diff --git a/src/Gemfile b/src/Gemfile
index 2017436..31f93e8 100644
--- a/src/Gemfile
+++ b/src/Gemfile
@@ -34,6 +34,11 @@ gem 'jbuilder', '~> 2.5'
 # Use Bootstrap
 gem 'bootstrap-sass', '~> 3.3.7'
 
+# Use sorcery for authentication
+gem 'sorcery'
+# Used for email validation
+gem 'validates_email_format_of'
+
 # Use Capistrano for deployment
 # gem 'capistrano-rails', group: :development
 
diff --git a/src/Gemfile.lock b/src/Gemfile.lock
index 319e6f1..ac6903a 100644
--- a/src/Gemfile.lock
+++ b/src/Gemfile.lock
@@ -41,6 +41,7 @@ GEM
     arel (7.1.4)
     autoprefixer-rails (6.7.2)
       execjs
+    bcrypt (3.1.11)
     bootstrap-sass (3.3.7)
       autoprefixer-rails (>= 5.2.1)
       sass (>= 3.3.4)
@@ -57,6 +58,8 @@ GEM
     debug_inspector (0.0.2)
     erubis (2.7.0)
     execjs (2.7.0)
+    faraday (0.10.1)
+      multipart-post (>= 1.2, < 3)
     ffi (1.9.17)
     globalid (0.3.7)
       activesupport (>= 4.1.0)
@@ -68,6 +71,7 @@ GEM
       rails-dom-testing (>= 1, < 3)
       railties (>= 4.2.0)
       thor (>= 0.14, < 2.0)
+    jwt (1.5.6)
     listen (3.0.8)
       rb-fsevent (~> 0.9, >= 0.9.4)
       rb-inotify (~> 0.9, >= 0.9.7)
@@ -82,9 +86,18 @@ GEM
     mini_portile2 (2.1.0)
     minitest (5.10.1)
     multi_json (1.12.1)
+    multi_xml (0.6.0)
+    multipart-post (2.0.0)
     nio4r (1.2.1)
     nokogiri (1.7.0.1)
       mini_portile2 (~> 2.1.0)
+    oauth (0.5.1)
+    oauth2 (1.3.0)
+      faraday (>= 0.8, < 0.11)
+      jwt (~> 1.0)
+      multi_json (~> 1.3)
+      multi_xml (~> 0.5)
+      rack (>= 1.2, < 3)
     pg (0.19.0)
     puma (3.6.2)
     rack (2.0.1)
@@ -128,6 +141,10 @@ GEM
       sprockets (>= 2.8, < 4.0)
       sprockets-rails (>= 2.0, < 4.0)
       tilt (>= 1.1, < 3)
+    sorcery (0.10.2)
+      bcrypt (~> 3.1)
+      oauth (~> 0.4, >= 0.4.4)
+      oauth2 (~> 1.0, >= 0.8.0)
     spring (2.0.1)
       activesupport (>= 4.2)
     spring-watcher-listen (2.0.1)
@@ -151,6 +168,8 @@ GEM
       thread_safe (~> 0.1)
     uglifier (3.0.4)
       execjs (>= 0.3.0, < 3)
+    validates_email_format_of (1.6.3)
+      i18n
     web-console (3.4.0)
       actionview (>= 5.0)
       activemodel (>= 5.0)
@@ -176,12 +195,14 @@ DEPENDENCIES
   rails-controller-testing
   rake (~> 12.0.0)
   sass-rails (~> 5.0)
+  sorcery
   spring
   spring-watcher-listen (~> 2.0.0)
   sqlite3
   turbolinks (~> 5)
   tzinfo-data
   uglifier (>= 1.3.0)
+  validates_email_format_of
   web-console (>= 3.3.0)
 
 BUNDLED WITH
diff --git a/src/app/assets/javascripts/dashboard.coffee b/src/app/assets/javascripts/dashboard.coffee
new file mode 100644
index 0000000..24f83d1
--- /dev/null
+++ b/src/app/assets/javascripts/dashboard.coffee
@@ -0,0 +1,3 @@
+# Place all the behaviors and hooks related to the matching controller here.
+# All this logic will automatically be available in application.js.
+# You can use CoffeeScript in this file: http://coffeescript.org/
diff --git a/src/app/assets/javascripts/sessions.coffee b/src/app/assets/javascripts/sessions.coffee
new file mode 100644
index 0000000..24f83d1
--- /dev/null
+++ b/src/app/assets/javascripts/sessions.coffee
@@ -0,0 +1,3 @@
+# Place all the behaviors and hooks related to the matching controller here.
+# All this logic will automatically be available in application.js.
+# You can use CoffeeScript in this file: http://coffeescript.org/
diff --git a/src/app/assets/javascripts/users.coffee b/src/app/assets/javascripts/users.coffee
new file mode 100644
index 0000000..24f83d1
--- /dev/null
+++ b/src/app/assets/javascripts/users.coffee
@@ -0,0 +1,3 @@
+# Place all the behaviors and hooks related to the matching controller here.
+# All this logic will automatically be available in application.js.
+# You can use CoffeeScript in this file: http://coffeescript.org/
diff --git a/src/app/assets/stylesheets/dashboard.scss b/src/app/assets/stylesheets/dashboard.scss
new file mode 100644
index 0000000..e8f34fd
--- /dev/null
+++ b/src/app/assets/stylesheets/dashboard.scss
@@ -0,0 +1,3 @@
+// Place all the styles related to the Dashboard controller here.
+// They will automatically be included in application.css.
+// You can use Sass (SCSS) here: http://sass-lang.com/
diff --git a/src/app/assets/stylesheets/sessions.scss b/src/app/assets/stylesheets/sessions.scss
new file mode 100644
index 0000000..ccb1ed2
--- /dev/null
+++ b/src/app/assets/stylesheets/sessions.scss
@@ -0,0 +1,3 @@
+// Place all the styles related to the Sessions controller here.
+// They will automatically be included in application.css.
+// You can use Sass (SCSS) here: http://sass-lang.com/
diff --git a/src/app/assets/stylesheets/users.scss b/src/app/assets/stylesheets/users.scss
new file mode 100644
index 0000000..c47a13e
--- /dev/null
+++ b/src/app/assets/stylesheets/users.scss
@@ -0,0 +1,3 @@
+// Place all the styles related to the User controller here.
+// They will automatically be included in application.css.
+// You can use Sass (SCSS) here: http://sass-lang.com/
diff --git a/src/app/controllers/application_controller.rb b/src/app/controllers/application_controller.rb
index 1c07694..78bed39 100644
--- a/src/app/controllers/application_controller.rb
+++ b/src/app/controllers/application_controller.rb
@@ -1,3 +1,10 @@
 class ApplicationController < ActionController::Base
   protect_from_forgery with: :exception
+  before_action :require_login
+
+  private
+  def not_authenticated
+    flash[:warning] = 'You have to authenticate to access this page.'
+    redirect_to sign_in_path
+  end
 end
diff --git a/src/app/controllers/dashboard_controller.rb b/src/app/controllers/dashboard_controller.rb
new file mode 100644
index 0000000..391fa2e
--- /dev/null
+++ b/src/app/controllers/dashboard_controller.rb
@@ -0,0 +1,4 @@
+class DashboardController < ApplicationController
+  def index
+  end
+end
diff --git a/src/app/controllers/sessions_controller.rb b/src/app/controllers/sessions_controller.rb
new file mode 100644
index 0000000..3c5ead3
--- /dev/null
+++ b/src/app/controllers/sessions_controller.rb
@@ -0,0 +1,22 @@
+class SessionsController < ApplicationController
+  skip_before_action :require_login, except: [:destroy]
+  
+  def new
+  end
+
+  def create
+    if login(params[:email], params[:password])
+      flash[:success] = 'Welcome back!'
+      redirect_back_or_to root_path
+    else
+      flash.now[:warning] = 'E-mail and/or password is incorrect.'
+      render 'new'
+    end
+  end
+
+  def destroy
+    logout
+    flash[:success] = 'See you!'
+    redirect_to sign_in_path
+  end
+end
\ No newline at end of file
diff --git a/src/app/controllers/static_pages_controller.rb b/src/app/controllers/static_pages_controller.rb
index cf48a8b..72ad12d 100644
--- a/src/app/controllers/static_pages_controller.rb
+++ b/src/app/controllers/static_pages_controller.rb
@@ -1,4 +1,6 @@
 class StaticPagesController < ApplicationController
+  skip_before_action :require_login
+  
   def home
   end
 end
diff --git a/src/app/controllers/users_controller.rb b/src/app/controllers/users_controller.rb
new file mode 100644
index 0000000..05a7e80
--- /dev/null
+++ b/src/app/controllers/users_controller.rb
@@ -0,0 +1,24 @@
+class UsersController < ApplicationController
+  skip_before_action :require_login, only: [:new, :create]
+  
+  def new
+    @user = User.new
+  end
+
+  def create
+    @user = User.new(user_params)
+    if @user.save
+      login(params[:user][:email], params[:user][:password])
+      flash[:success] = 'Welcome!'
