Additional password confirmation in has_secure_password

Question

Additional password confirmation in has_secure_password

Is it possible to disable password confirmation in the bcrypt-ruby (has_secure_password) gem?

+3

ruby-on-rails ruby-on-rails-3

rgtk 02 Apr 12 at 16:55

source to share

3 answers

If you don't want to confirm the password, you simply cannot set the: password_confirmation field and authentication will not run.

Find out more here: https://github.com/rails/rails/pull/5131

Rails 4 edit : Since the introduction of strong parameters, this is no longer relevant. Just remove the confirmation field from the registration form and the parameter will not be passed.

+1

Alan H Apr 14. 13 at 5:19 am

source to share

has_secure_password

is actually part of the ActiveModel and is not a gem in and of itself. The bcrypt gem is only used for the hash of the password_digest attribute.

The has_secure_password method is actually very short ( source here ) and contains one line requiring password confirmation:

# File activemodel/lib/active_model/secure_password.rb, line 34
  validates_confirmation_of :password
  validates_presence_of     :password_digest

So, overriding the has_secure_password method by creating a modified version in your config / initializers folder should work. Commenting out the "validates_confirmation_of" line will disable password confirmation. You can also rewrite the method, of course, to use hash parameters, as you tried to do in your question.

0

Nate berkopec 02 Apr 12 at 17:41

source to share

rgtk · Accepted Answer · 2012-04-03T15:33:30+0000

Change password validation to only work when you create an action.

validates :password, presence: true,
                     length: { minimum: 6 },
                     on: :create

Additional password confirmation in has_secure_password

More articles: