user2759575
Reputation: 553
Devise edit on custom view without current_password
I am trying to put profile edit capabilities on to a custom '/info' page without needing current_password. It only works when you enter your current_password. Without the current password no error happens but it redirects to the unsuccessful update path specified in the controller.
I have a registrations_controller that overrides the devise one:
class RegistrationsController < Devise::RegistrationsController
def info
@user = current_user
if @user
render :info
else
render file: 'public/404', status: 404, formats: [:html]
end
end
def update
@user = User.find(current_user.id)
successfully_updated = if needs_password?(@user, params)
@user.update_with_password(devise_parameter_sanitizer.for(:account_update))
else
params[:user].delete(:current_password)
@user.update_without_password(devise_parameter_sanitizer.for(:account_update))
end
if successfully_updated
set_flash_message :notice, :updated
sign_in @user, :bypass => true
redirect_to user_path(current_user)
else
redirect_to user_path(current_user)
end
end
def needs_password?(user, params)
user.email != params[:user][:email] ||
params[:user][:password].present?
end
protected
def after_sign_up_path_for(resource)
'/info'
end
def needs_password?(user, params)
user.email != params[:user][:email] ||
params[:user][:password].present?
end
end
application_controller:
before_filter :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:name, :email, :password, :password_confirmation, :image) }
devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:name, :email, :current_password, :password, :password_confirmation, :image) }
end
routes.rb:
devise_for :users, :controllers => { :registrations => "registrations" }
devise_scope :user do
get "/info" => "registrations#info"
end
info.html.erb:
<%= simple_form_for(resource, :as => resource_name, :url => registration_path(resource_name), :html => { :method => :put}) do |f| %>
<%= f.error_notification %>
<%= f.input :image %>
<%= f.submit "Update", class: "button5"%>
<% end %>
Upvotes: 0
Views: 144
Answers (1)
Nick Urban
Reputation: 3588
If you don't want it to require the password, you could either get rid of the if needs_password? / else code and just use update_without_password all the time -- or you could define needs_password? to always return false.
Note: your needs_password? method is defined twice in your sample code.
Upvotes: 1
Related Questions
- Let user update their password without current password in devise
- Editing Devise user in one view and requiring password only for some fields
- Devise edit user without password
- Rails Devise password edit not working
- Editing Devise From Users#show view
- Allow users to edit their account without providing a password | Rails4
- Use a different view for devise default change password method
- How can devise allowing me to update password without passing current password?
- Showing the devise edit password screen
- How to get rid of devise current password requirement when editing a user?