+      redirect_to root_path
+    else
+      render 'new'
+    end
+  end
+
+  private
+
+  def user_params
+    params.require(:user).permit(:email, :password, :password_confirmation, :username)
+  end
+end
diff --git a/src/app/helpers/dashboard_helper.rb b/src/app/helpers/dashboard_helper.rb
new file mode 100644
index 0000000..a94ddfc
--- /dev/null
+++ b/src/app/helpers/dashboard_helper.rb
@@ -0,0 +1,2 @@
+module DashboardHelper
+end
diff --git a/src/app/helpers/sessions_helper.rb b/src/app/helpers/sessions_helper.rb
new file mode 100644
index 0000000..309f8b2
--- /dev/null
+++ b/src/app/helpers/sessions_helper.rb
@@ -0,0 +1,2 @@
+module SessionsHelper
+end
diff --git a/src/app/helpers/users_helper.rb b/src/app/helpers/users_helper.rb
new file mode 100644
index 0000000..2310a24
--- /dev/null
+++ b/src/app/helpers/users_helper.rb
@@ -0,0 +1,2 @@
+module UsersHelper
+end
diff --git a/src/app/models/user.rb b/src/app/models/user.rb
new file mode 100644
index 0000000..7201ec5
--- /dev/null
+++ b/src/app/models/user.rb
@@ -0,0 +1,8 @@
+class User < ApplicationRecord
+  authenticates_with_sorcery!
+  
+  validates :password, length: { minimum: 3 }
+  validates :password, confirmation: true
+  validates :email, uniqueness: true
+  validates :email, uniqueness: true, email_format: { message: 'has invalid format' } 
+end
diff --git a/src/app/views/dashboard/index.html.erb b/src/app/views/dashboard/index.html.erb
new file mode 100644
index 0000000..b9790e8
--- /dev/null
+++ b/src/app/views/dashboard/index.html.erb
@@ -0,0 +1,3 @@
+<h1>Dashboard!</h1>
+
+<p>Restricted area for authorized users only.</p>
\ No newline at end of file
diff --git a/src/app/views/layouts/_guest_navigation.html.erb b/src/app/views/layouts/_guest_navigation.html.erb
index d558882..ff33d83 100644
--- a/src/app/views/layouts/_guest_navigation.html.erb
+++ b/src/app/views/layouts/_guest_navigation.html.erb
@@ -1,5 +1,5 @@
 <ul class="nav navbar-nav"></ul>
 <ul class="nav navbar-nav navbar-right">
-  <li><%= link_to 'Sign In', '#' %></li>
-  <li><%= link_to 'Sign Up', '#' %></li>
+  <li><%= link_to 'Sign In', sign_in_path %></li>
+  <li><%= link_to 'Sign Up', sign_up_path %></li>
 </ul>
\ No newline at end of file
diff --git a/src/app/views/layouts/_header.html.erb b/src/app/views/layouts/_header.html.erb
index 456b963..2b3885a 100644
--- a/src/app/views/layouts/_header.html.erb
+++ b/src/app/views/layouts/_header.html.erb
@@ -13,7 +13,7 @@
         <% end %>
       </div>
       <div id="navbar" class="navbar-collapse collapse">
-        <% if false %> <!-- TODO: replace false with current_user -->
+        <% if current_user != nil %>
           <%= render 'layouts/navigation' %>
         <% else %>
           <%= render 'layouts/guest_navigation' %>
diff --git a/src/app/views/layouts/_navigation.html.erb b/src/app/views/layouts/_navigation.html.erb
index 8faa0d4..a0794a6 100644
--- a/src/app/views/layouts/_navigation.html.erb
+++ b/src/app/views/layouts/_navigation.html.erb
@@ -4,14 +4,14 @@
 </ul>
 <ul class="nav navbar-nav navbar-right">
   <li class="dropdown">
-    <a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false">Username
+    <a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false"><%= current_user.username %>
       <span class="caret"></span>
     </a>
     <ul class="dropdown-menu">
       <li><%= link_to 'Your Profile', '#' %></li>
       <li><%= link_to 'Your Grades', '#' %></li>
       <li role="separator" class="divider"></li>
-      <li><%= link_to 'Log Out', '#' %></li>
+      <li><%= link_to 'Log Out', sign_out_path, method: :delete %></li>
     </ul>
   </li>
 </ul>
\ No newline at end of file
diff --git a/src/app/views/layouts/application.html.erb b/src/app/views/layouts/application.html.erb
index c45a1b1..6484d56 100644
--- a/src/app/views/layouts/application.html.erb
+++ b/src/app/views/layouts/application.html.erb
@@ -12,14 +12,23 @@
   </head>
   <body>
     <%= render 'layouts/header' %>
-    
+
     <!-- Begin page content -->
     <div class="container">
+      <% flash.each do |key, value| %>
+      <div class="alert alert-<%= key %> alert-dismissible" role="alert">
+        <button type="button" class="close" data-dismiss="alert" aria-label="Close">
+          <span aria-hidden="true">&times;</span>
+        </button>
+        <%= value %>
+      </div>
+      <% end %>
+
       <%= yield %>
-      
+
       <%= render 'layouts/footer' %>
     </div>
-    
+
     <%= javascript_include_tag 'application', 'data-turbolinks-track': 'reload' %>
   </body>
-</html>
+</html>
\ No newline at end of file
diff --git a/src/app/views/sessions/new.html.erb b/src/app/views/sessions/new.html.erb
new file mode 100644
index 0000000..ad48b1e
--- /dev/null
+++ b/src/app/views/sessions/new.html.erb
@@ -0,0 +1,14 @@
+<h1>Log In</h1>
+<%= form_tag sessions_path, method: :post do %>
+  <div class="form-group">
+    <%= label_tag :email %>
+    <%= email_field_tag :email, nil, class: 'form-control', required: true %>
+  </div>
+
+  <div class="form-group">
+    <%= label_tag :password %>
+    <%= password_field_tag :password, nil, class: 'form-control', required: true %>
+  </div>
+
+  <%= submit_tag 'Log In', class: 'btn btn-primary btn-lg' %>
+<% end %>
\ No newline at end of file
diff --git a/src/app/views/users/new.html.erb b/src/app/views/users/new.html.erb
new file mode 100644
index 0000000..0c99811
--- /dev/null
+++ b/src/app/views/users/new.html.erb
@@ -0,0 +1,22 @@
+<h1>Registration</h1>
+
+<%= form_for @user do |f| %>
+  <div class="form-group">
+    <%= f.label :username %>
+    <%= f.text_field :username, class: 'form-control', required: true %>
+  </div>
+
+  <div class="form-group">
+    <%= f.label :email %>
+    <%= f.email_field :email, class: 'form-control', required: true %>
+  </div>
+  <div class="form-group">
+    <%= f.label :password %>
+    <%= f.password_field :password, class: 'form-control', required: true %>
+  </div>
+  <div class="form-group">
+    <%= f.label :password_confirmation %>
+    <%= f.password_field :password_confirmation, class: 'form-control', required: true %>
+  </div>
+  <%= f.submit 'Register', class: 'btn btn-primary btn-lg' %>
+<% end %>
\ No newline at end of file
diff --git a/src/config/initializers/sorcery.rb b/src/config/initializers/sorcery.rb
new file mode 100644
index 0000000..fc18d3f
--- /dev/null
+++ b/src/config/initializers/sorcery.rb
@@ -0,0 +1,448 @@
+# The first thing you need to configure is which modules you need in your app.
+# The default is nothing which will include only core features (password encryption, login/logout).
+# Available submodules are: :user_activation, :http_basic_auth, :remember_me,
+# :reset_password, :session_timeout, :brute_force_protection, :activity_logging, :external
+Rails.application.config.sorcery.submodules = []
+
+# Here you can configure each submodule's features.
+Rails.application.config.sorcery.configure do |config|
+  # -- core --
+  # What controller action to call for non-authenticated users. You can also
+  # override the 'not_authenticated' method of course.
+  # Default: `:not_authenticated`
+  #
+  # config.not_authenticated_action =
+
+  # When a non logged in user tries to enter a page that requires login, save
+  # the URL he wanted to reach, and send him there after login, using 'redirect_back_or_to'.
+  # Default: `true`
+  #
+  # config.save_return_to_url =
+
+  # Set domain option for cookies; Useful for remember_me submodule.
+  # Default: `nil`
+  #
+  # config.cookie_domain =
+
+  # Allow the remember_me cookie to be set through AJAX
+  # Default: `true`
+  #
+  # config.remember_me_httponly =
+
+  # -- session timeout --
+  # How long in seconds to keep the session alive.
+  # Default: `3600`
+  #
+  # config.session_timeout =
+
+  # Use the last action as the beginning of session timeout.
+  # Default: `false`
+  #
+  # config.session_timeout_from_last_action =
+
+  # -- http_basic_auth --
+  # What realm to display for which controller name. For example {"My App" => "Application"}
+  # Default: `{"application" => "Application"}`
+  #
+  # config.controller_to_realm_map =
+
+  # -- activity logging --
+  # will register the time of last user login, every login.
