User authentication & login

RailsFast comes with an entire user authentication and login system. We leverage the devise gem for that.

Of course, the main thing it handles is user signup and login:

RailsFast user authentication

But on top of that, it also handles things like "Forgot your password?" and "Resend email confirmation" flows:

RailsFast user password reset flow

All this with beautiful transactional emails that will work out of the box if you followed the quickstart:

RailsFast user confirmation email

Abuse protection

If you've configured your Cloudflare Turnstile credentials, you'll see the Turnstile captcha protecting all your user forms against bots and abuse:

RailsFast protects all user forms with Cloudflare Turnstile

There's no need for you to configure anything other than your Turnstile credentials as outlined in the quickstart, it all works automatically (you'll see a placeholder in development, and the real Cloudflare Turnstile widget once your app is deployed to production)

Block disposable emails

RailsFast automatically blocks users using disposable emails from signing up to your app. This comes working out of the box, there's nothing you need to do to make it work.

If a user tries to create an account with a disposable email address like [email protected], they'll get blocked and see an alert like this:

RailsFast blocks disposable emails

The list of disposable email providers gets automatically updated in production every night (check your recurring.yml file!)

We leverage the nondisposable gem for this, which gets its updated list of known disposable email providers from the disposable-email-domains list.

INFO

The devise gem (what we use for auth) is very flexible and powerful! You can easily add Oauth and other login methods to your app, make sure to read the Devise docs for more info!