An authentication generator for Rails 7. Based on the step-by-step guide on how to build your own authentication system in Rails from scratch.
Add this line to your application's Gemfile:
gem "rails_mvp_authentication"
And then execute:
bundle
Or install it yourself as:
gem install rails_mvp_authentication
Then run the installation command:
rails g rails_mvp_authentication:install
Once installed make follow these steps:
- Run
bundle install
to install bcrypt - Run
rails db:migrate
to add theusers
andactive_sessions
tables - Add a root path in
config/routes.rb
- Ensure you have flash messages in
app/views/layouts/application.html.erb
<p class="notice"><%= notice %></p>
<p class="alert"><%= alert %></p>
After completing these steps you can uninstall the gem:
bundle remove "rails_mvp_authentication" --install
- Requires a user to confirm their email address before they can log in.
- Allows a user to remain logged into the application even if they exit their browser.
- Allows a user to have multiple sessions. This gives users the ability to log out of all sessions at once. This also makes it easy to detect suspicious login activity.
- Allows a user to change their email address.
- Allows a user to recover their account if they forget their password.
- Requires users to submit their password anytime they're chaning their account information.
The following methods are automatically included in the corresponding generated files.
Redirects the visitor to the login_path
if they're not logged in. Useful for preventing an anonymous user from accessing a page intended for an authenticated user.
Returns an instance of User
if there's one in the session. Othwerwise returns nil
.
Deletes the :remember_token
cookie. For added security, the associated active_session
should be deleted too.
Resets the session and then creates a new active_session
with on the user
that was passed in. Stores the id
of the active_session
in the session
. Returns the new active_session
.
Resets the session and deletes the associated active_session
record.
Returns true
if current_user
does not return nil
. Othwerwise returns false
.
Redirects the user to the root_path
if the user is logged in. Useful for keeping a user from accessing a page intended for an anonymous user.
Creates a cookie to store the value of the remember_token
from the active_session
that was passed in.
Returns an instance of User
if there's one in the session. Othwerwise returns nil
.
Returns true
if current_user
does not return nil
. Othwerwise returns false
.
A copy of the authenticate_by class method that is set to ship in rails 7.1
Sets the confirmed_at
column to Time.current
. Updates the email
column if reconfirming a new email address. Returns true
or false
.
Returns true
or false
based on if the confirmed_at
column is present.
Returns the value of the email
column if the unconfirmed_email
column is empty. Otherwise, the value of unconfirmed_email
is returned.
Generates a signed_id used in the confirmation mailer.
Generates a signed_id used in the password reset mailer.
Send a confirmation email to the user.
Send a password reset email to the user.
Returns true
if there's a value for unconfirmed_email
. Otherwise false
is returned.
Returns true
if there's no value for confirmed_at
. Otherwise false
is returned.
Returns true
if the user is unconfirmed or reconfirming a new email address. Otherwise false
is returned.
Returns an instance of User
if there's one in the test session. Othwerwise returns nil
.
Creates a post
request to the login_path
. Simulates a real login.
Deletes the current_active_session_id
test session. Simulates a login.
What makes this gem different (not better) from devise, clearance, etc?
- This gem is less of an engine and more of a generator. It generates all necessary models, views, controllers, mailers, and migrations. This means you have complete control over your authentication system and don't have to worry about learning a new DSL or API.
- It also generates tests. That way you can ship with confidence if and when you decide to change how your authentication system works.
- It utilizes modern core features of Rails, such as ActiveSupport::CurrentAttributes and Active Record Signed Id, has_secure_password and has_secure_token.
- It stores the session in the database. This gives users the ability to log out of all sessions at once. This also makes it easy to detect suspicious login activity.
If you'd like to open a PR please make sure the following things pass:
bin/rails test
bundle exec standardrb
The gem is available as open source under the terms of the MIT License.