1. 技术文章
  2. Rails 3 - Devise : How to skip the 'current_password' when editing a registration?

Rails 3 - Devise : How to skip the 'current_password' when editing a registration?

孤者浪人 提交于 2019-12-20 08:30:15

问题


I've implemented omniauth with my devise model, so I can authenticate using other services. Password is not necessary anymore for my model, as users can authenticate using twitter, facebook...

Everything is working fine, but, when an user try to edit its registration, devise skip the process because the user did not inform the 'current_password' (which doesnt exist in some cases now).

I created a registration controller to overwrite the devises one:

class RegistrationsController < Devise::RegistrationsController
  def update
    super
  end
end

But I haven't find any documentation about how to skip the password verification, how could I do it in my update action?


回答1:


Similar to above, try putting this in your user model:

# bypasses Devise's requirement to re-enter current password to edit
def update_with_password(params={}) 
  if params[:password].blank? 
    params.delete(:password) 
    params.delete(:password_confirmation) if params[:password_confirmation].blank? 
  end 
  update_attributes(params) 
end



回答2:


The following worked for me:

In my users controller, in the update action, I have

params[:user].delete(:password) if params[:user][:password].blank?
params[:user].delete(:password_confirmation) if params[:user][:password_confirmation].blank?

Perhaps you could adapt that to a before_save callback?




回答3:


Even the answer has been here for a while I want to post a new one, as I think the selected answer has a little flaws. Maybe it didn't have at the moment the answer was created, but now in 2013, the answer would be like this:

The solution would be to create in User model like this:

  # bypass re-entering current password for edit
  def update_with_password(params={}) 
    current_password = params.delete(:current_password)

    if params[:password].blank? 
      params.delete(:password) 
      params.delete(:password_confirmation) if params[:password_confirmation].blank? 
    end 
    update_attributes(params) 

    clean_up_passwords
  end



回答4:


there is an easier answer, i do not know when devise first had this method but by just adding

Model.update_without_password(params)

it will update attributes without requiring current password.




回答5:


As of devise v4.6.2. It is very easy to do.

As documentation said here:

By default we want to require a password checks on update. You can overwrite this method in your own RegistrationsController.

It means, in your controller override the method update_resource to replace update_with_password with update_without_password:

class Users::RegistrationsController < Devise::RegistrationsController

  # ...

  protected

  def update_resource(resource, params)
    resource.update_without_password(params)
  end
end


来源:https://stackoverflow.com/questions/4101220/rails-3-devise-how-to-skip-the-current-password-when-editing-a-registratio

标签
ruby-on-rails
ruby-on-rails-3
devise
omniauth
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!