Rails 3 + devise + active_scaffold how make password not required

Question

I have the model Agency based on Devise:

class Agency < ActiveRecord::Base
  devise :database_authenticatable, :registerable,
         :recoverable, :rememberable, :trackable, :validatable

  attr_accessible :name, :email, :phone, :address, :city, :state, :zip,
                  :notes, :is_admin, :password, :password_confirmation, :remember_me

  protected

  def password_required?
   !persisted? || password.present? || password_confirmation.present?
  end
end

Also I have the AgenciesController based on active_scaffold:

class Admin::AgenciesController < Admin::BaseController
  before_filter :authorize_admin!

  active_scaffold :agency do |conf|
    actions.exclude :show

    create.link.page = true
    update.link.page = true

    list.columns = [
      :name, :email, :phone, :address, :city, 
      :state, :zip, :notes, :events, :is_admin
    ]

    create.columns = [
      :name, :email, :phone, :address, :city, :state, :zip, 
      :is_admin, :password, :password_confirmation
    ]

    update.columns = [
      :name, :email, :phone, :address, :city, :state, :zip, 
      :is_admin, :password, :password_confirmation
    ]

    columns.add :password
    columns.add :password_confirmation    

    columns[:password].form_ui = :password
    columns[:password_confirmation].form_ui = :password
  end
end 

Then here is Agency update form:

I would like to provide an opportunity for user to omit filling in of password and password_confirmation fields. But if user fills in password field the password_confirmation field have to be required.

I almost solved my problem by password_required? method. But javascript required verification on client doesn't allow me solve my problem completely.

How Can I remove JS varification from client for password and password_confirmation fields?

Answer 1

Try:

validates_confirmation_of :password, :if => :password_required?

validates :password_confirmation, :presence => true, :if => '!password.nil?'

Note that the validation is only triggered if password_required? returns true, and password_required? will return false if the password_confirmation field is nil.

So in order to make password_confirmation field to be nil, you simply need to remove the password_confirmation field from the form and that way you will always get it nil thus bypassing the validations.

Alternate Solutions:

1) Skip validation of password field

2) Just save a random secure generated number in the password field ( Better because it's easy and also maintain the consistency ).

self.password = self.password_confirmation = SecureRandom.urlsafe_base64(n=6)

Also if you want that such fields should be identified differently as been left by the user then you can give unique passwords to them so later you impose the condition like:

if(self.password == "something unique" and self.password_confirmation == "something unique")
    flash[:notice] = "The user has not password"
end

Then on UI level, you simply display with blank using the above condition.

Answer 2

@Saurabh Jain, thanks a lot for your advices.
But solution was so much simple.
I have found out that active_scaffold adds an required attribute for input tag of password field.
By another words a client gets an html

<input type="password" required="required" size="30" name="record[password_confirmation]" id="record_password_confirmation_4" class="password_confirmation-input text-input" autocomplete="off">

Exactly required attribute was my problem :) To remove it from html simply add line

columns[:password].required = false;

to active_scaffold configuration in Admin::AgenciesController (see it above)