If you check out the Devise documentation, you'll notice it recommends hand-rolling your own authentication first. This is, IMO, a wise approach - especially if you plan to eventually deploy an app in the wild.
To piggyback on that, I personally think Rails is a poor intro to programming - even web development. What it provides in terms of early results is often at the cost of understanding what it does and why.
I agree with much you say here - I have personally seen too many beginners jump to use Devise, Cancan etc (every app has to have authentication and authorization, right?) without first understanding the core of Rails, and it just adds unnecessary abstraction to what's already a heavy framework.
When we teach (we run an online web development bootcamp), we teach folks Ruby first, then the general web concepts (HTTP, HTML, etc), then lay the foundation of dynamic web programming (rendering templates, routing, etc) with Sinatra, before finally tackling Rails. When we do teach Rails, we stay very close to the framework itself and ask students to build things like authentication from scratch. After they get the core of Rails under their belt, that's when the fun really starts - we introduce comprehensive testing materials, advanced Rails topics, service integrations, complex application workflow, git/github based team collaboration and production app deployment and maintenance concerns.
It takes a while to build up all this from the ground up - but we found this being very effective in pushing people to an intermediate level and build up confidence along the way.
I second that. To deploy a website you'll have to learn Rspec, Capybara, gem, bundler... all Rails idiosyncrasies.
In this respect, I found Udacity CS253 far more useful than Treehouse. It's Python based and the course uses a light framework - webapp2
(plus, you don't get lame jokes and it's free.)
How about Flask+Flask+sqlite as an intro to (web)programming? It shows you much more of what's going on in the database backend. Plus, Flask is so small you can still look at it's program code in an afternoon and understand what it's doing.
Hey doktrin - thanks for sharing your perspective! I did see that notice on Devise's documentation. I think Hartl's Rails Tutorial will go through a more basic user auth process.
If you think Rails is a poor first choice - what's your recommended language and why?
>If you think Rails is a poor first choice - what's your recommended language and why?
At the risk of being a little pedantic, I think Ruby is a great choice (Rails being a web framework). Sinatra is much more lightweight Ruby framework that I personally think is more appropriate when starting out. It offers far fewer abstractions (or, "magic") and is a radically simpler beast. To put some numbers on that assertion, the codebase itself is less than 1/100th the size of Rails.
If working with a different language, I recommend starting with some similar level of abstraction. Sinatra-esque frameworks typically offer enough functionality to make development fun while not obfuscating too much of the logic. Spark (Java) is Sinatra inspired. While I've never seriously developed in Python, web.py has been on my to-use list for quite some time.
Hey Jason, I'm a learner just like you and have only been working with Ruby for about 8 months. I'm a Treehouse customer and mix those video courses with Codecademy for reinforcement.
I started trying to learn Rails at the same time that I was learning Ruby. That was a bad choice and I gave up after a couple months. When I started back at it recently, I dove straight into Ruby alone and left the frameworks out of it. After I felt comfortable enough in Ruby, I added Sinatra and love it.
Rails is powerful, but Sinatra is "just enough" for beginners like us.
Learn something that requires you to write all the code as your first language (like PHP without a framework), and then Rails as your second "language". Only after writing SQL do you truly realize the power of Active Record, or write session-based authentication do you appreciate Devise. I love Rails's "magic", but I like that I can visualize what a Gem is doing based on how similar functionality would be implemented in PHP or ColdFusion.
> Isn't that the type of thing a new dev is very likely
> to get wrong and get burned by?
I doubt it.
Hand-rolling your own authentication is trivial in Rails. There are plenty of good tutorials and blog posts about it. There's even a Railscast on it. Rails even has a secure password helper and a digest generator.
You're more likely to get burned by Devise when you want to make trivial customizations to it. You quickly get weird override methods in your User model and rigid behavior from code you can't grep.
I think rolling your own authentication is far more newb-friendly. You're only a handful of lines away from your own `current_user` helper, and you retain full control.
To my thinking, auth is hard and the complexities shouldn't be glossed over. And you don't want to bog a newbie down by making them understand what rainbow tables and replay attacks are. So it's better to skip that and circle back around later once they get some familiarity with web dev in general.
To piggyback on that, I personally think Rails is a poor intro to programming - even web development. What it provides in terms of early results is often at the cost of understanding what it does and why.