Bullet Train uses Devise for authentication and we've done the work of making the related views look pretty and well-integrated with the look-and-feel of the application template.
Bullet Train registers its own slightly customized registration and session controllers for Devise. If you want to customize them further, you can simply eject those controllers from the framework and override them locally, like so:
bin/resolve RegistrationsController --eject --open bin/resolve SessionsController --eject --open
You can customize Devise views using the same workflow you would use to customize any other Bullet Train views.
Invite-Only Mode and Disabling Registration
If you would like to stop users from signing up for your application without an invitation code or without an invitation to an existing team, set
INVITATION_KEYS to one or more comma-delimited values in
config/application.yml (or however you configure your environment values in production.) Once invitation keys are configured, you can invite people to sign up with one of your keys at the following URL:
If you want to disable new registrations completely, put an unguessable value into
INVITATION_KEYS and keep it secret.
Note that in both of these scenarios that existing users will still be able to invite new collaborators to their teams and those collaborators will have the option of creating a new account, but no users in the application will be allowed to create a new team without an invitation code and following the above URL.
Enabling Two-Factor Authentication (2FA)
Two-factor authentication is enabled by default in Bullet Train, but you must have Rails built-in encrypted secrets and Active Record Encryption configured. To do this, just run: