I have followed Railscast episode 250 revised to create user authentication with has_secure_password which works well. However when I try to update the user profile, I obviously run into issues because it requires password and password confirmation to be present.
Obviously there is no way to overwrite this out of the box so I have created a file called secure_password.rb which I have put into my config/initializers folder and copied the content of the pre-existing file.
My question is this – is there any way to pass a conditional to this file to say if controller action update/edit then don’t require password and password confirmation to be present?
My current code can be found below.
def has_secure_password
gem 'bcrypt-ruby', '~> 3.0.0'
require 'bcrypt'
attr_reader :password
validates_confirmation_of :password
validates_presence_of :password_digest
include InstanceMethodsOnActivation
if respond_to?(:attributes_protected_by_default)
def self.attributes_protected_by_default
super + ['password_digest']
end
end
end
when
password_confirmationis explicitly set tonil, the confirmation validation will not be checked. This is refered to in a Rails pull-request, which suggests having some conditional value to decide ifpassword_confirmationshould be required.In Railscasts #250, I would simply remove the
password_confirmation-field, and change thecreate-action in the Users-controller to the following: