How to allow nil password_digest when logged in with FB?

Question

I'm 3 months into learning Rails. Trying to add Facebook auth to a Hartl tutorial sample app clone.

I'd like to still allow users to create accounts w/o FB... though I'm open to suggestions on that. I want the FB login to happen instantly, without users having to enter a password.

I've been using the relevant Railscasts (#235-236, etc.) but Ryan uses devise, and I don't want to. In fact, I find the complexity of his solution a good argument for authentication from scratch.

My current bug (after saving a user without validation) is "Password digest missing on new record" and seems to be caused by this. What are my options?

1. I'm tempted to just add a random password_digest but feel a little dirty about that. Should I?
2. Should I rewrite the sign_in function? What exactly needs to happen in it? Maybe I don't fully understand the lifecycle of Hartl's remember_token...
3. Is there anything else I'm missing?

My code is up on Github.

Thanks!

Answer 1

The has_secure_password module automatically adds this validation: validates_presence_of :password_digest. And, there is no way to bypass this validation.

One solution that I can think of is to fallback to the secured password theory explained in the previous version of rails tutorial (http://ruby.railstutorial.org/chapters/modeling-and-viewing-users-two?version=3.0#sec:secure_passwords) and roll your authentication mechanism instead of using has_secure_password.