0

When devise is working with a custom controller (users), how can we alter the update method to happily accept a change in some attributes without requiring password to be submitted as well?

E.g. the form won't let the user update their timezone without also entering their password (twice)

enter image description here

What I know / have tried

I managed to alter the create method, now I wish to alter the update method, and presumably the strong params. I can't locate the strong params and I may not be confident knowing how to alter them if I was successful in finding them

Notes

  • updating the timezone (or any user attributes) results in a PUT to Users::RegistrationsController#update

  • Users::RegistrationsController inherits from Devise::RegistrationsController, but I have no idea where to find Devise::RegistrationsController (I can see it on github but just not in my app)

  • I tried adding this to Users::RegistrationsController but it didn't seem to help

stevec
  • 41,291
  • 27
  • 223
  • 311
  • 1
    When submitting this form, has the user created a password yet in the system at all? The Devise controller is in the gem, you can find it by running `bundle open devise`. But you don;t want to edit that, you want to override it in your controller. – Rockwell Rice Oct 05 '20 at 14:19
  • @RockwellRice yes, they must be logged in (it's in the section where they can edit their account details) – stevec Oct 05 '20 at 14:19
  • Does this answer your question? [Devise: Disable password confirmation during sign-up](https://stackoverflow.com/questions/2795313/devise-disable-password-confirmation-during-sign-up) – Rockwell Rice Oct 05 '20 at 14:23
  • @RockwellRice I would like to keep password confirmation on sign up. The problem atm is when a user is signed in, and they want to change their timezone, they *must* also enter their password (which is unnecessary at that stage since they're already signed in). Basically atm the user has no way of updating their timezone without also updating their password – stevec Oct 05 '20 at 14:25
  • Wait, this is only asking for the current password as confirmation. They can skip updating thier password, but the form also wants the current password to be entered as a confirmation. Sounds like there is some confusion here ( although I could also be the one misunderstanding). – Rockwell Rice Oct 05 '20 at 14:37
  • @RockwellRice ah, so have password and password confirmation as a hidden parameters? – stevec Oct 05 '20 at 14:39
  • No I think you are misunderstanding the error. That second to last field is just simply asking the user to enter their current password as confirmation. This is where the error is coming from I think. If you remove that, or hide it by using something like `<% unless user_signed_in? %>` Devise will skip the validation like that answer I linked to says. – Rockwell Rice Oct 05 '20 at 14:40
  • @RockwellRice ohhh.. I'll try now – stevec Oct 05 '20 at 14:41
  • @RockwellRice yikes. I feel silly. Thanks very much for the help – stevec Oct 05 '20 at 14:43
  • Ya the language there is tricky, easy to miss the "current" before password there. – Rockwell Rice Oct 05 '20 at 14:45
  • @RockwellRice hmm.. I still get the error. `"password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "current_password"=>"[FILTERED]"`. (seems to submit `current_password` even when the form isn't on the page. I will also investigate https://stackoverflow.com/a/11676957/5783745 – stevec Oct 05 '20 at 15:25
  • So when a new user signs up? You aren't really providing enough details here. I would ask another question but make sure to provide enough details to really understand the issue. What field exactly is the issue, what view exactly are you on, etc. – Rockwell Rice Oct 05 '20 at 15:34
  • @RockwellRice this is only on the 'update account info' page (user has already signed up) – stevec Oct 05 '20 at 15:36
  • Ok so it still doesn't submit? Have you tried the answer I posted to? Do you understand what they are saying there, it should make this pretty clear. Also, what do you mean, "when the form isn't on that page"? – Rockwell Rice Oct 05 '20 at 15:38
  • @RockwellRice I think the answer you linked to is for allowing the user to enter their password just once when setting it on sign up? When I say when the form is not on the page I mean I hid it using `<% unless !user_signed_in? %> ..show form only if not signed in..` – stevec Oct 05 '20 at 15:44
  • Oh ya you are correct, I read that wrong. But jsut to be clear, you don't want them to have to do this if they are logged in, so isn't that logic you just mentioned backwards? I think if you switch that to `if` it does what you are wanting? – Rockwell Rice Oct 05 '20 at 16:15
  • @RockwellRice there is a sneaky `!` added in there so it doesn't show if they're logged in. Thanks a lot for all your help on it. I will have a look again with fresh eyes tomorrow. I Think it's tricky because devise controller logic can be difficult to find (especially with custom controllers) – stevec Oct 05 '20 at 16:34
  • 1
    well the best solution I have found is to open the gem up, look at the method, and then override it in your custom controller. Once you get comfortable looking in the gem it becomes a lot easier – Rockwell Rice Oct 05 '20 at 23:29

0 Answers0