Devise: Disable password confirmation during sign-up
To disable password confirmation you can simply remove the password_confirmation field from the registration form. This disables the need to confirm the password entirely!
- Generate devise views if you haven't:
rails g devise:views - Remove the
password_confirmationsection inapp\views\devise\registrations\new.html.erb
The reason why this works lies in lib/devise/models/validatable.rb in the Devise source:
module Devise
module Models
module Validatable
def self.included(base)
base.class_eval do
#....SNIP...
validates_confirmation_of :password, :if => :password_required?
end
end
#...SNIP...
def password_required?
!persisted? || !password.nil? || !password_confirmation.nil?
end
end
end
end
Note that the validation is only triggered if password_required? returns true, and password_required? will return false if the password_confirmation field is nil.
Because where the password_confirmation field is present in the form, it will always be included in the parameters hash , as an empty string if it is left blank, the validation is triggered. However, if you remove the input from the form, the password_confirmation in the params will be nil, and therefore the validation will not be triggered.
It seems if you just remove the attr_accessible requirement from the model it works just fine without it.
On a side note, I agree with this practice, in the rare case there was a typo, the user can simply use the password recovery to recover their password.