Devise: Create users without password

Question

In our application we have normal users. However, we want to be able to make invitations, to invite certain people. Note that an invitation is directly coupled to a user, as we want to be able to set certain settings for these users already. (We are mitigating clients from our old software to the new).

So:

An admin should be able to create a new user and change its settings.
When someone follows a link with their invitation_token, they should see a form where they can set a password for their account.

What I am having trouble with, is how to enable the admin to create an user account, bypassing the normal password validation. It would be a horrible solution if a default password would need to be set, as this would create a severe security flaw.

How to create a new User in Devise without providing a password?

Are you seeing a database constraint error or is your new user record just not valid? ? — Josh

chumakoff chumakoff · Accepted Answer · 2015-08-24T15:35:33

There are at least two ways to do what you want:

Method 1:

Overload Devise's password_required? method

class User < ActiveRecord::Base
  attr_accessor :skip_password_validation  # virtual attribute to skip password validation while saving

  protected

  def password_required?
    return false if skip_password_validation
    super
  end
end

Usage:

@user.skip_password_validation = true
@user.save

Method 2:

Disable validation with validate: false option:

user.save(validate: false)

This will skip validation of all fields (not only password). In this case you should make sure that all other fields are valid.

...

But I advise you to not create users without password in your particular case. I would create some additional table (for example, invitations) and store all required information including the fields that you want to be assigned to a user after confirmation.

Devise: Create users without password

3 Answers