+  # Default: `true`
+  #
+  # config.register_login_time =
+
+  # will register the time of last user logout, every logout.
+  # Default: `true`
+  #
+  # config.register_logout_time =
+
+  # will register the time of last user action, every action.
+  # Default: `true`
+  #
+  # config.register_last_activity_time =
+
+  # -- external --
+  # What providers are supported by this app, i.e. [:twitter, :facebook, :github, :linkedin, :xing, :google, :liveid, :salesforce, :slack] .
+  # Default: `[]`
+  #
+  # config.external_providers =
+
+  # You can change it by your local ca_file. i.e. '/etc/pki/tls/certs/ca-bundle.crt'
+  # Path to ca_file. By default use a internal ca-bundle.crt.
+  # Default: `'path/to/ca_file'`
+  #
+  # config.ca_file =
+
+  # For information about LinkedIn API:
+  # - user info fields go to https://developer.linkedin.com/documents/profile-fields
+  # - access permissions go to https://developer.linkedin.com/documents/authentication#granting
+  #
+  # config.linkedin.key = ""
+  # config.linkedin.secret = ""
+  # config.linkedin.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=linkedin"
+  # config.linkedin.user_info_fields = ['first-name', 'last-name']
+  # config.linkedin.user_info_mapping = {first_name: "firstName", last_name: "lastName"}
+  # config.linkedin.access_permissions = ['r_basicprofile']
+  #
+  #
+  # For information about XING API:
+  # - user info fields go to https://dev.xing.com/docs/get/users/me
+  #
+  # config.xing.key = ""
+  # config.xing.secret = ""
+  # config.xing.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=xing"
+  # config.xing.user_info_mapping = {first_name: "first_name", last_name: "last_name"}
+  #
+  #
+  # Twitter will not accept any requests nor redirect uri containing localhost,
+  # make sure you use 0.0.0.0:3000 to access your app in development
+  #
+  # config.twitter.key = ""
+  # config.twitter.secret = ""
+  # config.twitter.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=twitter"
+  # config.twitter.user_info_mapping = {:email => "screen_name"}
+  #
+  # config.facebook.key = ""
+  # config.facebook.secret = ""
+  # config.facebook.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=facebook"
+  # config.facebook.user_info_mapping = {:email => "name"}
+  # config.facebook.access_permissions = ["email", "publish_actions"]
+  # config.facebook.display = "page"
+  # config.facebook.api_version = "v2.2"
+  #
+  # config.github.key = ""
+  # config.github.secret = ""
+  # config.github.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=github"
+  # config.github.user_info_mapping = {:email => "name"}
+  #
+  # config.paypal.key = ""
+  # config.paypal.secret = ""
+  # config.paypal.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=paypal"
+  # config.paypal.user_info_mapping = {:email => "email"}
+  #
+  # config.wechat.key = ""
+  # config.wechat.secret = ""
+  # config.wechat.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=wechat"
+  #
+  # config.google.key = ""
+  # config.google.secret = ""
+  # config.google.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=google"
+  # config.google.user_info_mapping = {:email => "email", :username => "name"}
+  # config.google.scope = "https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile"
+  #
+  # For Microsoft Graph, the key will be your App ID, and the secret will be your app password/public key.
