Simple User Authentication for Ruby on Rails 7

A quick question I asked ChatGPT-4:
Can you show me an example of user authentication for a Ruby on Rails 7 application?

Here was the response I got:

Sure, in this example I’ll show how to implement a basic user authentication in a Ruby on Rails 7 application using a simplified version of the “has_secure_password” mechanism, provided by Rails through the BCrypt gem.

The below steps assume you already have a Rails 7 application created. If you don’t, create a new one with the following command:

rails new my_app

Step 1: Add the bcrypt gem to your Gemfile. It is usually already there, uncommented.

gem 'bcrypt'

Step 2: Run the bundle command.

bundle install

Step 3: Generate the User model.

rails generate model User username:string password_digest:string

Step 4: Migrate the database.

rails db:migrate

Step 5: Add has_secure_password to the User model. This is the line that will give our User model authentication methods via bcrypt.

# app/models/user.rb

class User < ApplicationRecord

This macro adds methods to set and authenticate against a BCrypt password. This mechanism requires a password_digest attribute.

Step 6: Create the Signup form.

<!-- app/views/users/new.html.erb -->


<%= form_for @user do |f| %>
  <%= f.label :username %>
  <%= f.text_field :username %>

  <%= f.label :password %>
  <%= f.password_field :password %>

  <%= f.submit "Sign up" %>
<% end %>

Step 7: Add Signup method to UsersController.

# app/controllers/users_controller.rb

class UsersController < ApplicationController
  def new
    @user =

  def create
    @user =
      session[:user_id] =
      redirect_to '/welcome'
      redirect_to '/signup'


  def user_params
    params.require(:user).permit(:username, :password)

Step 8: Setup the routing for signup.

# config/routes.rb

Rails.application.routes.draw do
  get 'signup', to: 'users#new'
  post 'signup', to: 'users#create'

Step 9: Create a Welcome controller and view.

rails generate controller Welcome index

Update the welcome/index.html.erb file:

<!-- app/views/welcome/index.html.erb -->

<h1>Welcome, <%= @current_user.username %></h1>

Update welcome_controller.rb:

# app/controllers/welcome_controller.rb

class WelcomeController < ApplicationController
  before_action :set_current_user

  def index


  def set_current_user
    @current_user = User.find(session[:user_id])

And add the corresponding route:

# config/routes.rb

Rails.application.routes.draw do
  get 'signup', to: 'users#new'
  post 'signup', to: 'users#create'

  get 'welcome', to: 'welcome#index'

This is a very simple setup without much error handling or feedback for the user, but it illustrates the core of how a basic authentication system could be implemented in Rails. In a production application, additional measures such as validations, encryption, token generation, expiration, etc. should be considered.