Ruby on Rails: Build a membership system in 5 minutes with Devise

Authentication with ease

Jirayu Limjinda
Nov 3 · 4 min read

The membership system is one of the most important features of every website. It sounds easy to have a login, sign up, and forget password pages works on your website, but in reality, if you try to implement all of these, you will realize there are many details to handle and a surprising amount of problems to tackle.

You can build an authentication engine on your own, but you have to handle security issues like how to encrypt the password, how to generate “user forgot password token” or how to store 3rd-party token when you integrated with others social login. Or you might think about which model to use to store user’s data - would the User model be sufficient or do we need to separate User and UserProfile models? and would it be easy for someone to maintain your code when you leave or scale up in the future 🧐

Photo by George Becker (Pexels)

That’s why ROR developers should use Devise, A flexible authentication solution for Rails with Warden, as they claimed.

Devise is one of the libraries that I’ve used the most in every project. It’s easy and simple, the documentation is nice, There is a lot of QA on Stackoverflow and it covers all the basic features that we need on our website.

It’s stable, and you don’t have to worry too much about security issues because they have followed the standard models and features as it should be. And of course, it’s fast — you can build a membership system within 5 minutes 🤩

So let’s get started.

1. Creating a new ROR project

Clean start with Rails new [project name] command, easy-peasy like rails new simple_auth. Then point to your project and start a server with rails s to test everything is fine.

Yippee, it works!.. as it should

2. Install Devise and set it up

Open Gemfile file in your root project with your favorite editor, then put gem ‘devise’ to the end of file or above the group :development, :test do, and run bundle install

add gem ‘devise’ to your Gemfile, then run bundle install

Then you have to do little things with their config generator, run rails generate devise:install to create a default config for your website. Devise will list a short note to help us start and you can follow their steps.

Easy! I can do that

And you can run rails g devise:views to let Devise copy a default view template to your app, it easy to customize or change the style to match your own design later. After running this command, It will create many view files including an email template, which you can manually change in the future.

Now that we got thefront page, let’s do some backend stuff

Run rails generate devise User to let them create a user model and set some necessary routes.

Our user model code, created by Devise

Lastly, run rails db:migrate to migrate the changes.

After restarting the server, you are able to go to http://localhost:3000/users/sign_in to see our login page and http://localhost:3000/users/sign_up to register a new account. So, let’s try to create a new account.

let’s start with something easy

It works! after clicking on the signup button, you will be redirected to your root path with a notification message.

Simple enough

3. Condition and Hooked (optional)

We can guard some pages with a pre-defined command like before_action :authenticate_member! which means you can’t access this controller action if you’re a guest or just use user_signed_in? to make a condition on some sections on a page like menus and content.

A simple if-else condition with Devise’s helper tag

4. Change to friendly route (optional)

If you think users/sign_in and users/sign_up is to hard to remember and not generally, then you can custom your route to any word you want. just put this line to your routes.rb file

Now, Everyone can access the localhost:3000/login to log to their account and localhost:3000/register to see a signup form.


You can do more things with Devise, such as control whitelist parameters, add more fields on the form, localization(I18n) or connect with other social networks account(OmniAuth), check their Github repo or wiki page here: https://github.com/plataformatec/devise/wiki.

For someone who doesn’t want to mess up with the authentication, I think Devise is the easiest way to build a membership system. It’s simple and well-documented, it takes care of security issues. easy to maintain and that’s all we need.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade