Ruby on Rails, Devise gem. How to remove current password when password is blank?

后端 未结 2 1939
情深已故
情深已故 2021-02-09 19:24

Now I realise this topic has been covered many times before. However there did not appear to be a solution that wanted to make the current password field exempt only when the pa

2条回答
  •  一生所求
    2021-02-09 19:47

    Another very minor change on requiring the current password field or not: my goal is never require a current password unless they are updating their password. for oauth'ed accounts, I check for the facebook id in the view, and don't display the password fields at all.

    In the registrations controller:

    Users::RegistrationsController < Devise::RegistrationsController
    
    def update
    
    self.resource = resource_class.to_adapter.get!(send(:"current_#{resource_name}").to_key)
    
       if resource.update_with_password(params[resource_name])
         set_flash_message :notice, :updated if is_navigational_format?
         sign_in resource_name, resource, :bypass => true
         respond_with resource, :location => after_update_path_for(resource)
       else
         clean_up_passwords(resource)
         respond_with_navigational(resource){ render_with_scope :edit }
       end
    
    
    end
    

    In User.rb, I use update_with_password, and then call verify_password_and_update only if the user has entered something in the password field from the view. Otherwise, I clear the current password param and call update_without_password (this method is built in to devise now as well):

    #to remove the current password check if updating a profile originally gotten via oauth (fb, twitter)
    
    
      def update_with_password(params={})
        if params[:password].blank?
          params.delete(:current_password)
          self.update_without_password(params)
        else
          self.verify_password_and_update(params)
        end
      end
    
      def update_without_password(params={})
    
        params.delete(:password)
        params.delete(:password_confirmation)
        result = update_attributes(params)
        clean_up_passwords
        result
      end
      def verify_password_and_update(params)
        #devises' update_with_password 
        # https://github.com/plataformatec/devise/blob/master/lib/devise/models/database_authenticatable.rb
        current_password = params.delete(:current_password)
    
        if params[:password].blank?
          params.delete(:password)
          params.delete(:password_confirmation) if params[:password_confirmation].blank?
        end
    
        result = if valid_password?(current_password)
          update_attributes(params)
        else
          self.attributes = params
          self.valid?
          self.errors.add(:current_password, current_password.blank? ? :blank : :invalid)
          false
        end
    
        clean_up_passwords
        result
      end
    

提交回复
热议问题