I am a ruby on rails noob. In contrast I am fairly good in my HTML CSS javascript and jQuery. Recently I got into ruby on rails using this tutorial by Michael Hartl: http://ruby.railstutorial.org/ruby-on-rails-tutorial-book .
But alas I am trying to build my own project and use gem devise as a simple way to do authentication. As it is difficult for a beginner to do authentication. However, everyone is mentioning that noobs should not use this gem.
Why shouldn't a noob use devise for his own project?
Thanks for any tips at all but I would much prefer a verbose answer.
Devise is the cornerstone gem for Ruby on Rails authentication. With Devise, creating a User that can log in and out of your application is so simple because Devise takes care of all the controllers necessary for user creation ( users_controller ) and for user sessions ( users_sessions_controller ).
If you're using Rails to build your application, you can use Devise, a gem which is designed to make authentication easy. Fortunately, Devise has been used in production applications for years. It's known to be secure.
I completely disagree with the advice you've been given so far, including from the other answers here.
Rolling your own authentication, especially as a beginner, is a good way to put your users at risk. Security (and especially crypto) is hard and you'll probably get it wrong somehow even if you have experience.
If you want to learn how password-based authentication works (and you should), learn it on your free time. Don't make your users unwitting test subjects and put their privacy at risk.
Unless you plan to use Devise out of the box without any modifications, using Devise could cost you more time than writing your own authentication.
It depends on how complex your your needs are. For example, whether you need a forgotten password feature, a verification feature, etc...
Implementing your own authentication is extremely simple with Rails' has_secure_password
. It is also very helpful to know what is going on behind the scenes. It's part of the learning process, it's trivial, and fun.
It literally takes about 10 lines of code to write a basic auth. As others have said, unless you have a pressing need, just follow the tutorial. You will learn a lot of good things from it, and using Devise will cause you to miss a lot of great information.
The idea is that, as a noob, learning the basics of how authentication works is really useful. Even if in future projects you end up using Devise all the time, having the experience of developing your own authentication so you know what's going on behind the scenes in Devise is really helpful.
You need to make your own decision on this. If you're in a hurry to get an app out the door, learning how to use Devise first might be the right way to go. If you have the time though, trying to figure out how to roll your own is a good idea. At the very least, it's worth your time to check out Ryan Bates video on rolling your own: http://railscasts.com/episodes/250-authentication-from-scratch
Also, this from the Devise documentation discouraging new rails devs from using Devise: https://github.com/plataformatec/devise#starting-with-rails
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With