How to remove Current Password requirement for token authenticated users when using Devise in RoR?

0
votes

UPDATE 1: Updated problem statement

Problem Statement

I am using Devise and offer registered Users the option to invite other people to the site; in that case, I use ActionMailer to send an invitation via a url with token authentication (e.g. http://localhost:3000/payments?auth_token=SsdLxnQ9Eemf6mNsFDfu). These new Users have attribute non_registered = 1, and can access some material requiring authentication, while other features are not available since they are non_registered. I want Users coming to my site to have the option after using the site to be able to create a password and become a fully registered user, but am getting the error message Current password can't be blank when they edit their account information to create a new password.

I realize this is somewhat of a beginner question, but I am a beginner. Loving RoR and every issue that comes up is a learning opportunity. Any idea what is wrong with my code?

My Progress

I looked around and found a few related links, but none seem to address the specific use case I am working on:

I did override the Registrations controller, and also customize the Devise Edit view to remove the current_password field. I also added :current_password in my User model as attr_accessible and attr_accessor, though not really sure whether this is necessary. Regardless, I am still getting the error Current password can't be blank when trying to update the password.

My Code

app/controllers/registrations_controller.rb

class RegistrationsController < Devise::RegistrationsController
    def update
        if params[:user][:not_registered] == "1"
            params[:user].delete("current_password")
        end
        successfully_updated = super
        if successfully_updated
            params[:user][:not_registered] == "0"
        end
    end

    def new
        super
    end    

    def create
        super
    end 

    def edit
        super
    end 

    def cancel
        super
    end 

    def destroy
        super
    end     
end

app/views/devise/registrations/edit.html.erb

<% if current_user.not_registered != 1 %>
  <h2>Edit <%= resource_name.to_s.humanize %></h2>
<% else %>
  <h2>Sign up</h2>
<% end %>

<%= form_for(resource, :as => resource_name, :url => registration_path(resource_name), :html => { :method => :put }) do |f| %>
  <%= devise_error_messages! %>

  <div><%= f.label :email %><br />
  <%= f.email_field :email, :autofocus => true %></div>

  <% if devise_mapping.confirmable? && resource.pending_reconfirmation? %>
    <div>Currently waiting confirmation for: <%= resource.unconfirmed_email %></div>
  <% end %>

  <div><%= f.label :password %><br />
    <%= f.password_field :password, :autocomplete => "off" %></div>

  <div><%= f.label :password_confirmation %><br />
  <%= f.password_field :password_confirmation %></div>

  <% if current_user.not_registered != 1 %>
    <div><%= f.label :current_password %> <i>(we need your current password to confirm your changes)</i><br />
    <%= f.password_field :current_password %></div>
  <% end %>

  <div class="field">
    <%= f.hidden_field :not_registered, :value => current_user.not_registered %>
  </div>

  <% if current_user.not_registered != 1 %>
    <div><%= f.submit "Update" %></div>
  <% else %>
    <div><%= f.submit "Sign up" %></div>
  <% end %>
<% end %>

app/models/user.rb

class User < ActiveRecord::Base
  devise :database_authenticatable, :registerable, :token_authenticatable,
         :recoverable, :rememberable, :trackable, :validatable, :confirmable

  attr_accessible :email, :password, :password_confirmation,
  :remember_me, :not_registered, :pay_method, :pay_desc, :email_instructions, :current_password

  attr_accessor :current_password
  has_many :payments
end
1
ruby-on-railsauthenticationdevisepasswords
please have a look at github.com/scambra/devise_invitable. it think this is what u need.prasad.surase
@prasad.surase Thanks for sharing that resource, unfortunately it is not going to work for this case. Your link states for that after the email is sent, "When clicked, the invited must set a password in order to accept its invitation." However, in my site a User can access material that requires authentication via the token without being required to set a password. If over time they decide they want to register, they can at a later date, which then allows them to access additional features. I will clarify my question to include this info as well. Any other ideas?Adam

1 Answers

0
votes

Finally figured it out! I have addressed my question above by implementing the code listed here:

Ruby on Rails, Devise gem. How to remove current password when password is blank?

As is suggested in the comment from @dgmstuart, I removed the if !params[:current_password].blank? to avoid getting mass-assignment errors.

Note that this is just an override of the Devise function update_with_password; the original code is here:

http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/DatabaseAuthenticatable#update_with_password-instance_method