Devise requires password for edits

Question

I am trying to let users update their profile without entering their passwords provided that they're logged in. However, even though the user is logged in, I cannot make edits without a password being entered.

I get this error:

1 error prohibited this user from being saved:

Current password can't be blank

<h1>User profile home</h1>

<p><%= @user.inspect %></p>
<p><%= @user.first_name %></p>
<p><%= @user.last_name %></p>
<p><%= @user.bio %></p>

<h3>Edit profile</h3>

<%= form_for(resource, as: resource_name, url: registration_path(resource_name), html: { method: :put }) do |f| %>
  <%= devise_error_messages! %>

  <div class="field">
    <%= f.label :email %><br />
    <%= f.email_field :email, autofocus: true %>
  </div>

  <div class="field">
    <%= f.label :bio %><br />
    <%= f.text_area :bio %>
  </div>

  <div class="field">
    <%= f.label :first_name %><br />
    <%= f.text_field :first_name %>
  </div>

  <div class="field">
    <%= f.label :last_name %><br />
    <%= f.text_field :last_name %>
  </div>

  <div class="actions">
    <%= f.submit "Update" %>
  </div>
<% end %>

Updated Controller

class ProfilesController < Devise::RegistrationsController
  include AuthenticationConcern

  def home
    user_id = params[:id]
    check_user_route_access current_user, user_id
    @user = User.find_by id: user_id
  end

  def update
    super
  end

  protected

  def update_resource(resource, params)
    resource.update_without_password(params)
  end
end

score 0 · Accepted Answer · answered Dec 15 '17 at 13:40

Found the best answer here for Devise 4.1+

devise 4.1+ answer

class ApplicationController < ActionController::Base    
  before_action :configure_permitted_parameters, if: :devise_controller?

  protected

  def configure_permitted_parameters
    devise_parameter_sanitizer.permit(:sign_up, keys: [:first_name, :last_name, :email])
    devise_parameter_sanitizer.permit(:account_update, keys: [:first_name, :last_name, :phone, :email, bank_attributes: [:bank_name, :bank_account]])
  end
end

score 0 · Answer 2 · answered Dec 31 '17 at 09:05

This is how I have it set in all of my projects.

first thing I do In the model I create an attr_accessor to check if the password needs updating and a method to see if its a new record

#app/models/user.rb
class User < ApplicationRecord
  ...
  attr_accessor :updating_password

  private
  def should_validate_password?
    updating_password || new_record?
  end
  ...
end

Now on the controller, I create a before_filter to check if the password submitted and if its empty I remove it from the params but the most important part is to pass the user.updating_password flag to the user model

class UsersController < ApplicationController
  ...
  before_filter :check_password_submitted, :only => :update

  private
  def check_password_submitted
    if params[:user][:password].blank?
      params[:user].delete("password")
      params[:user].delete("password_confirmation")
      user.updating_password = false
    else
      user.updating_password = true
    end
  end
  ...
end

I hope that this helps you

Happy Hacking

score -1 · Answer 3 · answered Dec 15 '17 at 13:09

-1

A quick search and you can find this resource in the devise wiki :) https://github.com/plataformatec/devise/wiki/How-To:-Allow-users-to-edit-their-account-without-providing-a-password

answered Dec 15 '17 at 13:09

Samy Kacimi

1,216
9
23

so I followed the guide but still no luck. Am I still doing something wrong? :( – Clement Dec 15 '17 at 13:17

Devise requires password for edits

3 Answers3