+  # The callback URL "can't contain a query string or invalid special characters", see: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-v2-limitations#restrictions-on-redirect-uris
+  # More information at https://graph.microsoft.io/en-us/docs
+  #
+  # config.microsoft.key = ""
+  # config.microsoft.secret = ""
+  # config.microsoft.callback_url = "http://0.0.0.0:3000/oauth/callback/microsoft"
+  # config.microsoft.user_info_mapping = {:email => "userPrincipalName", :username => "displayName"}
+  # config.microsoft.scope = "openid email https://graph.microsoft.com/User.Read"
+  #
+  # config.vk.key = ""
+  # config.vk.secret = ""
+  # config.vk.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=vk"
+  # config.vk.user_info_mapping = {:login => "domain", :name => "full_name"}
+  #
+  # config.slack.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=slack"
+  # config.slack.key = ''
+  # config.slack.secret = ''
+  # config.slack.user_info_mapping = {email: 'email'}
+  #
+  # To use liveid in development mode you have to replace mydomain.com with
+  # a valid domain even in development. To use a valid domain in development
+  # simply add your domain in your /etc/hosts file in front of 127.0.0.1
+  #
+  # config.liveid.key = ""
+  # config.liveid.secret = ""
+  # config.liveid.callback_url = "http://mydomain.com:3000/oauth/callback?provider=liveid"
+  # config.liveid.user_info_mapping = {:username => "name"}
+
+  # For information about JIRA API:
+  # https://developer.atlassian.com/display/JIRADEV/JIRA+REST+API+Example+-+OAuth+authentication
+  # to obtain the consumer key and the public key you can use the jira-ruby gem https://github.com/sumoheavy/jira-ruby
+  # or run openssl req -x509 -nodes -newkey rsa:1024 -sha1 -keyout rsakey.pem -out rsacert.pem to obtain the public key
+  # Make sure you have configured the application link properly
+
+  # config.jira.key = "1234567"
+  # config.jira.secret = "jiraTest"
+  # config.jira.site = "http://localhost:2990/jira/plugins/servlet/oauth"
+  # config.jira.signature_method =  "RSA-SHA1"
+  # config.jira.private_key_file = "rsakey.pem"
+
+  # For information about Salesforce API:
+  # https://developer.salesforce.com/signup &
+  # https://www.salesforce.com/us/developer/docs/api_rest/
+  # Salesforce callback_url must be https. You can run the following to generate self-signed ssl cert
+  # openssl req -new -newkey rsa:2048 -sha1 -days 365 -nodes -x509 -keyout server.key -out server.crt
+  # Make sure you have configured the application link properly
+  # config.salesforce.key = '123123'
+  # config.salesforce.secret = 'acb123'
+  # config.salesforce.callback_url = "https://127.0.0.1:9292/oauth/callback?provider=salesforce"
+  # config.salesforce.scope = "full"
+  # config.salesforce.user_info_mapping = {:email => "email"}
+
+  # --- user config ---
+  config.user_config do |user|
+    # -- core --
+    # specify username attributes, for example: [:username, :email].
+    # Default: `[:email]`
+    #
+    # user.username_attribute_names =
+
+    # change *virtual* password attribute, the one which is used until an encrypted one is generated.
+    # Default: `:password`
+    #
+    # user.password_attribute_name =
+
+    # downcase the username before trying to authenticate, default is false
+    # Default: `false`
+    #
+    # user.downcase_username_before_authenticating =
+
+    # change default email attribute.
+    # Default: `:email`
+    #
+    # user.email_attribute_name =
+
+    # change default crypted_password attribute.
+    # Default: `:crypted_password`
+    #
+    # user.crypted_password_attribute_name =
+
+    # what pattern to use to join the password with the salt
+    # Default: `""`
+    #
+    # user.salt_join_token =
+
+    # change default salt attribute.
+    # Default: `:salt`
+    #
+    # user.salt_attribute_name =
+
+    # how many times to apply encryption to the password.
+    # Default: `nil`
+    #
+    # user.stretches =
+
+    # encryption key used to encrypt reversible encryptions such as AES256.
+    # WARNING: If used for users' passwords, changing this key will leave passwords undecryptable!
+    # Default: `nil`
+    #
+    # user.encryption_key =
+
+    # use an external encryption class.
+    # Default: `nil`
+    #
+    # user.custom_encryption_provider =
+
+    # encryption algorithm name. See 'encryption_algorithm=' for available options.
+    # Default: `:bcrypt`
+    #
+    # user.encryption_algorithm =
+
+    # make this configuration inheritable for subclasses. Useful for ActiveRecord's STI.
+    # Default: `false`
+    #
+    # user.subclasses_inherit_config =
+
+    # -- remember_me --
+    # How long in seconds the session length will be
+    # Default: `604800`
+    #
+    # user.remember_me_for =
+
+    # when true sorcery will persist a single remember me token for all
+    # logins/logouts (supporting remembering on multiple browsers simultaneously).
+    # Default: false
+    #
+    # user.remember_me_token_persist_globally =
+
+    # -- user_activation --
+    # the attribute name to hold activation state (active/pending).
+    # Default: `:activation_state`
+    #
+    # user.activation_state_attribute_name =
+
+    # the attribute name to hold activation code (sent by email).
+    # Default: `:activation_token`
+    #
+    # user.activation_token_attribute_name =
+
+    # the attribute name to hold activation code expiration date.
+    # Default: `:activation_token_expires_at`
+    #
+    # user.activation_token_expires_at_attribute_name =
+
+    # how many seconds before the activation code expires. nil for never expires.
+    # Default: `nil`
+    #
+    # user.activation_token_expiration_period =
+
+    # your mailer class. Required.
+    # Default: `nil`
+    #
+    # user.user_activation_mailer =
+
+    # when true sorcery will not automatically
+    # email activation details and allow you to
+    # manually handle how and when email is sent.
