Authlogic with Rails 4.2

I was doing some rails stuff lately and needed some authentication module for my application (such as every other application that I ever used). So I was going to use devise as I always use to bootstrap my authentication module.

But as a unfortunately surprise. The current version of devise doesn't work with the new version of rails. So I had to go to other fast alternative. Searching over the web I came across authlogic. I remember that I was using authlogic at my previous job with one specific web, and it worked ok. For my surprise it worked really well with Rails 4.2.0.beta. The only thing that I found confusing was the documentation. It's not as clear as the devise one. But here we go step by step.

First thing I did was put the gem at the gem file.

gem 'authlogic', '~> 3.4.2'  

Then we run bundle install to install dependencies and we are ready to create our model. One can create a model with any field that is needed just remember to include some fields that are necessary for authlogic to operate. such as login, email, crypted_password, password_salt and persistence_token. You can choose to have only login or email. But if you have both fields authlogic will lookup for both. This is an example of my model migration.

class CreateUsers < ActiveRecord::Migration  
  def change
    create_table :users do |t|
      t.string :login
      t.string :name

      t.string :crypted_password
      t.string :password_salt
      t.string :persistence_token

      t.integer :login_count
      t.integer :failed_login_count
      t.datetime :last_request_at
      t.datetime :current_login_at
      t.datetime :last_login_at
      t.string :current_login_ip
      t.string :last_login_ip

      t.timestamps null: false

Those last fields are from the documentation module MagicColumns. If you have then at your athlogic model they will be used by the library, but you can simply ignore then.

Then is time to tell that your model itself will use authlogic. For that authlogic provides a method named acts_as_authentic which accepts a block of code for configuration. I really had a hard time to find more information about all the possible options it accepts but the one that I really wanted to use was easy to find. That was how to set the crypto provider to use bcrypt.

class User < ActiveRecord::Base  
  acts_as_authentic do |c|
    c.crypto_provider = Authlogic::CryptoProviders::BCrypt

Authlogic expect us to create a Session model so it can use it to create and restore our session object for that I just placed over the models folder a class named UserSession that inherits from Authlogic::Session::Base

class UserSession < Authlogic::Session::Base  

Then It was time to create a controller and a view that would handle the authentication actions. I created then a controller just for that with 3 actions new, create and destroy, just like the rails resource way. and created our form to handle the login properly.

resource :user_session, only: [:create, :new, :destroy]  
class UserSessionsController < ApplicationController  
  def new
    @user =

  def create
    @user_session = params.require(:user)
      .permit(:login, :password)
      redirect_to root_path
      redirect_to new_user_session_path

  def destroy
    redirect_to new_user_session_path
<!-- app/views/user_sessions/new.html.erb -->  
<%= form_for @user, url: user_session_path, method: :post, html: { class: 'form-horizontal', role: 'form' } do |f| %>  
  <div class='form-group'>
    <%= f.text_field :login, class: 'form-control', placeholder: 'Login' %>
  <div class='form-group'>
    <%= f.password_field :password, class: 'form-control', placeholder: 'Password' %>
  <%= f.submit 'Login', class: 'btn btn-primary' %>
  <% end %>
<% end %>  

Now is time to create our helper methods at the controller so we can access it across our application. For that I just follow what Ryan Bates did on that outdated (but f##### useful) railscasts).

class ApplicationController < ActionController::Base  
  self.responder = ApplicationResponder
  helper_method :current_user_session, :current_user

# ...

  def current_user_session
    @current_user_session ||= UserSession.find

  def current_user
    @current_user ||= current_user_session && current_user_session.user

We can place that helper method in any part of our app to verify if the user is logged in. and to permit access to certain actions.


It was not hard at all to setup authlogic I can happily use it during all my app development. But to tell the truth I can't wait to go back to devise just for the good documentation and examples. That is the thing that authlogic lacks the most. But it is an good and easy library to setup.