Home/ Questions/Q 8099455
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-05T22:24:55+00:00

The title is a little confusing so I will explain. I have the following

  • 0

The title is a little confusing so I will explain.
I have the following controller method:

  def password_update
      @op = params[:old_password]
      @np = params[:new_password]
      @cp = params[:confirm_password]

      if @np == @cp
        if !@np.empty?
          if current_user.update_with_password(:current_password=> @op)
              current_user.password = @np
              if current_user.save
                flash[:notice] = "Password Successfully Changed"
                redirect_to settings_path and return 
              end 
          else
            flash[:notice] = "Incorrent Current Password"
            redirect_to change_password_path and return 
          end
        else
          flash[:notice] = "New Password Cannot Be Blank"
        end   
      elsel
        flash[:notice] = "Incorrect Password Confirmation"
      end
      redirect_to change_password_path
    end

Everything else works nicely, meaning that I have working routes and views that bring you to this method and call it upon form submission. The error arises, however, when I attempt to correctly change my password. BTW, I am using Devise. When I click submit, I get logged out and it says “you must be signed in to complete this action”. So I try to sign in, my current password does not work. It has CHANGED my password (to the one I set in the form)! It tells me that I must be signed in (which I am when I attempt to change my password) but it still changes it.

Any help is welcome, however, I am a novice and would greatly appreciate a detailed explanation. Thanks!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I believe that this page in the Devise wiki answers your question: https://github.com/plataformatec/devise/wiki/How-To:-Allow-users-to-edit-their-password

    This code in particular

     if @user.update_attributes(params[:user])
   # Sign in the user by passing validation in case his password changed
   sign_in @user, :bypass => true
   redirect_to root_path
 else
   render "edit"
 end

    and the bypass option seems well named as well. Hope this helps. Cheers

    • 0