Authentication & Authorization
Devise (web sessions), has_secure_password, cookies, JWT (API authentication), Pundit, CanCanCan
1What is Devise in the Rails ecosystem?
What is Devise in the Rails ecosystem?
回答
Devise is a flexible and complete authentication gem for Rails, built on Warden. It provides pre-configured modules to handle registration, login, password recovery, email confirmation, account locking and more. Devise is the most popular authentication solution in the Rails ecosystem due to its ease of integration and modularity.
2What are the most commonly used Devise modules in a standard Rails application?
What are the most commonly used Devise modules in a standard Rails application?
回答
Devise offers a modular architecture where each feature is a separable module. The most common modules are database_authenticatable (password authentication), registerable (registration), recoverable (password recovery), rememberable ('remember me' cookie), validatable (email and password validations), confirmable (email confirmation) and lockable (locking after failures).
3How to protect a controller action so it is only accessible to logged-in users with Devise?
How to protect a controller action so it is only accessible to logged-in users with Devise?
回答
Devise provides the authenticate_user! helper that can be used as a before_action in controllers. This filter checks if a user is logged in and redirects to the login page if not. It can be applied to all actions or limited with only or except. The helper name depends on the model (authenticate_admin! for an Admin model).
Which Devise helper allows accessing the currently logged-in user in a view or controller?
How to customize Devise views (login forms, registration, etc.) in a Rails application?
+19 面接問題