How to Customize Devise Authentication with Active Storage

It is really difficult to imagine an application without a very secure authentication module, they vary from one to other, but almost always having common components, like a form to introduce a user name or email, their password, maybe some social media authentication, even biometric inputs. It is a good practice to understand what are the things you should consider to have a secure and complete authentication module. Once, you acknowledge the security rules you need to implement and the users’ necessities, instead of always implementing this from scratch you can create a template or use, in the case of Rails, a specific Gem for this, like Devise. Devise is one of the most used Gems for authentication, and it’s very flexible to adapt it to your necessities. In this tutorial, I’m aiming to show you how you can integrate one of the other most common features with user authentication, which is to associate its Model with its profile image. Associating a Model with an image it’s pretty straightforward in Rails thanks to the feature of the Active Storage module, you can use many storage services for it, like , , , among others. In this tutorial, we are going to use . Direct uploads Amazon S3 Google Cloud Microsoft Azure Cloudinary Cloudinary is a free storage service, till a certain point as almost any other service, that offers what we need to store our users’ profile images. It only needs you to and download the credentials assigned to it. create an account That being said, let’s start by specificating the tools we are going to use: $ lsb_release -a Ubuntu 18.04.4 LTS $ rails -v Rails 6.0.3.1 $ ruby --version ruby 2.6.5p114 (2019–10–01 revision 67812) [x86_64-linux] Let’s create our project. rails new custom-authentication -T The argument is not important, it’s just to skip test files of rails, we are not going to use them for this tutorial. -T Check that everything went well with the installation in the logs, and continue. Go inside the root of the project, and open the . We are going to need the gem for our storage service Cloudinary: Gemfile gem , , # Gemfile 'cloudinary' '~> 1.18' '>= 1.18.1' Following the setup instructions from : Cloudinary’s github repo We install the gem: bundle install If you already signed up and are logged in you can file , otherwise, go to their page download your cloudinary.yml signup You’re going to receive a verification email, after verifying it, you’re ready to download your credentials file. cloudinary.yml Put the downloaded file in your folder. If you’re using a version control tool like git, you should ignore that file, it’s containing your private credentials, so be careful pushing it. /config After that, we can install Active Storage, because it's not coming preinstalled by default: rails active_storage:install This is going to create a migration file with the necessary structure to associate the files with their corresponding records. So, let’s migrate it: rails db:migrate Now, let’s proceed with our Devise Gem, add it to the Gemfile: gem , , # Gemfile # ... 'devise' '~> 4.7' '>= 4.7.3' Install the gem: bundle install Run Devise's generator: rails g devise:install It will display a set of instructions on the console: The first one: 1. Ensure you have defined default url options your environments files. Here is an example of default_url_options appropriate a development environment config/environments/development.rb:

config.action_mailer.default_url_options = { host: , port: 3000 }

In production, :host should be to the actual host of your application.

* Required all applications. * in for in 'localhost' set for We are not going to need the configuration for the email, so we can skip that. Let's go to the next one: 2. Ensure you have defined root_url to *something* your config/routes.rb. For example:

root to: * Not required API-only Applications * in "home#index" for We don't have any controllers yet, we are going to add a new one to Devise later, so can skip this step for now as well. Add flash messages: 3. Ensure you have flash messages app/views/layouts/application.html.erb. For example:

