Reputation: 318
How to remove Current Password requirement for token authenticated users when using Devise in RoR?
UPDATE 1: Updated problem statement
Problem Statement
I am using Devise and offer registered Users the option to invite other people to the site; in that case, I use ActionMailer to send an invitation via a url with token authentication (e.g. http://localhost:3000/payments?auth_token=SsdLxnQ9Eemf6mNsFDfu). These new Users have attribute non_registered = 1, and can access some material requiring authentication, while other features are not available since they are non_registered. I want Users coming to my site to have the option after using the site to be able to create a password and become a fully registered user, but am getting the error message Current password can't be blank when they edit their account information to create a new password.
I realize this is somewhat of a beginner question, but I am a beginner. Loving RoR and every issue that comes up is a learning opportunity. Any idea what is wrong with my code?
My Progress
I looked around and found a few related links, but none seem to address the specific use case I am working on:
- https://groups.google.com/forum/#!msg/plataformatec-devise/1eV4WzH6myc/IiBA4un46RQJ
- https://github.com/plataformatec/devise/wiki/How-To:-Allow-users-to-edit-their-account-without-providing-a-password
- Ruby on Rails, Devise gem. How to remove current password when password is blank?
- Rails 3 - Devise : How to skip the 'current_password' when editing a registration?
- Stop Current Password Requirement for Devise
I did override the Registrations controller, and also customize the Devise Edit view to remove the current_password field. I also added :current_password in my User model as attr_accessible and attr_accessor, though not really sure whether this is necessary. Regardless, I am still getting the error Current password can't be blank when trying to update the password.
My Code
app/controllers/registrations_controller.rb
class RegistrationsController < Devise::RegistrationsController
def update
if params[:user][:not_registered] == "1"
params[:user].delete("current_password")
end
successfully_updated = super
if successfully_updated
params[:user][:not_registered] == "0"
end
end
def new
super
end
def create
super
end
def edit
super
end
def cancel
super
end
def destroy
super
end
end
app/views/devise/registrations/edit.html.erb
<% if current_user.not_registered != 1 %>
<h2>Edit <%= resource_name.to_s.humanize %></h2>
<% else %>
<h2>Sign up</h2>
<% end %>
<%= form_for(resource, :as => resource_name, :url => registration_path(resource_name), :html => { :method => :put }) do |f| %>
<%= devise_error_messages! %>
<div><%= f.label :email %><br />
<%= f.email_field :email, :autofocus => true %></div>
<% if devise_mapping.confirmable? && resource.pending_reconfirmation? %>
<div>Currently waiting confirmation for: <%= resource.unconfirmed_email %></div>
<% end %>
<div><%= f.label :password %><br />
<%= f.password_field :password, :autocomplete => "off" %></div>
<div><%= f.label :password_confirmation %><br />
<%= f.password_field :password_confirmation %></div>
<% if current_user.not_registered != 1 %>
<div><%= f.label :current_password %> <i>(we need your current password to confirm your changes)</i><br />
<%= f.password_field :current_password %></div>
<% end %>
<div class="field">
<%= f.hidden_field :not_registered, :value => current_user.not_registered %>
</div>
<% if current_user.not_registered != 1 %>
<div><%= f.submit "Update" %></div>
<% else %>
<div><%= f.submit "Sign up" %></div>
<% end %>
<% end %>
app/models/user.rb
class User < ActiveRecord::Base
devise :database_authenticatable, :registerable, :token_authenticatable,
:recoverable, :rememberable, :trackable, :validatable, :confirmable
attr_accessible :email, :password, :password_confirmation,
:remember_me, :not_registered, :pay_method, :pay_desc, :email_instructions, :current_password
attr_accessor :current_password
has_many :payments
end
Upvotes: 0
Views: 958
Answers (1)
Reputation: 318
Finally figured it out! I have addressed my question above by implementing the code listed here:
Ruby on Rails, Devise gem. How to remove current password when password is blank?
As is suggested in the comment from @dgmstuart, I removed the if !params[:current_password].blank? to avoid getting mass-assignment errors.
Note that this is just an override of the Devise function update_with_password; the original code is here:
Upvotes: 0
Related Questions
- Devise update user password without password_confirmation
- Set password for user that is already signed in with Devise
- Devise custom authentication without a password
- Devise and Devise Token Auth
- How to make passwords optional using Devise?
- How to authenticate Token with devise
- Rails, devise: how to replace previous login via token authentication
- Token Authentication in Devise
- Optional password during authentication with Devise
- Stop Current Password Requirement for Devise