled, a confirmation was sent to your e-mail.”. Yay, alright now I realize immediatly that I haven’t yet setup an smtp server on my local machine however if we check the server output or logs we will see a generated message:

Fantastic if we go to the confirmation address http://localhost:3000/users/confirmation?confirmation_token=wYQlv1D1lbB9InFq8dVZ we should be able to active our new account and sure enough the confirm works and sends us to the homepage with the message ‘Your account was successfully confirmed. You are now signed in.’


Devise is easy to setup and install using Rails 3. It give me the flexibility and features I need to fulfill the authentication requirements of my application. Good documentation and setup instructions go a long way. We will see with time if I regret my decision. If anyone out there in the internets know of any helpful information that would be beneficial to this blog post please comment below!


To update your Devise views run this from the command line:

This will pull the views from the gem and allow you to modify them.


  1. Posted January 15, 2011 at 6:52 pm | Permalink

    Thank you for the excellent walk-through. I followed this nearly verbatim, and it worked in my development environment. The only thing I’d recommend for future readers who may be relatively new to rails is that after running bundle install, the first instruction: ” 1. Setup default url options for your specific environment . . . .” means to add the example line (or another similar line) to config/environments/development.rb (or another environment).

  2. Ben Unger
    Posted February 10, 2011 at 6:04 pm | Permalink

    Very useful post for this newbie. I had gotten devise working fine in production which sent a confirmation email and was as happy as a clam. I only realized I had a problem when my local development site locked me out since I hadn’t confirmed. Your post came to the rescue. Thanks!

  3. Ryan Austin
    Posted April 5, 2011 at 3:48 pm | Permalink

    I went from deciding I was too stupid to get devise working to…having devise working. Thanks!

  4. Senthil kumar
    Posted June 22, 2011 at 4:27 am | Permalink


    Clear explanation, Great post.

  5. christopher
    Posted September 9, 2011 at 11:30 am | Permalink

    I had to add this line to config/initializers/devise.rb

    require ‘devise/orm/active_record’

  6. Nisha
    Posted October 9, 2011 at 12:33 pm | Permalink


    First of all thanks a lot for this tutorial. I am new to rails and this helped me a lot. Upto signup, it worked perfectly fine, but after i restarted the server, when i try to access sign_up page, it redirects me to localhost:3000. Please help me to correct this. Below is what i see in server log:

    Started GET “/users/sign_in” for at Sun May 04 00:58:24 +0530 2008
    Processing by Devise::SessionsController#new as HTML
    ←[1m←[36mUser Load (0.0ms)←[0m ←[1mSELECT users.* FROM users WHERE users
    .id = 1 LIMIT 1←[0m
    Redirected to http://localhost:3000/
    Completed 302 Found in 109ms

  7. Ramya
    Posted January 2, 2012 at 11:31 pm | Permalink

    I followed all the steps. Sign up process is woking fine. Everything is getting stored in the database. But sign_in process is not working for valid users also. It is giving invalid email or password. Please help me…

  8. Amir
    Posted March 26, 2012 at 5:05 am | Permalink

    I am new to rails and its helped me a lot. Anybody can tell, how to make profile with this login for particular user and display like as in facebook or any social networking.

  9. Posted March 26, 2012 at 5:08 am | Permalink

    I am new to rails and this code helped me a lot. I am working on project for my college to create profile for students.
    Is there any tutorial in RUBY to create small application like similar to facebook. Just need to display their profile, and can send messages.

  10. Posted April 10, 2012 at 3:23 pm | Permalink

    I haven’t read it, but the book RailsSpace covers the implementation of a social network. It’s by Michael Hartl and I like other stuff I’ve read of his.

  11. Posted July 22, 2012 at 9:28 pm | Permalink

    Greeting, I’m also new on rails. And this post was helping me to understand about how to getting started on devise, although there is several bug on my devise trial on how that the email confirmation still error, and sign in won’t work because there is no email confirmation for those user. But I rather ask to o how actually that Devise work to save session and control session on my whole page, I still confuse on that things..

    Any answer would be appreciated.


    Kristono Sugiarto

  12. railsdev
    Posted January 17, 2013 at 6:26 am | Permalink

    nice explanation…. it would be great could you please share an example which shows SSO using devise authentication and OmniAuth

  13. Wise Wild
    Posted February 7, 2013 at 3:34 am | Permalink

    Thanks so much. This is very very helpful

3 Trackbacks

  1. [...] This post was mentioned on Twitter by Blazing Cloud, Inc., Lee Lundrigan. Lee Lundrigan said: Devise for Rails 3 tutorial: http://t.co/TPecd1S [...]

  2. [...] [...]

  3. [...] 2A really good guide to integrating Devise with your Rails app [...]

Post a Comment

Your email is never shared. Required fields are marked *