Home/ Questions/Q 3930926
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-19T23:18:13+00:00

Now I realise this topic has been covered many times before. However there did

  • 0

Now I realise this topic has been covered many times before. However there did not appear to be a solution that wanted to make the current password field exempt only when the password in the database was blank.

I currently have the password required in my user model like:

def password_required?
  (authentications.empty? || !password.blank?) && super
end

Then I copied the update function across into my registrations controller:

def update
  if resource.update_with_password(params[resource_name])
    set_flash_message :notice, :updated
    sign_in resource_name, resource, :bypass => true
    redirect_to after_update_path_for(resource)
  else
    clean_up_passwords(resource)
    render_with_scope :edit
  end
end

I just don’t know how to go about ensuring that devise does not need a password when editing a blank password, do I also need to remove the current_password field from the view and do this?

<% if current_user.password_required? %>
  <p><%= f.label :current_password %> <i>(we need your current password to confirm your changes)</i><br />
  <%= f.password_field :current_password %></p>
<% end %>
<p><%= f.submit "Update" %></p>

Any suggestions would be great on this as I am sure I am overlooking something but I am still new to Rails on a whole. Thanks!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Okay so I have finally figured this out!

    Add the following to your class RegistrationsController < Devise::RegistrationsController

    def update
  if resource.update_with_password(params[resource_name])
    set_flash_message :notice, :updated
    sign_in resource_name, resource, :bypass => true
    redirect_to after_update_path_for(resource)
  else
    clean_up_passwords(resource)
    render_with_scope :edit
  end
end

    Then the following to your User model:

    def update_with_password(params={})
  current_password = params.delete(:current_password) if !params[:current_password].blank?

  if params[:password].blank?
    params.delete(:password)
    params.delete(:password_confirmation) if params[:password_confirmation].blank?
  end

  result = if has_no_password?  || valid_password?(current_password)
    update_attributes(params) 
  else
    self.errors.add(:current_password, current_password.blank? ? :blank : :invalid)
    self.attributes = params
    false
  end

  clean_up_passwords
  result
end

def has_no_password?
  self.encrypted_password.blank?
end

    The only thing I was slightly confused about is that in the edit view:

    <% if !current_user.has_no_password? %>

    I wrapped it in that if, I would have thought it would have been:

    <% if current_user.has_no_password? %>

    If anyone can see anything to improve my code or a different, more efficient way let me know!

    • 0