+    # Default: `false`
+    #
+    # user.activation_mailer_disabled =
+
+    # method to send email related
+    # options: `:deliver_later`, `:deliver_now`, `:deliver`
+    # Default: :deliver (Rails version < 4.2) or :deliver_now (Rails version 4.2+)
+    #
+    # user.email_delivery_method =
+
+    # activation needed email method on your mailer class.
+    # Default: `:activation_needed_email`
+    #
+    # user.activation_needed_email_method_name =
+
+    # activation success email method on your mailer class.
+    # Default: `:activation_success_email`
+    #
+    # user.activation_success_email_method_name =
+
+    # do you want to prevent or allow users that did not activate by email to login?
+    # Default: `true`
+    #
+    # user.prevent_non_active_users_to_login =
+
+    # -- reset_password --
+    # reset password code attribute name.
+    # Default: `:reset_password_token`
+    #
+    # user.reset_password_token_attribute_name =
+
+    # expires at attribute name.
+    # Default: `:reset_password_token_expires_at`
+    #
+    # user.reset_password_token_expires_at_attribute_name =
+
+    # when was email sent, used for hammering protection.
+    # Default: `:reset_password_email_sent_at`
+    #
+    # user.reset_password_email_sent_at_attribute_name =
+
+    # mailer class. Needed.
+    # Default: `nil`
+    #
+    # user.reset_password_mailer =
+
+    # reset password email method on your mailer class.
+    # Default: `:reset_password_email`
+    #
+    # user.reset_password_email_method_name =
+
+    # when true sorcery will not automatically
+    # email password reset details and allow you to
+    # manually handle how and when email is sent
+    # Default: `false`
+    #
+    # user.reset_password_mailer_disabled =
+
+    # how many seconds before the reset request expires. nil for never expires.
+    # Default: `nil`
+    #
+    # user.reset_password_expiration_period =
+
+    # hammering protection, how long in seconds to wait before allowing another email to be sent.
+    # Default: `5 * 60`
+    #
+    # user.reset_password_time_between_emails =
+
+    # -- brute_force_protection --
+    # Failed logins attribute name.
+    # Default: `:failed_logins_count`
+    #
+    # user.failed_logins_count_attribute_name =
+
+    # This field indicates whether user is banned and when it will be active again.
+    # Default: `:lock_expires_at`
+    #
+    # user.lock_expires_at_attribute_name =
+
+    # How many failed logins allowed.
+    # Default: `50`
+    #
+    # user.consecutive_login_retries_amount_limit =
+
+    # How long the user should be banned. in seconds. 0 for permanent.
+    # Default: `60 * 60`
+    #
+    # user.login_lock_time_period =
+
+    # Unlock token attribute name
+    # Default: `:unlock_token`
+    #
+    # user.unlock_token_attribute_name =
+
+    # Unlock token mailer method
+    # Default: `:send_unlock_token_email`
+    #
+    # user.unlock_token_email_method_name =
+
+    # when true sorcery will not automatically
+    # send email with unlock token
+    # Default: `false`
+    #
+    # user.unlock_token_mailer_disabled = true
+
+    # Unlock token mailer class
+    # Default: `nil`
+    #
+    # user.unlock_token_mailer = UserMailer
+
+    # -- activity logging --
+    # Last login attribute name.
+    # Default: `:last_login_at`
+    #
+    # user.last_login_at_attribute_name =
+
+    # Last logout attribute name.
+    # Default: `:last_logout_at`
+    #
+    # user.last_logout_at_attribute_name =
+
+    # Last activity attribute name.
+    # Default: `:last_activity_at`
+    #
+    # user.last_activity_at_attribute_name =
+
+    # How long since last activity is the user defined logged out?
+    # Default: `10 * 60`
+    #
+    # user.activity_timeout =
+
+    # -- external --
+    # Class which holds the various external provider data for this user.
+    # Default: `nil`
+    #
+    # user.authentications_class =
+
+    # User's identifier in authentications class.
+    # Default: `:user_id`
+    #
+    # user.authentications_user_id_attribute_name =
+
+    # Provider's identifier in authentications class.
+    # Default: `:provider`
+    #
+    # user.provider_attribute_name =
+
+    # User's external unique identifier in authentications class.
+    # Default: `:uid`
+    #
+    # user.provider_uid_attribute_name =
+  end
+
+  # This line must come after the 'user config' block.
+  # Define which model authenticates with sorcery.