* Not required API-only Applications * in "notice" "alert" for To add the flash messages, as indicated in the instruction, we need to open our file, but we don't want to always display them, so to show them just when they are being triggered we are going to wrap them inside conditional statements: application.html.erb if =" - "> class alert alert success notice p end if =" - "> class alert alert danger alert p end Your should look like this: app/views/layouts/application.html.erb CustomAuthentication html head title title csrf_meta_tags csp_meta_tag stylesheet_link_tag , , : 'application' media: 'all' 'data-turbolinks-track' 'reload' javascript_pack_tag , : 'application' 'data-turbolinks-track' 'reload' head body notice if p class "alert alert-success" notice p end alert if p class "alert alert-danger" alert p end yield body html And the last one: 4. You can copy Devise views ( customization) to your app by running:

rails g devise:views * Not required * for We are going to definitely need to do this to include our User profile image in our sign up form, so let's go ahead and run: rails g devise:views The next step is creating the model that is going to be used for our users and devise methods for the authentication. Devise is going to give us a hand with the generation of this model: rails g devise User This will create a model (if one does not exist) and configure it with the default Devise modules. The generator also configures your config/routes.rb file to point to the Devise controller. There are additional configuration options, such as confirmable or lockable, some of them need an email service to work. We are going to keep this tutorial focused just on the customization of the user's registration with Active Storage. We can leave those additional configurations for another occasion. Let's add an extra field to our migration file for the , the migration file should look like this: db/migrate/xxxxxxxxxxxxxx_devise_create_users.rb username create_table t.string , , t.string , , t.string , , t.string t.datetime t.datetime t.timestamps add_index , , add_index , , # frozen_string_literal: true < ActiveRecord::Migration[6.0] class DeviseCreateUsers def change :users do |t| ## Database authenticatable :username null: false default: "" :email null: false default: "" :encrypted_password null: false default: "" ## Recoverable :reset_password_token :reset_password_sent_at ## Rememberable :remember_created_at null: false end :users :email unique: true :users :reset_password_token unique: true end end So, let's migrate our User model to the database: rails db:migrate Now, we need to associate the User model with the Active Storage by indicating how we are going to name their profile images. We are going to name it "avatar", to do this we need to add to our model the helper: has_one_attached devise , , , , has_one_attached # app/models/user.rb =" "> class field =" "> class gravatar_edit :avatar placeholder: 'Upload picture' direct_upload: true /div> Sign up h2 h2 form_for(resource, resource_name, registration_path(resource_name)) as: url: do |f| render , resource "devise/shared/error_messages" resource: div class "field" div class "gravatar_edit" f.file_field , , , :avatar placeholder: 'Upload picture' id: "change-img-field" direct_upload: true div div div class "field" f.label :username br f.text_field , , :username autofocus: true autocomplete: "username" div div class "field" f.label :email br f.email_field , :email autocomplete: "email" div div class "field" f.label :password @minimum_password_length if ( em @minimum_password_length characters minimum) em end br f.password_field , :password autocomplete: "new-password" div div class "field" f.label :password_confirmation br f.password_field , :password_confirmation autocomplete: "new-password" div div class "actions" f.submit "Sign up" div end render "devise/shared/links" To configure the acceptance of custom parameters in Devise, we need to explicitly indicate which ones we'll be allowed to pass in. One way to do this, is stating it in the file: /app/controllers/application_controller.rb before_action , protected devise_parameter_sanitizer.permit( , [ , ]) # app/controllers/application_controller.rb < ActionController::Base class ApplicationController :configure_permitted_parameters if: :devise_controller? def configure_permitted_parameters :sign_up keys: :username :avatar end end The syntax in Ruby is pretty straight forward, we are indicating that if it is one of the devise controllers, in this case for sign_up, we need to configure the permitted parameters by calling the protected method configure_permitted_parameters, we put it as protected because nothing outside to the class is going to use it. When we call the devise_parameter_sanitizer.permit method, we need to pass in the action, and the keys, which is an array of symbols with the names of the custom parameters. Now, we need to go to our file and set up our Cloudinary service, just adding this in the file: config/storage.yml Cloudinary