2. Setting up your devise model and configuring devise - verachell/Simple-rails-tryout-app-using-devise GitHub Wiki

Your devise model

Now you need to generate your devise model for the app's users. This is often called User, but it can be Admin, Member or in principle anything. You can have more than 1 model if you wish, for scoped things such as Admin and User.

IMPORTANT: The name of your model is related to its mount point. So for example, if your model is User the relevant URLs for authentication will be navigated to under /users, so localhost:3000/users/sign_in etc. Likewise, the Admin model can be found under /admins, and so on. As far as I could tell from online research, it seems that you can't easily change the mount point after the fact of an existing model (I could be wrong of course). So name it wisely!

In this case we will call our model User

Generate the model:

rails generate devise User

Output:

     invoke  active_record
      create    db/migrate/20240402110229_devise_create_users.rb
      create    app/models/user.rb
      invoke    test_unit
      create      test/models/user_test.rb
      create      test/fixtures/users.yml
      insert    app/models/user.rb
       route  devise_for :users

This generates several files listed above

Do not do migration just yet! First inspect files, in particular the migration file. This is the time to make any changes needed.

In this case, I want to make it lockable. I'd also like to make it timeoutable, but will look into that later. For now, look at the migration file and uncomment the lockable part, like this:

      ## Lockable
       t.integer  :failed_attempts, default: 0, null: false # Only if lock strategy is :failed_attempts
       t.string   :unlock_token # Only if unlock strategy is :email or :both
       t.datetime :locked_at

Otherwise, leave everything as is (the default is not trackable or confirmable, but for now leave that to be the case)

Next (still before migration): inspect the model file at app/models/user.rb. Currently it says:

class User < ApplicationRecord
  # Include default devise modules. Others available are:
  # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
  devise :database_authenticatable, :registerable,
         :recoverable, :rememberable, :validatable
end

Want to add lockable and timeoutable to it, so add those into the uncommented bit

Note - later probably want to remove registerable

Note that it also adds a line into config/routes.rb: devise_for :users

This has to do with required routes like /users/sign_in etc.

Then do rails db:migrate Then do rails server go to localhost:3000/users/sign_in and other URL's pre-defined by devise.

Security note - if we do forgot password on an email that's not in the database, it says email not found.

At this point, probably want to create a new user. This can be done by signing up at http://localhost:3000/users/sign_up (assuming we have set up the devise as registerable, as was the case here), or via console (explained later).

In this case, I signed up as a user whose email is [email protected] and password is SecretABC2

At this point (probably should have done earlier), do as Devise Wiki recommends and to config/environments/development.rb add config.action_mailer.default_url_options = { host: 'localhost', port: 3000 }