Devise is currently the most used gem for authentication in Rails, and version 3.0.0 is compatible with Rails 4. For this, and for being powerful and configurable and staying out of the way (at least initially), I’ve chosen devise for my current project.
To generate a User model I left it to devise itself by issuing
$ rails generate devise MODEL
$ rake db:migrate
Al went fine, but when I wanted to be able to also do some CRUD myself on User models, I issued
$ rails generate scaffold_controller User –skip
At this point I had to fix the form helper and a couple of views, for adding email, password and password_confirmation fields. Then the controller too needed some adjustments that were a little more difficult go get properly, but the model was already fine.
The problem with the controller was changing the update action so that I’d be able to edit the email and/or the password independently.
Here is my new update
{[ .update1 | 1.hljs(=ruby=) ]}
And here is the private defs for user_params and needs_password?
{[ .update2 | 1.hljs(=ruby=) ]}
So the difficult part here was that you have to use the normal update method when you also want to change the password and the special update_without_password method (provided by devise) when you don’t want to change the password.
Devise also provides an update_with_password method, but that’s misleading because it requires the current_password field, only useful when you want the user herself to be able to edit her data. It should be renamed to update_with_current_password…