cloudinary: service: In our environment configuration files we need to indicate which service we are going to use for our Active Storage, let’s start with . Locate the parameter for the active storage service and change it to : config/environments/development.rb :cloudinary Rails.application.configure config.active_storage.service = do # ... :cloudinary end You will need to prepare your file requiring the javascript of active storage included with its installation: app/javascript/packs/application.js # app/javascript/packs/application.js //= require activestorage We are going to also need to add some javascript, you can go to the section, and grab its event listener examples. To add that javascript in the file, it's going to have to require it self with the helper method: Active Storage Direct Uploads application.js require_self addEventListener( , => { { target, detail } = { id, file } = detail target.insertAdjacentHTML( , ` `) target.previousElementSibling.querySelector(`.direct-upload__filename`).textContent = file.name }) addEventListener( , => { { id } = .detail element = document.getElementById(`direct-upload-${id}`) element.classList. ( ) }) addEventListener( , => { { id, progress } = .detail progressElement = document.getElementById(`direct-upload-progress-${id}`) progressElement.style.width = `${progress}%` }) addEventListener( , => { .preventDefault() { id, error } = .detail element = document.getElementById(`direct-upload-${id}`) element.classList. ( ) element.setAttribute( , error) }) addEventListener( , => { { id } = .detail element = document.getElementById(`direct-upload-${id}`) element.classList. ( ) }) # app/javascript/packs/application.js # ... //= require_self // direct_uploads.js "direct-upload:initialize" event const event const "beforebegin" "direct-upload-${id}" class "direct-upload direct-upload--pending" "direct-upload-progress-${id}" class "direct-upload__progress" "width: 0%" class "direct-upload__filename" "direct-upload:start" event const event const remove "direct-upload--pending" "direct-upload:progress" event const event const "direct-upload:error" event event const event const add "direct-upload--error" "title" "direct-upload:end" event const event const add "direct-upload--complete" You can separate later this in another file and require it if you desire to have it more organized. In Rails Guide there are also some example codes to style the progress bar of our direct upload and indicate if there was an error with the upload: # / / / { : inline-block; : relative; : ; : ; : solid (0, 0, 0, 0.3); : ; : ; : ; } { : ; } { : absolute; : ; : ; : ; : ; : ; : width ease-out, opacity ease-in; : (0, 0, 0); } { : ; } { : red; } { : none; } app assets stylesheets application .css /* direct_uploads.css */ .direct-upload display position padding 2px 4px margin 0 3px 3px 0 border 1px rgba border-radius 3px font-size 11px line-height 13px .direct-upload--pending opacity 0.6 .direct-upload__progress position top 0 left 0 bottom 0 opacity 0.2 background #0076ff transition 120ms 60ms 60ms transform translate3d .direct-upload--complete .direct-upload__progress opacity 0.4 .direct-upload--error border-color input [type=file] [data-direct-upload-url] [disabled] display We can now test if the user authentication and the direct upload are working. First, run your rails server: rails s And open in your browser , add an image, and complete the necessary fields to signup: localhost:3000/users/sign_up If everything is ok, you should be redirected to the welcome page of Rails. You can check now on you Cloudinary account if your image was uploaded in the Media Library section: Now, let's see how to display those images in our App. First, we need to create our Users controller, we are only going to need the show method: rails g controller users show I have to warn you that this show method is not going to be the classic one where you pass as a parameter the id of the user to display its data, this is only going to show the current user data to simplify our example. In our routes, we need to add the devise_for helper to be able to use the current_user helper to display its data. Rails.application.routes.draw devise_for : resources : , : %i[ ] # /config/routes.rb do users users only show end And finally, we customize our file to display our username and avatar: app/views/users/show.html.erb Hi

_tag( . , : , : , : ) current_user avatar alt "avatar" class "avatar" id "avatar" Now, you're able to visit a welcome message with your user avatar: localhost:3000/users/show If you have any kind of problems with the instructions, you can check out my including the necessary files and instructions to deploy the project. Github repo I recommend you to check the official Devise documentation and the youtube channel that helped me to understand how to implement direct upload with Active Storage. GoRails There are still a lot of things to add to this, but I hope that this tutorial had helped you in your journey to create a great authentication module!