5

I am using devise and I want to allow the user to update his account (email & password). So when I click on edit_user_registration_path, I get a page where the user can change his email and password. But when submitting this update form I constantly get this message : 

1 error prohibited this user from being saved: ×
Current password can't be blank

in my ApplicationController, I have

def configure_permitted_parameters
    devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:name, :surname, :email, :user_name, :terms_of_service, :password, :password_confirmation) }
    devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:email, :password, :password_confirmation) }
end

Someone can explain that ?

user1611830
  • 4,749
  • 10
  • 52
  • 89
  • possible duplicate of [Devise update user without password](http://stackoverflow.com/questions/5113248/devise-update-user-without-password) – zrl3dx Dec 18 '13 at 11:03

4 Answers4

5

By default, Devise has three password fields on edit_user_registration: password, password_confirmation and current_password: default registrations/edit.html.erb

current_password is required for any change; the other two can be left blank if the password is not supposed to be changed.

janfoeh
  • 10,243
  • 2
  • 31
  • 56
  • After adding the `current_password` field, I get this message : `undefined local variable or method unconfirmed_email`. Where does this error comes from ? – user1611830 Dec 18 '13 at 11:18
  • @user1611830 where exactly is the error raised? What file, what line? – janfoeh Dec 18 '13 at 11:20
  • in this file `method_missing(gem) activemodel-4.0.0/lib/active_model/attribute_methods.rb` in the `method_missing` method `match ? attribute_missing(match, *args, &block) : super` – user1611830 Dec 18 '13 at 11:26
  • @user1611830 please update your question with the new problem and add the full stacktrace, as well as your edit view. – janfoeh Dec 18 '13 at 11:27
  • ok, I caught it, I had some `:confirmable` in my devise user model ! So I deleted and it went ok ! – user1611830 Dec 18 '13 at 11:30
5

Place this code in your User model:

def update_with_password(params, *options)
    current_password = params.delete(:current_password)

    if params[:password].blank?
      params.delete(:password)
      params.delete(:password_confirmation) if params[:password_confirmation].blank?
    end

    result = if params[:password].blank? || valid_password?(current_password)
      update_attributes(params, *options)
    else
      self.assign_attributes(params, *options)
      self.valid?
      self.errors.add(:current_password, current_password.blank? ? :blank : :invalid)
      false
    end

    clean_up_passwords
    result
end
samjewell
  • 1,068
  • 11
  • 20
Aathi
  • 2,599
  • 2
  • 19
  • 16
1

By default devise requires password to update the user.

Here's a page with officail instructions to change this behaviour: https://github.com/plataformatec/devise/wiki/How-To:-Allow-users-to-edit-their-account-without-providing-a-password

zinovyev
  • 2,084
  • 1
  • 22
  • 32
0

I don't know if you got the solution, but u can do a simple thing:

Create an user_controller, and then, create a user_params with password and password_confirmation and another one (I used this name: user_params_without_password) without password and password_confirmation.

And in your update, you will check if password is present, is yes, you will use user_params, if not, user_params_without_password.

Here is the code:

def update

    if params[:user][:password].present?
      params = user_params
    else
      params = user_params_without_password
    end

def user_params
      params.require(:user).permit( params...

def user_params_without_password
  params.require(:user).permit( params without password

I hope this hint can help you :)

Mario Augusto
  • 1
  • 1