Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Let user update their password without current password in devise

Tags:

ruby-on-rails

devise

I am on rails 4.2.1 and devise 3.4.1. I basically want 2 things at same time:

Allow users to edit their password

and

Allow users to edit their account without providing a password

I managed to have them working separately. But solution 1 for the first problem seems to be, I'm afraid, incompatible with the only official solution for the second problem because, for the latter, I need to override the registration controller.

Hence I tried to do the solution 1 job in the registration controller rather than the application one:

class Users::RegistrationsController < Devise::RegistrationsController
  before_filter :configure_account_update_params, only: [:update]

  protected

  def configure_account_update_params
    devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:name, :password, :password_confirmation, :current_password) }
  end

  def update_resource(resource, params)
    resource.update_without_password(params)
  end

end

This way only added attribute like name get updated while password is completely filtered out. I am not sure I should start an heavy customization as in solutions 2 and 3 for such a simple aim.. Am I missing anything?

like image 483
masciugo Avatar asked May 07 '15 15:05

masciugo

2 Answers

Add this to your registrations_controller:

def update_resource(resource, params)
  resource.update_without_password(params)
end

And override the update_withour_password method on your user model or the model that uses Devise:

def update_without_password(params, *options)
  if params[:password].blank?
    params.delete(:password)
    params.delete(:password_confirmation) if params[:password_confirmation].blank?
  end

  result = update_attributes(params, *options)
  clean_up_passwords
  result
end

Official docs/code - database_authenticatable

like image 81
user177468 Avatar answered Nov 02 '22 09:11

user177468

After digging in devise code I found out that update_without_password removes on purpose :password and :password_confirmation params. This is done by default for security reasons.

So the (maybe risky) solution was to override update_without_password in my resource model as it is but without removing passwords* params

like image 24
masciugo Avatar answered Nov 02 '22 09:11

masciugo
Sign in to Comment

Related questions

How can I specify an alternative directory for my HandlebarsJS templates with the ember-rails gem?
Rails development Mac OS or Windows
If action_name Rails
Adding Username to devise rails 4
How can I get all posts from a specific user
Need to use add_index on migration for belongs_to/has_many relationship? (Rails 3.2, Active Record)
Unknown Attribute Error after Adding Columns to table Rails 3
join two tables to get data rails 4
Rails .where(.... and ....) Searching for two values of the same attribute
how to get the remote ip (requester) on grape-api rails application
Rails 4 - Error Handling via Ajax - Error not firing
I can't install paperclip
Single custom param name in routes for nested resources Rails 4.1
Currency to number conversion rails
Wrapper mappings in simple_form
rails 4.1 add videos folder to asset pipeline
Custom range with FactoryGirl sequence
Find_by_sql as a Rails scope
Duplicated key at line 80 ignored: "name" rvm
Rails 'to_sql' without '\'

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!