Still getting "Current password can't be blank" in Registration Edit after following wiki

Question

I worry the solution here will be woefully obvious, but I'm having trouble implementing the instructions on the Devise wiki (https://github.com/plataformatec/devise/wiki/How-To%3a-Allow-users-to-edit-their-account-without-providing-a-password)

I'm using Rails 4. After following the wiki, I'm still receiving "current password can't be blank". Here's my setup. Any assistance is much appreciated!

REGISTRATIONS_CONTOLLER.rb

class RegistrationsController < Devise::RegistrationsController
  def update
    @user = User.find(current_user.id)

    successfully_updated = if needs_password?(@user, params)
      @user.update_with_password(devise_parameter_sanitizer.for(:account_update))
      # Rails 3:  @user.update_with_password(params[:user])
    else
      # remove the virtual current_password attribute update_without_password
      # doesn't know how to ignore it
      params[:user].delete(:current_password)
      @user.update_with_password(devise_parameter_sanitizer.for(:account_update))
      # Rails 3: @user.update_without_password(params[:user])
    end

    if successfully_updated
      set_flash_message :notice, :updated
      # Sign in the user bypassing validation in case his password changed
      sign_in @user, :bypass => true
      redirect_to after_update_path_for(@user)
    else
      render "edit"
    end
  end

  private
  # check if we need password to update user data
  # ie if password or email was changed
  # extend this as needed
  def needs_password?(user, params)
    user.email != params[:user][:email] ||
      params[:user][:password].present?
  end
end

APPLICATION_CONTROLER.rb

class ApplicationController < ActionController::Base
  protect_from_forgery with: :exception

  before_filter :configure_permitted_parameters, if: :devise_controller?

  def configure_permitted_parameters
    devise_parameter_sanitizer.for(:account_update) do |u|
      u.permit(:first_name, :last_name, :username, :email, :avatar, :password, :password_confirmation)
    end
    devise_parameter_sanitizer.for(:sign_up) do |u|
      u.permit(:first_name, :last_name, :username, :email, :password, :password_confirmation)
    end
    devise_parameter_sanitizer.for(:sign_in) do |u|
      u.permit(:username, :email, :password)
    end
  end
end

ROUTES.rb

ProjectFoo::Application.routes.draw do
  devise_for :users, :controllers => { :registrations => "registrations",
                                       :invitations => 'users/invitations' }

Note: I'm also using the devise_invitable gem

VIEWS/DEVISE/REGISTRATIONS/EDIT.html.erb

<h2>Edit <%= resource_name.to_s.humanize %></h2>
<%= image_tag @user.avatar.url(:square) %>

<%= form_for(resource, :as => resource_name, :url => registration_path(resource_name), :html => { :method => :put, :class => 'form-horizontal' }) do |f| %>
  <%= devise_error_messages! %>

  <div class="span5">
    <div class="control-group">
      <%= f.label :email, :class => 'control-label' %>
        <div class="controls">
          <%= f.email_field :email, :autofocus => true, :class => 'text_field' %>
        </div>
    </div>

    <div class="control-group">
    <%= f.label :username, :class => 'control-label' %>
      <div class="controls">
       <%= f.text_field :username, :autofocus => true, :class => 'text_field' %>
      </div>
    </div>

    <div class="control-group">
      <%= f.label :first_name, :class => 'control-label' %>
        <div class="controls">
          <%= f.text_field :first_name, :autofocus => true, :class => 'text_field' %>
        </div>
    </div>

    <div class="control-group">
      <%= f.label :last_name, :class => 'control-label' %>
        <div class="controls">
          <%= f.text_field :last_name, :autofocus => true, :class => 'text_field' %>
        </div>
    </div>

    <div class="control-group">
      <%= f.label :twitter_handle, :class => 'control-label' %>
      <div class="controls">
        <%= f.text_field :twitter_handle, :autofocus => true, :class => 'text_field' %>
      </div>
    </div>

    <div class="control-group">
      <%= f.label :avatar, :class => 'control-label' %>
        <div class="controls">
          <%= f.file_field :avatar, :class => 'file_field' %>
        </div>
    </div>
  </div>

  <div class="span5">
    <% if devise_mapping.confirmable? && resource.pending_reconfirmation? %>
      <div>Currently waiting confirmation for: <%= resource.unconfirmed_email %></div>
    <% end %>

    <div class="control-group">
      <%= f.label :password, :class => 'control-label' %>
        <div class="controls">
          <%= f.password_field :password, :autocomplete => "off", :class => 'password_field' %><br><i>(leave blank if you don't want to change it)</i>
        </div>
    </div>

    <div class="control-group">
      <%= f.label :password_confirmation, :class => 'control-label'  %>
        <div class="controls">
          <%= f.password_field :password_confirmation, :class => 'password_field' %>
        </div>
    </div>

    <div class="control-group">
      <%= f.label :current_password, :class => 'control-label'  %>
        <div class="controls">
         <%= f.password_field :current_password, :class => 'password_field' %><p><i>(we need your current password to confirm your changes)</i></p>
        </div>
    </div>
    <%= f.submit "Update" %>

  </div>
<% end %>

<div class="span11">
  <hr>
</div>

<div class="span11">
  <h3>Cancel my account</h3>

  <p>Unhappy? <%= button_to "Cancel my account", registration_path(resource_name), :data => { :confirm => "Are you sure?" }, :method => :delete %></p>

  <p><%= link_to "Back", :back %></p>
</div>

Answer 1

You have update_with_password twice. The second time should be update_without_password.