User Authentication + CRUD Application with Ruby on Rails

4 min readMar 28, 2021

A simple guide to creating a CRUD application and implementing user authentication with Ruby on Rails.

This tutorial is designed to walk you through the steps necessary to set up a CRUD (create, read, update, delete) Ruby on Rails application with user authentication. You’ll be able sign up, login, logout, as well as view, edit and destroy user accounts.

This guide does not cover error handling or validation. However, I hope it’ll serve as a solid base for you to further build upon.

To Begin

Let’s start by creating our Rails application.

rails new user-app
cd user-app

If you prefer to use PostgreSQL, add -d postgresql to the end of your rails new command. Additionally, make sure to run rails db:create before migrating your database.

Install Bcrypt

We’ll be using the Bcrypt gem to encrypt our user passwords.

Add gem ‘bcrypt’, ‘~> 3.1.7’ to your gemfile.

Then, run bundle install.

Generate User Model

For this application, we’ll only have one user model.

rails g model user username password_digest

Your schema should appear as above.

Run rails db:migrate.

Add has_secure_password to your user model. This macro will allow us to use all the necessary bcrypt methods.

./app/models/user.rbclass User < ApplicationRecord     
   has_secure_password
end

Generate Controllers

We need to create two controllers for our application. A users controller and a sessions controller.

rails g controller users new create show edit update destroy
rails g controller sessions welcome new create destroy

Our user controller will handle the creation of user accounts. The session controller will be responsible for creating our sessions, i.e. logging our users in and logging them out.

Route Configuration

Navigate to config/routes.rb. You should see some already existing routes. Go ahead and delete those. We’ll be setting up our own.

At the very top we are configuring our root path to sessions#welcome. Our user routes are being automatically generated with resources :users. The session routes need to be individually listed out below. We can verify that all our routes have been setup correctly by visiting http://localhost:3000/rails/info/routes.

Helper Methods

We’ll be creating two helper methods inside our ApplicationController. These methods will be used to determine if a user is currently logged in and who the user is.

Users Controller

Update the UsersController to be as below.

Sessions Controller

Now we need to update the sessions controller.

Navigation Bar

Time to move on to the views. Let’s create a partial view for our nav bar. Create a file called _nav.erb inside our views/layouts folder. We’ll keep it simple with just three links to our login, signup and logout pages. We can use our helper methods to determine what specific buttons to show if a user is logged in.

./app/views/layouts/_nav.erb<% if !logged_in? %>
  <%= link_to "Login", login_path %>
  <%= link_to "Sign Up", new_user_path %>
<% else %>
  <%= link_to "Log Out", logout_path, method: :delete %>
<% end %>

While in the same folder, navigate to application.html.erb. We want our nav bar to appear on all pages. So, we’ll render our nav bar right above our yield statement.

<body>
  <%= render 'layouts/nav' %>
  <%= yield %>
</body>

Sign Up Page

Next, let’s create our form for the sign up page. Add the below code to ./app/views/users/new.html.erb.

Login Page

Our login page form will look very similar to the sign up form. Navigate to ./app/views/sessions/new.html.erb. The only change we need to make is update model: @user to url: "/login”.

Edit Account Page

Our edit form will be identical to our sign up form.

User Show Page

Finally, create the user show page.

./app/views/users/show.html.erb<h1>Welcome <%= current_user.username %></h1><%= link_to "Edit Account", edit_user_path(current_user) %>
<%= link_to "Delete Account", current_user, data: { confirm: "Are you sure?" }, method: :delete %>