Reputation: 3710
Devise: Disable password confirmation during sign-up
I am using Devise for Rails. In the default registration process, Devise requires users to type the password twice for validation and authentication. How can I disable it?
Upvotes: 47
Views: 19577
Answers (9)
Reputation: 5293
To disable password confirmation you can simply remove the password_confirmation field from the registration form. This disables the need to confirm the password entirely!
- Generate devise views if you haven't:
rails g devise:views - Remove the
password_confirmationsection inapp\views\devise\registrations\new.html.erb
The reason why this works lies in lib/devise/models/validatable.rb in the Devise source:
module Devise
module Models
module Validatable
def self.included(base)
base.class_eval do
#....SNIP...
validates_confirmation_of :password, :if => :password_required?
end
end
#...SNIP...
def password_required?
!persisted? || !password.nil? || !password_confirmation.nil?
end
end
end
end
Note that the validation is only triggered if password_required? returns true, and password_required? will return false if the password_confirmation field is nil.
Because where the password_confirmation field is present in the form, it will always be included in the parameters hash , as an empty string if it is left blank, the validation is triggered. However, if you remove the input from the form, the password_confirmation in the params will be nil, and therefore the validation will not be triggered.
Upvotes: 87
Reputation: 1
I think this is the simple way to disable password confirmation: https://github.com/plataformatec/devise/wiki/Disable-password-confirmation-during-registration
Some users wants to make the registration process shorter and easier. One of fields that can be removed is the Password confirmation.
Easiest solution is: you can simply remove the password_confirmation field from the registration form located at devise/registrations/new.html.erb (new.html.haml if you are using HAML), which disables the need to confirm the password entirely!
The reason for this lies in lib/devise/models/validatable.rb in the Devise source:
Note that the validation is only triggered if password_required? returns true, and password_required? will return false if the password_confirmation field is nil.
Because where the password_confirmation field is present in the form, it will always be included in the parameters hash , as an empty string if it is left blank, the validation is triggered. However, if you remove the input from the form, the password_confirmation in the params will be nil, and therefore the validation will not be triggered.
Upvotes: 0
Reputation: 213
You just need to remove the password_confirmation field from your form.
Upvotes: 2
Reputation: 6620
Simplest solution:
Remove :validatable from
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable,
:confirmable, :timeoutable, :validatable
;)
Upvotes: 2
Reputation: 1
Devise's default validations (lib/devise/models/validatable.rb):
validates_confirmation_of :password, :if => :password_required?
and method:
def password_required?
!persisted? || !password.nil? || !password_confirmation.nil?
end
We need override Devise default password validation. Put the following code at the end in order for it not to be overridden by any of Devise's own settings.
validates_confirmation_of :password, if: :revalid
def revalid
false
end
And your model would look like this:
class User < ActiveRecord::Base
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable,
:confirmable, :timeoutable, :validatable
validates_confirmation_of :password, if: :revalid
def revalid
false
end
end
Then remove the password_confirmation field from the registration form.
Upvotes: 0
Reputation: 3026
For the sake of Rails 4 users who find this question, simply delete :password_confirmation from the permitted params, which you declare in ApplicationController.rb.
before_filter :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) do |u|
u.permit(:username, :email, :password)
end
devise_parameter_sanitizer.for(:account_update) do |u|
u.permit(:username, :email, :password)
end
end
Upvotes: 4
Reputation: 7135
See wiki
def update_with_password(params={})
params.delete(:current_password)
self.update_without_password(params)
end
Upvotes: 1
Reputation: 5034
It seems if you just remove the attr_accessible requirement from the model it works just fine without it.
On a side note, I agree with this practice, in the rare case there was a typo, the user can simply use the password recovery to recover their password.
Upvotes: 36
Reputation: 8282
I am not familiar with Devise but if you have access to the model in the controller before save/validation could you do something like the following
model.password_confirmation = model.password
model.save
Upvotes: 11
Related Questions
- Devise update user password without password_confirmation
- Require password only when changing password devise registration
- How to prevent automatic signin after confirmation and setting password using devise
- How to remove devise password resetting during email confirmation?
- Remove password confirmation; devise
- Rails Devise prevent login immediately after Signup without using Confirmable
- Devise: Authentication after Registration without Confirmable
- Disable devise sign_up after logging in
- stopping the sign up option into devise
- Rails - Devise - "Your password was set successfully. You are now signed in" - How to disable?