Authentication is the act of confirming that somebody is geniune or real. In our case Authentication means validating that a person is who they say they are by allowing them to tell us a secret that only the two of us know. This differs from Authorization. Authorization is the act of allowing or dissallowing actions for a user.
Devise is the answer. Always use devise. Many people try to roll their own auth, but unless you have strong crypto experience and a deep understanding of common attacks, I would not advise this. While devise is the easy answer there are some thigns devise can't do. There are also times when you want to use someone else for your auth.
auth through someone else
stubbing out authenticate_user
https://github.com/plataformatec/devise/wiki/How-To:-Stub-authentication-in-controller-specs
using rspec sign_in and factory girl
https://github.com/plataformatec/devise/wiki/How-To:-Test-controllers-with-Rails-3-and-4-(and-RSpec)
People are evil and tricky.