+  config.user_class = 'User'
+end
diff --git a/src/config/routes.rb b/src/config/routes.rb
index 38cec18..1ae53d8 100644
--- a/src/config/routes.rb
+++ b/src/config/routes.rb
@@ -1,4 +1,13 @@
 Rails.application.routes.draw do
+  get '/dashboard', to: 'dashboard#index', as: :dashboard
+  
+  resources :users, only: [:new, :create]
+  get '/sign_up', to: 'users#new', as: :sign_up
+  
+  resources :sessions, only: [:new, :create, :destroy]
+  get '/sign_in', to: 'sessions#new', as: :sign_in
+  delete '/sign_out', to: 'sessions#destroy', as: :sign_out
+
   root 'static_pages#home'
 
   # For details on the DSL available within this file, see http://guides.rubyonrails.org/routing.html
diff --git a/src/db/migrate/20170208232446_sorcery_core.rb b/src/db/migrate/20170208232446_sorcery_core.rb
new file mode 100644
index 0000000..0b1bd6d
--- /dev/null
+++ b/src/db/migrate/20170208232446_sorcery_core.rb
@@ -0,0 +1,14 @@
+class SorceryCore < ActiveRecord::Migration[5.0]
+  def change
+    create_table :users do |t|
+      t.string :email,            :null => false
+      t.string :crypted_password
+      t.string :salt
+      t.string :username
+
+      t.timestamps                :null => false
+    end
+
+    add_index :users, :email, unique: true
+  end
+end
diff --git a/src/db/schema.rb b/src/db/schema.rb
index 2611543..5dc3fb4 100644
--- a/src/db/schema.rb
+++ b/src/db/schema.rb
@@ -10,9 +10,16 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 0) do
+ActiveRecord::Schema.define(version: 20170208232446) do
 
-  # These are extensions that must be enabled in order to support this database
-  enable_extension "plpgsql"
+  create_table "users", force: :cascade do |t|
+    t.string   "email",            null: false
+    t.string   "crypted_password"
+    t.string   "salt"
+    t.string   "username"
+    t.datetime "created_at",       null: false
+    t.datetime "updated_at",       null: false
+    t.index ["email"], name: "index_users_on_email", unique: true
+  end
 
 end
diff --git a/src/test/controllers/dashboard_controller_test.rb b/src/test/controllers/dashboard_controller_test.rb
new file mode 100644
index 0000000..d6b02fb
--- /dev/null
+++ b/src/test/controllers/dashboard_controller_test.rb
@@ -0,0 +1,9 @@
+require 'test_helper'
+
+class DashboardControllerTest < ActionDispatch::IntegrationTest
+  test "should get index" do
+    get dashboard_url
+    assert_response :found  #responds with 302 redirect to user's profile
+  end
+
+end
diff --git a/src/test/controllers/sessions_controller_test.rb b/src/test/controllers/sessions_controller_test.rb
new file mode 100644
index 0000000..6135ce6
--- /dev/null
+++ b/src/test/controllers/sessions_controller_test.rb
@@ -0,0 +1,7 @@
+require 'test_helper'
+
+class SessionsControllerTest < ActionDispatch::IntegrationTest
+  # test "the truth" do
+  #   assert true
+  # end
+end
diff --git a/src/test/controllers/users_controller_test.rb b/src/test/controllers/users_controller_test.rb
new file mode 100644
index 0000000..6c3da77
--- /dev/null
+++ b/src/test/controllers/users_controller_test.rb
@@ -0,0 +1,7 @@
+require 'test_helper'
+
+class UsersControllerTest < ActionDispatch::IntegrationTest
+  # test "the truth" do
+  #   assert true
+  # end
+end
diff --git a/src/test/fixtures/users.yml b/src/test/fixtures/users.yml
new file mode 100644
index 0000000..d9ac643
--- /dev/null
+++ b/src/test/fixtures/users.yml
@@ -0,0 +1,17 @@
+# Read about fixtures at http://api.rubyonrails.org/classes/ActiveRecord/FixtureSet.html
+
+# This model initially had no columns defined. If you add columns to the
+# model remove the '{}' from the fixture names and add the columns immediately
+# below each fixture, per the syntax in the comments below
+#
+one:
+  id: 101
+  username: 'test1'
+  email: 'test1@example.com'
+# column: value
+#
+two:
+  id: 102
+  username: 'test2'
+  email: 'test2@example.com'
+# column: value
diff --git a/src/test/models/user_test.rb b/src/test/models/user_test.rb
new file mode 100644
index 0000000..82f61e0
--- /dev/null
+++ b/src/test/models/user_test.rb
@@ -0,0 +1,7 @@
+require 'test_helper'
+
+class UserTest < ActiveSupport::TestCase
+  # test "the truth" do
+  #   assert true
+  # end
+end