[openstreetmap/openstreetmap-website] Move authentication code to use Devise (Issue #6809)
Pablo Brasero
notifications at github.com
Thu Feb 12 10:35:57 UTC 2026
pablobm created an issue (openstreetmap/openstreetmap-website#6809)
Since [at least 2016](https://github.com/openstreetmap/openstreetmap-website/issues/1361#issuecomment-259391569) there has been a desire to move the website to use [Devise](https://github.com/heartcombo/devise), a Rails engine for handling authentication with a long history and good regard in the Rails community. The authentication solution currently in place is custom made and has grown organically over the years, unfortunately getting to the point where it's now difficult to maintain and mentioned as a blocker to any changes.
These are examples of features that have been proposed over the years, but have been postponed until "after the move to Devise":
- [Require current password before accepting a new password](https://github.com/openstreetmap/openstreetmap-website/issues/2144)
- [block extremely simple and common passwords like "12345678" on a registration](https://github.com/openstreetmap/openstreetmap-website/issues/2285)
- [Bulk user account management tool for directed editing teams](https://github.com/openstreetmap/openstreetmap-website/issues/1823)
- [Add optional two-factor authentication for user accounts](https://github.com/openstreetmap/openstreetmap-website/issues/3476)
Here's a general [idea of the work involved](https://github.com/openstreetmap/openstreetmap-website/issues/1823#issuecomment-382216575) (as of 2018):
> I don't think it'll be just one PR. It'll involve lots of different changes to routes, thought given to things like our customised password hashing and signup acls, and slightly more standard things like having multistage signup (e.g. needing to view terms on a separate page) that will either be out-of-the-box or at least more likely to have existing devise plugins.
Fortunately, since then work has been done to bridge the gap (eg: https://github.com/openstreetmap/openstreetmap-website/pull/3397, https://github.com/openstreetmap/openstreetmap-website/pull/3147, https://github.com/openstreetmap/openstreetmap-website/pull/3165, https://github.com/openstreetmap/openstreetmap-website/pull/1595). There's still work to do that needs to be defined properly though, and this ticket is intended as an "epic" to discuss the work and help dividing and tracking it.
This work is covered by the OSMF's proposed [Core Software Roadmap for 2026/27](https://github.com/openstreetmap/software-roadmap), as part of the plans to improve operational sustainability.
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/6809
You are receiving this because you are subscribed to this thread.
Message ID: <openstreetmap/openstreetmap-website/issues/6809 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20260212/9c9bd31a/attachment.htm>
More information about the rails-dev
mailing list