Devise 3 (rails 4) can't update user without password

前端 未结 7 1113
萌比男神i
萌比男神i 2021-02-06 00:34

I\'m trying to update a user without having to provide a password, but approaches that worked on older devise/rails versions no longer work with devise 3 and rails 4 strong para

相关标签:
7条回答
  • 2021-02-06 01:36

    My goal was to enable editing user attributes without requiring a password, unless it's changing email, password or deleting the account. And here's what worked for me:

    app/controllers/registrations_controller.rb:

    class RegistrationsController < Devise::RegistrationsController
      before_action :configure_permitted_parameters
    
      ...
    
      def update
        params[:user][:team_attributes][:id] = current_user.team.id
        account_update_params = devise_parameter_sanitizer.sanitize(:account_update)
    
        if password_required?
          successfully_updated = resource.update_with_password(account_update_params)
        else
          account_update_params.delete(:current_password)
          successfully_updated = resource.update_without_password(account_update_params)
        end
    
        if successfully_updated
          sign_in resource, bypass: true
          redirect_to '/'
        else
          render :edit
        end
      end
    
      def destroy
        current_password = devise_parameter_sanitizer.sanitize(:account_update)[:current_password]
        resource.errors.add(:current_password, current_password.blank? ? :blank : :invalid)
        error_messages = 'Current password ' + resource.errors[:current_password].join
    
        if resource.destroy_with_password(current_password)
          redirect_to '/'
        else
          redirect_to delete_account_path, notice: error_messages
        end
      end
    
      protected
    
      def configure_permitted_parameters
            devise_parameter_sanitizer.permit(:account_update) do |user_params|
          user_params.permit(:username, :email, :password, :password_confirmation, :current_password, :name, :phone_number
        end
      end
    
      private
    
      def password_required?
        (resource.email != params[:user][:email] if params[:user][:email].present?) || params[:user][:password].present?
      end
    end
    

    Update config/routes.rb:

    devise_for :users, controllers: { registrations: 'registrations' }
    

    In views/devise/registrations/edit.html.haml

    # edit form
    ...
    = simple_nested_form_for(resource, as: resource_name, url: registration_path(resource_name), html: { class: 'mo-form' }, defaults: { placeholder: false, hint: false }) do |f|
    ...
    
    # delete form
    ...
    = simple_form_for(resource, as: resource_name, url: user_registration_path(resource_name), method: :delete, html: { class: 'mo-form' }, defaults: { placeholder: false, hint: false }) do |f|
    ...
    
    0 讨论(0)
提交回复
热议问题