Current password can't be blank when updating devise account

Question

I am using devise and I want to allow the user to update his account (email & password). So when I click on edit_user_registration_path, I get a page where the user can change his email and password. But when submitting this update form I constantly get this message :

1 error prohibited this user from being saved: ×
Current password can't be blank

in my ApplicationController, I have

def configure_permitted_parameters
    devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:name, :surname, :email, :user_name, :terms_of_service, :password, :password_confirmation) }
    devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:email, :password, :password_confirmation) }
end

Someone can explain that ?

Answer 1

By default, Devise has three password fields on edit_user_registration: password, password_confirmation and current_password: default registrations/edit.html.erb

current_password is required for any change; the other two can be left blank if the password is not supposed to be changed.

Answer 2

Place this code in your User model:

def update_with_password(params, *options)
    current_password = params.delete(:current_password)

    if params[:password].blank?
      params.delete(:password)
      params.delete(:password_confirmation) if params[:password_confirmation].blank?
    end

    result = if params[:password].blank? || valid_password?(current_password)
      update_attributes(params, *options)
    else
      self.assign_attributes(params, *options)
      self.valid?
      self.errors.add(:current_password, current_password.blank? ? :blank : :invalid)
      false
    end

    clean_up_passwords
    result
end

Answer 3

By default devise requires password to update the user.

Here's a page with officail instructions to change this behaviour: https://github.com/plataformatec/devise/wiki/How-To:-Allow-users-to-edit-their-account-without-providing-a-password