Login/Register
Current password can't be blank when updating devise account
Asked Answered
ruby-on-railsrubydeviseuser-accounts
R

4

5

I am using devise and I want to allow the user to update his account (email & password). So when I click on edit_user_registration_path, I get a page where the user can change his email and password. But when submitting this update form I constantly get this message : 

1 error prohibited this user from being saved: ×
Current password can't be blank

in my ApplicationController, I have

def configure_permitted_parameters
    devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:name, :surname, :email, :user_name, :terms_of_service, :password, :password_confirmation) }
    devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:email, :password, :password_confirmation) }
end

Someone can explain that ?

Ruano answered 18/12, 2013 at 10:57 Comment(1)
possible duplicate of Devise update user without passwordHallucinogen
H
5

By default, Devise has three password fields on edit_user_registration: password, password_confirmation and current_password: default registrations/edit.html.erb

current_password is required for any change; the other two can be left blank if the password is not supposed to be changed.

Homocyclic answered 18/12, 2013 at 11:3 Comment(5)
After adding the current_password field, I get this message : undefined local variable or method unconfirmed_email. Where does this error comes from ?Ruano
@Ruano where exactly is the error raised? What file, what line?Homocyclic
in this file method_missing(gem) activemodel-4.0.0/lib/active_model/attribute_methods.rb in the method_missing method match ? attribute_missing(match, *args, &block) : superRuano
@Ruano please update your question with the new problem and add the full stacktrace, as well as your edit view.Homocyclic
ok, I caught it, I had some :confirmable in my devise user model ! So I deleted and it went ok !Ruano
S
5

Place this code in your User model:

def update_with_password(params, *options)
    current_password = params.delete(:current_password)

    if params[:password].blank?
      params.delete(:password)
      params.delete(:password_confirmation) if params[:password_confirmation].blank?
    end

    result = if params[:password].blank? || valid_password?(current_password)
      update_attributes(params, *options)
    else
      self.assign_attributes(params, *options)
      self.valid?
      self.errors.add(:current_password, current_password.blank? ? :blank : :invalid)
      false
    end

    clean_up_passwords
    result
end
Scots answered 22/9, 2015 at 14:11 Comment(2)
Is right to pretend to have params inside a model? I thought they were just in controllers' context.Decal
@PioneerSkies It's Ok and this answer solved my problem.Shuffle
K
1

By default devise requires password to update the user.

Here's a page with officail instructions to change this behaviour: https://github.com/plataformatec/devise/wiki/How-To:-Allow-users-to-edit-their-account-without-providing-a-password

Klepht answered 12/3, 2017 at 10:4 Comment(0)
C
0

I don't know if you got the solution, but u can do a simple thing:

Create an user_controller, and then, create a user_params with password and password_confirmation and another one (I used this name: user_params_without_password) without password and password_confirmation.

And in your update, you will check if password is present, is yes, you will use user_params, if not, user_params_without_password.

Here is the code:

def update

    if params[:user][:password].present?
      params = user_params
    else
      params = user_params_without_password
    end

def user_params
      params.require(:user).permit( params...

def user_params_without_password
  params.require(:user).permit( params without password

I hope this hint can help you :)

Complimentary answered 24/1, 2017 at 1:23 Comment(0)

© 2022 - 2025 — McMap. All rights reserved.