Devise 3 (rails 4) can't update user without password

前端未结

关注

 7  1097

I\'m trying to update a user without having to provide a password, but approaches that worked on older devise/rails versions no longer work with devise 3 and rails 4 strong para

相关标签:

7条回答

北海茫月

2021-02-06 01:36

My goal was to enable editing user attributes without requiring a password, unless it's changing email, password or deleting the account. And here's what worked for me:

app/controllers/registrations_controller.rb:

class RegistrationsController < Devise::RegistrationsController
  before_action :configure_permitted_parameters

  ...

  def update
    params[:user][:team_attributes][:id] = current_user.team.id
    account_update_params = devise_parameter_sanitizer.sanitize(:account_update)

    if password_required?
      successfully_updated = resource.update_with_password(account_update_params)
    else
      account_update_params.delete(:current_password)
      successfully_updated = resource.update_without_password(account_update_params)
    end

    if successfully_updated
      sign_in resource, bypass: true
      redirect_to '/'
    else
      render :edit
    end
  end

  def destroy
    current_password = devise_parameter_sanitizer.sanitize(:account_update)[:current_password]
    resource.errors.add(:current_password, current_password.blank? ? :blank : :invalid)
    error_messages = 'Current password ' + resource.errors[:current_password].join

    if resource.destroy_with_password(current_password)
      redirect_to '/'
    else
      redirect_to delete_account_path, notice: error_messages
    end
  end

  protected

  def configure_permitted_parameters
        devise_parameter_sanitizer.permit(:account_update) do |user_params|
      user_params.permit(:username, :email, :password, :password_confirmation, :current_password, :name, :phone_number
    end
  end

  private

  def password_required?
    (resource.email != params[:user][:email] if params[:user][:email].present?) || params[:user][:password].present?
  end
end

Update config/routes.rb:

devise_for :users, controllers: { registrations: 'registrations' }

In views/devise/registrations/edit.html.haml

# edit form
...
= simple_nested_form_for(resource, as: resource_name, url: registration_path(resource_name), html: { class: 'mo-form' }, defaults: { placeholder: false, hint: false }) do |f|
...

# delete form
...
= simple_form_for(resource, as: resource_name, url: user_registration_path(resource_name), method: :delete, html: { class: 'mo-form' }, defaults: { placeholder: false, hint: false }) do |f|
...

0 讨论(0)

上一页 1 2