An example Devise app which uses ThisData for login intelligence and tracking.
Ruby HTML CSS JavaScript
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.

ThisData Devise example app

This is an example Rails app which uses Devise for authentication, and ThisData to track events and provide login intelligence. You can use our Anomaly Detection APIs to enable better user experience & enhanced security in your application.

When you get it up and running, here's what your Audit Log will end up looking like:

screen shot 2016-10-04 at 4 17 36 pm

And if you enable end-user notification for suspicious activity, here's what your user might see:

Getting this in your own app:

If you're a TL;DR type person, the best bit is in lib/this_data/warden_hooks.rb:

Warden::Manager.on_request do |proxy|
  if proxy.request.get? && !proxy.request.original_fullpath.start_with?("/assets")
    payload = {
      ip: proxy.request.remote_ip,
      user_agent: proxy.request.user_agent,
      verb: 'page-view',
      object: {
        url: proxy.request.original_url
    if proxy.authenticated?
      payload[:user] = {
        id: proxy.user.send(ThisData.configuration.user_id_method)

... etc ...

But really, it's super simple to get going:

  1. Install the thisdata-ruby gem, and follow its installation instructions - see config/this_data.rb for an example configuration file
  2. Copy lib/this_data/warden_hooks.rb in to your own project
  3. Add require 'this_data/warden_hooks' to config/initializers/devise.rb

If you want to track failed log-ins

If you haven't already extended Devise::SessionsController:

  1. Copy app/controllers/my_sessions_controller.rb
  2. In routes.rb, change your devise_for line to look like
devise_for :users, controllers: { :sessions => "my_sessions" }

You can change the name of the controller if you wish.

If you have already extended Devise::SessionsController, copy the protected auth_options method over into your controller.

What do you get?!

This will enable tracking of

  • log-in - successful login events
  • log-in-denied - when someone fails to log in
    • if the email/username is correct, the corresponding User details are tracked
  • log-out - when the user logs out
  • page-view - each page viewed in your app, containing user information when they're logged in

Want more?

If you've extended your Devise controllers, you should make sure to include tracking for

  • password-reset-request - someone asked to reset their password
  • password-reset - a User reset their password
  • password-reset-request
  • email-update
  • password-update

If you support Two Factor Authentication:

  • authentication-challenge
  • authentication-challenge-pass
  • authentication-challenge-fail
  • two-factor-disable

And any other event you like! Read more: "What events should I track?"

This example app is based off the RailsApps Devise example app Copyright ©2014-15 Daniel Kehoe. MIT License