Welcome to the Treehouse Community
Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.
Looking to learn something new?
Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.
Start your free trialAimee Knight
9,701 PointsAuthentication advice for first (from scratch) Rails app?
Wondering if some Rails dev's would mind chiming in on whether or not I should try to implement my own authentication (would use Hartl's Rails Tutorial as blueprint) or just go with something like Devise for my first project independent from an actual tutorial.
On a separate note, now that Rails 4 has been released, should I go with Rails 4, or stick with 3.2? I'm hesitant to go with 4, since there's less advice out there, but also wonder how much time I'd save in the long run if I decide to keep playing with my app and need to update it to 4 later? This is more or less a pet project to build up my skill set, not something I would expect would generate huge amounts of traffic.
Thanks in advance!
4 Answers
Moiz Malik
11,906 PointsI think it depends on the app. For contract work, I've used Devise because it plays nicely with the CanCan Gem and I have found that for most situations, Devise+CanCan is fine.
Also, something to keep in mind is that Devise is well tested and has good documentation.
Sometimes you need to roll your own because your app/business has very specific needs. With my startup's product, we've decided to write our own user system because we want some functionality that would require a significant amount of hacking around Devise to get it working. But I should say, it's a fairly large undertaking since there are so many security implications that you have to be aware of.
psousa
14,107 PointsDevise is well tested and compatible with many other gems for roles, authorization, etc.
Richard Wigley
3,733 PointsFrom Devise's readme on github:
Starting with Rails?
If you are building your first Rails application, we recommend you to not use Devise. Devise requires a good understanding of the Rails Framework. In such cases, we advise you to start a simple authentication system from scratch, today we have two resources:
Michael Hartl's online book: http://railstutorial.org/chapters/modeling-and-viewing-users-two#top Ryan Bates' Railscast: http://railscasts.com/episodes/250-authentication-from-scratch Once you have solidified your understanding of Rails and authentication mechanisms, we assure you Devise will be very pleasant to work with. :)
Got to say I agree. Ryan Bates wrote the CanCan gem so, you know, your in good hands and it's a great learning experience. He does authentication from scratch and authorization from Scratch in the videos - top draw learning.
Been using Rails 4 for a couple of months - it's solid (outside a SASS bug I experienced in RC1 and I couldn't do sprites until compass moved to 4) but you'll find some hangups with other Gems until everything moves to 4. If your trying to learn you go with 4 and if you need to deliver you go with 3.2.
If it were a pet project I would totally go 4, haha but your tolerance for lost time may vary ;-)
Rich
Aimee Knight
9,701 PointsRich,
I think I agree with you on Rails 4. Although it would be easier to do 3.2, it would probably be more beneficial for me to go ahead and start with 4.
As far as authentication, I'm on the second to last chapter of Hartl's tutorial so I'll have to look further into the Devise docs. I'm thinking I may still try the authentication from scratch though, so I can grasp it better.
Richard Wigley
3,733 PointsSounds good. Hartl's tutorial is amazing but it does try and teach you everything at one sitting. It takes a number of goes to digest it. I only really understood once I had written my own blog application in separation from anything else, a couple of times, haha. With the railscast you get that one thing, a small application using authentication.
Good luck.
Rich
Aimee Knight
9,701 PointsThat makes me feel a lot better so thank you. I'll probably follow along with Hartl's Rails 4 version this time while I'm working on my own app.
Aimee Knight
9,701 PointsThanks everyone for the advice. I'm thinking I'll go with Devise after I dig further into authentication from scratch.