The title is a little confusing so I will explain. I have the following controller method:
def password_update
@op = params[:old_password]
@np = params[:new_password]
@cp = params[:confirm_password]
if @np == @cp
if [email protected]?
if current_user.update_with_password(:current_password=> @op)
current_user.password = @np
if current_user.save
flash[:notice] = "Password Successfully Changed"
redirect_to settings_path and return
end
else
flash[:notice] = "Incorrent Current Password"
redirect_to change_password_path and return
end
else
flash[:notice] = "New Password Cannot Be Blank"
end
elsel
flash[:notice] = "Incorrect Password Confirmation"
end
redirect_to change_password_path
end
Everything else works nicely, meaning that I have working routes and views that bring you to this method and call it upon form submission. The error arises, however, when I attempt to correctly change my password. BTW, I am using Devise. When I click submit, I get logged out and it says "you must be signed in to complete this action". So I try to sign in, my current password does not work. It has CHANGED my password (to the one I set in the form)! It tells me that I must be signed in (which I am when I attempt to change my password) but it still changes it.
Any help is welcome, however, I am a novice and would greatly appreciate a detailed explanation. Thanks!
I believe that this page in the Devise wiki answers your question: https://github.com/plataformatec/devise/wiki/How-To:-Allow-users-to-edit-their-password
This code in particular
if @user.update_attributes(params[:user])
# Sign in the user by passing validation in case his password changed
sign_in @user, :bypass => true
redirect_to root_path
else
render "edit"
end
and the bypass option seems well named as well. Hope this helps. Cheers
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With