Provides authentication and authorization services for use with Spree by using Devise and CanCan.

devise, ecommerce, rails, spree, spreecomerce
gem install spree_auth_devise -v 4.0.0


Spree Auth (Devise)

Build Status Code Climate

Provides authentication services for Spree, using the Devise gem.


  1. Add this extension to your Gemfile with this line:

Spree >= 3.1

gem 'spree_auth_devise', '~> 3.3'

Spree 3.0 and Spree 2.x

gem 'spree_auth_devise', github: 'spree/spree_auth_devise', branch: 'X-X-stable'

The branch option is important: it must match the version of Spree you're using. For example, use 3-0-stable if you're using Spree 3-0-stable or any 3.0.x version.

  1. Install the gem using Bundler:
bundle install
  1. Copy & run migrations
bundle exec rails g spree:auth:install

Upgrading from Spree 3.0 to 3.1

If you're upgrading from 3.0 to 3.1 you need to rerun the installer to copy new asset files (javascripts)

bundle exec rails g spree:auth:install



To enable Devise's Confirmable module, which will send the user an email with a link to confirm their account, you must do the following:

  • Add this line to an initializer in your Rails project (typically config/initializers/spree.rb):
Spree::Auth::Config[:confirmable] = true
  • Add a Devise initializer to your Rails project (typically config/initializers/devise.rb):
Devise.setup do |config|
  # Required so users don't lose their carts when they need to confirm.
  config.allow_unconfirmed_access_for = 1.days

  # Fixes the bug where Confirmation errors result in a broken page.
  config.router_name = :spree

  # Add any other devise configurations here, as they will override the defaults provided by spree_auth_devise.

Sign out after password change

To disable signout after password change you must add this line to an initializer in your Rails project (typically config/initializers/spree.rb):

Spree::Auth::Config[:signout_after_password_change] = false

Using in an existing Rails application

If you are installing Spree inside of a host application in which you want your own permission setup, you can do this using spree_auth_devise's register_ability method.

First create your own CanCan Ability class following the CanCan documentation.

For example: app/models/your_ability_class.rb

class YourAbilityClass
  include CanCan::Ability

  def initialize user
    # direct permissions
     can :create, SomeRailsObject

     # or permissions by group
     if spree_user.has_spree_role? "admin"
       can :create, SomeRailsAdminObject

Then register your class in your spree initializer: config/initializers/spree.rb


Inside of your host application you can then use CanCan like you normally would.

<% if can? :show, SomeRailsObject %>

<% end %>

Adding Permissions to Gems

This methodology can also be used by gems that extend spree and want/need to add permissions.

Ruby 2.5 issues

If you encounter issues when using Ruby 2.5, please run:

bundle update devise

Creating the default Admin user

If you didn't created the Admin user from the installer you can run this rake task:

bundle exec rake spree_auth:admin:create


You need to do a quick one-time creation of a test application and then you can use it to run the tests.

bundle exec rake test_app

Then run the rspec tests.

bundle exec rspec

About Spark Solutions

Spark Solutions

Spree Auth Devise is maintained by Spark Solutions Sp. z o.o..

We are passionate about open source software. We are available for hire.