Rails 3 Devise manually change password

Question

I try to usung devise in my rails app. But i don't understand how can i give user functionality to change his password. I need a form with fields "old password", "new password" and "new password confirmation". How can i do it?

If i use default devise form on "/profile" page

<%= render :template => 'devise/passwords/edit', 
                        :locals => { 
                          :resource => my_user_model_variable, 
                          :resource_name => my_user_model_name } %>

In user.rb contain line

attr_accessible :email, :password, :password_confirmation, :remember_me

But there was undefined method 'devise_error_messages!' for #<#<Class:0x59b9200> and then (after commenting devise_error_messages! line) undefined method 'password' for #<Class:0x59b9200> errors.

I try to use my own PasswordsController:

class PasswordsController < ApplicationController
  before_filter :authenticate_user!

  def edit
    @user = current_user
  end

  def update
    @user = current_user
    raise params.inspect
    if @user.update_with_password(params[:user])
      sign_in(@user, :bypass => true)
      redirect_to root_path, :notice => "Password updated!"
    else
      render :edit
    end
  end
end

and use advise from this question: Rendering the Devise edit Password Form

insert this code

<%= render :template => 'passwords/edit', 
                    :locals => { 
                      :resource => current_user, 
                      :resource_name => User } %>

into "/profile" page.

passwords/edit.html.erb contain this code

<h2>Change your password</h2>
<%# raise resource.inspect %>
<%= form_for(resource, :as => resource_name, :url => password_path(resource_name), :html => { :method => :put }) do |f| %>
  <%# devise_error_messages! %>
  <%= f.hidden_field :reset_password_token %>

  <p><%= f.label :password, "New password" %><br />
  <%= password_field_tag :name => "user[password]"%></p>
  <%= password_field_tag :name => "user[password_confirmation]"%></p>

  <p><%= f.submit "Change my password" %></p>
<% end %>

<%= render :partial => "devise/shared/links" %>

But rendered form has "/profile" value for action attribute and submiting this form do nothing.

Answer 1

Your form should be i.e. password/edit.html.erb

<%# raise resource.inspect %>
<%= form_for(resource, :as => resource_name, :url => password_path(resource_name), :html => { :method => :put }) do |f| %>
  <%# devise_error_messages! %>
  <%= f.hidden_field :reset_password_token %>

   <p><%= f.label :current_password %><br />
   <%= f.password_field :current_password %></p>

  <p><%= f.label :password, "New password" %><br />
  <%= f.password_field :password %></p>

  <p><%= f.label :password_confirmation, "Confirm new password" %><br />
  <%= f.password_field :password_confirmation %></p>

  <p><%= f.submit "Change my password" %></p>
<% end %>

VIEW:

<h3>Change password </h3>
<hr/>
<%= render :template => 'passwords/edit', 
                    :locals => { :resource => current_user, :resource_name => "user" } %>

Controller:

class PasswordsController < ApplicationController
  before_filter :authenticate_user!

  def edit
    @user = current_user
  end

  def update
    @user = current_user
    # raise params.inspect
    if @user.update_with_password(params[:user])
      sign_in(@user, :bypass => true)
      redirect_to root_path, :notice => "Your Password has been updated!"
    else
      render :edit,:locals => { :resource => @user, :resource_name => "user" }
    end
  end
end

Routes:

devise_for :users ,:controllers => {:passwords => "passwords"} do
  end

  resources :passwords

It works for me;