Geek Answers Handbook

Create authentication without password using only username

Can I configure Devise for passwordless authentication?

This is an intranet app. In order to connect to it, firstly, you need to be on the VPN network, plus the application allows you only to see the status of orders and history, and not send any information. I believe it looks like a FedEx or UPS tracking site, but allows the user to see the entire account, with the added security of the VPN box that the client receives from us.

Now I still need a password, but this is a non-negotiable requirement for the project. Clients are accustomed to this scheme and are not very computer savvy to quickly adapt to change.

+10
source share
3 answers

Not too elegant solution (not requiring Devise modification): use the default password, the same for all users

Use the before_validation call before_validation to set the user.password_confirmation value for user.password and user.password_confirmation (for example, password ).

Creating Devise Views with rails generate devise:views

Change the login form to add a hidden password field with a default password value.

As I said, it's not elegant, but it should work without having to delve into the Devise internals.

More elegant solution:

Develop a Devise project on GitHub and adapt https://github.com/plataformatec/devise/blob/master/lib/devise/strategies/database_authenticatable.rb to your needs.

Then you can specify your fork in the Gemfile.

+8
source

In this case, I prefer monkey-patch Devise::Strategies::Authenticatable instead of expanding the entire repository to create a single line.

 Devise::Strategies::Authenticatable.class_eval do private def valid_password? true end end

Just put it in the initializer file or at the end of the devise.rb initializer (I prefer this because it looks a bit like an extra configuration).

To explain valid_password? corrected here valid_password? usually returns password.present? and it is used by Devise::Strategies::DatabaseAuthenticatable as an initial password check before actually checking it against the database. Therefore, this will change the behavior when a password is not provided.

DISCLAIMER: This still works for me, but not fully tested, so use at your own risk.

+3
source

Pretty late, but it can definitely be done with sign_in by turning on Devise::Controllers::Helpers if you have not inherited from DeviseController or a controller that inherits from DeviseController (such as Devise::SessionsController ). Then just call sign_in(user) :

 class SignInWithoutPasswordsController < ApplicationController include Devise::Controllers::Helpers def sign_a_user_in_without_password user = User.find(params[:user_id]) sign_in(user) end end
0
source

More articles:


All Articles