How can I sometimes require a password, and sometimes not with has_secure_password?

Question

My application allows people to register using a password or using Facebook.

Even when I remove password checks from my User model, I get :password_digest => ["can't be blank"] in the user model.

I am using has_secure_password .

How can I make password_digest NOT mandatory?

+6

bevanb Aug 11 '12 at 20:19

2 answers

Later commits added hash parameters to has_secure_password , which allows you to skip checks for the password_digest field. You use it as follows:

  has_secure_password :validations => false

This, unfortunately, is not in rails version 3.2.13. See fooobar.com/questions/324925 / ...

+5

journeyer May 23 '13 at 14:07

meagar · Accepted Answer · 2012-08-11T20:22:45+0000

You can not. has_secure_password automatically adds two validators to your model:

 validates_confirmation_of :password validates_presence_of :password_digest

Instead, set a dummy value for password_digest for users who do not have a password:

 user.password = user.password_confirmation = "" user.password_digest = "facebook-authorized account"

This is safe because the password cannot be hashed to match this digest.