Let user update their password without current password in devise

Question

I am on rails 4.2.1 and devise 3.4.1. I basically want 2 things at same time:

and

Allow users to edit their account without providing a password

I managed to have them working separately. But solution 1 for the first problem seems to be, I'm afraid, incompatible with the only official solution for the second problem because, for the latter, I need to override the registration controller.

Hence I tried to do the solution 1 job in the registration controller rather than the application one:

class Users::RegistrationsController < Devise::RegistrationsController
  before_filter :configure_account_update_params, only: [:update]

  protected

  def configure_account_update_params
    devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:name, :password, :password_confirmation, :current_password) }
  end

  def update_resource(resource, params)
    resource.update_without_password(params)
  end

end

This way only added attribute like name get updated while password is completely filtered out. I am not sure I should start an heavy customization as in solutions 2 and 3 for such a simple aim.. Am I missing anything?

user177468 user177468 · Accepted Answer · 2015-08-03T05:24:25

Add this to your registrations_controller:

def update_resource(resource, params)
  resource.update_without_password(params)
end

And override the update_withour_password method on your user model or the model that uses Devise:

def update_without_password(params, *options)
  if params[:password].blank?
    params.delete(:password)
    params.delete(:password_confirmation) if params[:password_confirmation].blank?
  end

  result = update_attributes(params, *options)
  clean_up_passwords
  result
end

Official docs/code - database_authenticatable

Let user update their password without current password in devise

2 Answers