Devise VS Brakeman

Since Rails 7, there's more and more tooling that enables us, developers, to roll our own authentication. Devise is great and has been an amazing companion over the years. It also has this neat little feature - an authenticated route constraint which "hides" certain routes from people that are not signed in.

[changelog] https://github.com/heartcombo/devise/blob/main/CHANGELOG.md [upgrade guide] https://github.com/heartcombo/devise/wiki/How-To:-Upgrade-to-Devise-4.9.0-%5BHotwire-Turbo-integration%5D

As much as this article is about user authorization, there's something important we need to cover: user authentication. Without it, any authorization policies we try to define later on will be useless. But there is no need to write authentication from scratch. Let's use Devise.

With around 50 new gems released daily, it is common to use trending libraries for managing everyday tasks. You probably use Devise for authentication, Cancan for authorization, Kaminari for pagination, or run tests with Rspec.

Devise is an authentication library built on top of Warden, a Rack-based authentication framework.

devise: An authentication library designed for Rails

I used Devise, this is a Ruby on Rails app

In this article, we will explore how to implement authentication in a Rails 7 application using the popular devise gem. Authentication is a crucial aspect of web development, allowing users to securely access and interact with your application. By following this step-by-step guide, you will learn how to set up devise, configure authentication routes, create user models, and enhance your application with authentication features.

Brakeman - “Brakeman detects security vulnerabilities in Ruby on Rails applications via static analysis”

My team and I released Bearer a couple of weeks ago, a newer open and free alternative to Brakeman to check your code for security and privacy risks. In addition to Ruby/Rails, we also cover your JS/TS code, which allows you to use a single solution for your whole Rails application.

Brakeman is a static analysis security vulnerability scanner for Ruby on Rails applications. It finds potential security issues in Rails applications by examining the Ruby code. Brakeman helps find and fix security holes before deploying your Rails app.

brakeman is another useful Ruby gem that is a static analysis security vulnerability scanner for Ruby on Rails applications.

You might find brakeman interesting: https://brakemanscanner.org

It’s assumed that you already have a Rails app and use Brakeman to keep your app secure and Rspec to run your test cases.

Another great lib for this is Brakeman, which can be installed in a very similar process and gives you even more detailed reports:

This is pretty easy to handle. In the case where a splatted array is the only argument to a method, we'll simply use the elements of the array as the argument list. (Check out the pull request here)