Devise Issue - Allow users to edit without password

Question

I'm using a user scope controller generated by devise to pass additional attributes.

class Users::RegistrationsController < Devise::RegistrationsController
 before_action :sign_up_params, only: [:create]
 before_action :account_update_params, only: [:update

 protected

  def sign_up_params
    devise_parameter_sanitizer.permit(:sign_up, keys: [:first_name, :last_name, :cpf])
  end

  def account_update_params
    devise_parameter_sanitizer.permit(:account_update, keys: [:first_name, :last_name, :cpf, :birth_date, :phone, :gender])
  end

 def update_resource(resource, params)
   resource.update_without_password(params)
 end

end

The routes

devise_for :users, controllers: {registrations: 'users/registrations}

Everything was working until include the update_resource(resource, params) method to the controller and remove the current_password field at the view, as suggested https://github.com/plataformatec/devise/wiki/How-To:-Allow-users-to-edit-their-account-without-providing-a-password

After this change I can edit every additional fields (first_name, last_name...etc) except the password. The password change doesn't persists. Any idea?

Rails version: 5.0.0.1 Devise version: 4.2.0

Charan Kumar Borra Charan Kumar Borra · Accepted Answer · 2016-09-24T18:18:35

In the account_update_params method you need to add your password and password_confirmation.

def account_update_params
    devise_parameter_sanitizer.permit(:account_update, keys: [:first_name, :last_name, :cpf, :birth_date, :phone, :gender, :password, :password_confirmation])
end

Devise Issue - Allow users to edit without password

1 Answers