how to authenticate the user with warden/devise without password?

Question

In my app during login, user will provide only email, password is not required.I want to authenticate it using devise/warden.

class Users::SessionsController < Devise::SessionsController
  include ExpireExistingToken

  def new
    super
  end

  def create
    self.resource = warden.authenticate!(auth_options)
    set_flash_message!(:notice, :signed_in)
    sign_in(resource_name, resource)
    yield resource if block_given?
    resource.update(language: Constant::SUPPORTED_LANGUAGES.key(params['locale'])) if params['locale'].present?
    resource.send_otp(force_expire: true) if resource.email_verified?
    respond_with resource, location: after_sign_in_path_for(resource)
    flash.delete(:notice)
  end

  def destroy
    session.delete(:is_otp_verified)
    super
  end
end

# frozen_string_literal: true

# Responsible for token expiration
module ExpireExistingToken
  extend ActiveSupport::Concern

  included do
    before_action :remove_existing_token, only: :new
  end

  protected

  def remove_existing_token
    uuid = session[:uuid]
    usr = User.find_by(uuid: uuid) if uuid
    return unless usr
    usr.send(:clear_reset_password_token)
    usr.save
    session.delete(:uuid)
  end
end

I tried to override valid_password? in User model, but it didn't work. Please help me out on this.

Answer 1

You can try to override Devise password required validation method and return false during save. If you want to disable it only for resource or functionality specific, you need to send virtual attribute from form during save.

class User < ActiveRecord::Base
  attr_accessor :skip_validation  

  protected

  def password_required?
    return false if skip_validation
    super
  end
end

Answer 2

In Sinatra with Warden use set_user:

post '/sign_up' do
  user = PgUser.new(id, pg_connection)
  env['warden'].set_user(user)
  redirect '/'
end