1

In my application I have two ways of singing up users:

  1. Sign up form
  2. Facebook Connect

In both ways we store information into the database, but just in the first want we want to store the password.

I have some password related validations that I want to be performed for the first way of users signing up, but I don't want it to happen for the second one. What would be the appropriate and secure way of doing this in Rails?

My first approach was creating an attribute for the user object called password_optional and do a conditional in the validation with that, but I'm not sure how can I set that attribute by default to false or set it to false when the user is signing up using the form.

Improve this question

2 Answers 2

Reset to default
3

If you don't have a password when user signs up via facebook, but your validation requires it, set it to some random string then.

This is exactly what is recommended in Devise documentation.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I think that downvote without comment should be counter voted... +1
1

Skip the validations when you don't need it. There are multiple ways of doing that

Maybe you could have two models User::Normal < User and User::Facebook < User. Most of the logic goes into User, and specificities go into the custom models.

Maybe you could just go validates_presence_of :password, :if => not_facebook? or something of the sort.

Improve this answer

1 Comment

marcgg I think the second approach is what I am looking for, but what exactly is the not_facebook? When/where should I set that?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.