Reputation: 5629
Devise: Create users without password
In our application we have normal users. However, we want to be able to make invitations, to invite certain people. Note that an invitation is directly coupled to a user, as we want to be able to set certain settings for these users already. (We are mitigating clients from our old software to the new).
So:
- An admin should be able to create a new user and change its settings.
- When someone follows a link with their
invitation_token, they should see a form where they can set a password for their account.
What I am having trouble with, is how to enable the admin to create an user account, bypassing the normal password validation. It would be a horrible solution if a default password would need to be set, as this would create a severe security flaw.
How to create a new User in Devise without providing a password?
Upvotes: 35
Views: 26096
Answers (4)
Reputation: 7210
If you need to completely overwrite the password requirement just define the following on your model:
def password_required?
false
end
Upvotes: 3
Reputation: 1037
You can now use the DeviseInvitable gem for this.
It allows you to do exactly what you're asking.
Upvotes: 2
Reputation: 2883
TL;DR:
user.define_singleton_method(:password_required?) { false }
Fiddle:
class MockDeviseUser
protected
def password_required?
true
end
end
class User < MockDeviseUser
def is_password_required?
puts password_required?
end
end
unrequired_password_user = User.new
unrequired_password_user.define_singleton_method(:password_required?) { false }
unrequired_password_user.is_password_required?
regular_user = User.new
regular_user.is_password_required?
#false
#true
Upvotes: 8
Reputation: 7024
There are at least two ways to do what you want:
Method 1:
Overload Devise's password_required? method
class User < ActiveRecord::Base
attr_accessor :skip_password_validation # virtual attribute to skip password validation while saving
protected
def password_required?
return false if skip_password_validation
super
end
end
Usage:
@user.skip_password_validation = true
@user.save
Method 2:
Disable validation with validate: false option:
user.save(validate: false)
This will skip validation of all fields (not only password). In this case you should make sure that all other fields are valid.
...
But I advise you to not create users without password in your particular case. I would create some additional table (for example, invitations) and store all required information including the fields that you want to be assigned to a user after confirmation.
Upvotes: 83
Related Questions
- How to create user without password and set it later with Devise form?
- Devise authentication without password, using just username
- Devise custom authentication without a password
- Devise - creating users only by admin
- How to make passwords optional using Devise?
- How to manually create users with Devise
- In Rails when using the Devise gem how to create a user without email and password?
- Rails 3 with Devise for Authentication - How do I manually create a user?
- Rails devise without password
- Devise: Create User without Password then Require Password to Use Account?