Assign random password.


I have a user table in my database and what I wish to do is have a
random password generated for each user on create which is then sent to
their email address. I was wondering how I would assign the random

I have the following in my view:

    <div id="p1"><%= t('.username')%></div>
    <%= f.text_field :username %>

    <div id="p1"><%= t('.email')%></div>
    <%= f.text_field :email %>

  <p class="button"><%= f.submit 'Create Account' %></p>

The following in my controller:

  def create
    @user =[:user])

    respond_to do |format|
        session[:user_id] =
        format.html { redirect_to @user, notice: 'User was successfully
created.' }
        format.json { render json: @user, status: :created, location:
@user }
        format.html { render action: "new" }
        format.json { render json: @user.errors, status:
:unprocessable_entity }

And I have the following in my user model:

  attr_accessor :password
  before_save :encrypt_password

  def encrypt_password
    if password.present?
      self.password_salt = BCrypt::Engine.generate_salt
      self.password_hash = BCrypt::Engine.hash_secret(password,

    def self.random_string(len)
    #generate a random password consisting of strings and digits
    chars = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a
    newpass = ""
    1.upto(len) { |i| newpass << chars[rand(chars.size-1)]}
    return newpass

  def self.authenticate(email, password)
    user = find_by_email(email)
    if user && user.password_hash ==
BCrypt::Engine.hash_secret(password, user.password_salt)

I will have to remove my if password.present? line because it won't be
present but I have the random string code, I just need to assign it to
the hash/salt.

The easiest way to make this work with your current code is to just add

@user.password = User.random_string(8)

In the create method of your model after

@user =[:user])

A couple of other quick things you might want to consider,
1.) Don’t allow the ‘password’ attribute to be mass assigned.
2.) The random string method probably doesn’t belong in the User class and could be refactored

Hope that helps