How to update user edits in Rails Devise without entering a password

How to update user edits in Rails Devise without entering a password

Here's how to update your user information in Devise without entering your current password.

table of contents

• [Operating environment](#Operating environment)
• [Prerequisites](# Prerequisites)
• [Procedure outline](#Procedure outline)
• [Detailed procedure](#Detailed procedure)
• [STEP1. Strong parameter settings for new registration](#Strong parameter settings for new registration)
• [STEP2. Setting strong parameters for update](#Setting strong parameters for update)
• [STEP3. Define method for updating without password](#Define method for updating without password)
• [STEP4. Remove current_password field from View file](Remove current_password field from #view file)
• Result

Operating environment

OS : macOS Mojave 10.14.6 ruby : 2.6.5p114 rails : 5.2.4 devise : 4.7.1

Prerequisites

Suppose you have already completed the steps from installing the gem to creating the view.

1. devise gem installed
2. rails generate devise installed
3. rails generate devise: views completed
4. Non-default columns such as name have been added to the users table

Outline of procedure

[STEP1. Added strong parameter for new registration to ʻapplication_controller`] (#Setting strong parameters for new registration)

[STEP2. Create registrations_controller.rb incontrollers / users /, add strong parameters to update, fix routing](# update strong parameter settings)

[STEP3. Describe the method for updating without password in registrations_controller.rb and ʻuser.rb`](#Define the method for updating without password)

[STEP4. Remove the current_password field from the View](Remove the current_password field from the #view file)

Detailed procedure

Setting strong parameters for new registration

At present, the name parameter added later is repelled by the strong parameter. Put the following code in application_controller.

application_controller.rb

class ApplicationController < ActionController::Base
 before_action :configure_permitted_parameters, if: :devise_controller?

  protected

  def configure_permitted_parameters
    devise_parameter_sanitizer.permit(:sign_up, keys: [:name])
  end
end

If you check it on the console, you can receive the name parameter and create a user.

irb(main):001:0> User.create(name: 'abc' , email:'[email protected]',password:'123456')
   (1.3ms)  COMMIT
=> #<User id: 2, email: "[email protected]", created_at: "2020-05-30 10:41:46", updated_at: "2020-05-30 10:41:46", name: "abc">

Next, put the input field of name in view.

html:new.html.erb

<h2>Sign up</h2>

<%= form_for(resource, as: resource_name, url: registration_path(resource_name)) do |f| %>
<%= render "devise/shared/error_messages", resource: resource %>

<div class="field">
  <%= f.label :email %><br />
  <%= f.email_field :email, autofocus: true, autocomplete: "email" %>
</div>

//add to
<div class="field">
  <%= f.label :name %><br />
  <%= f.text_field :name, autofocus: true, autocomplete: "name" %>
</div>

<div class="field">
  <%= f.label :password %>
  <% if @minimum_password_length %>
  <em>(<%= @minimum_password_length %> characters minimum)</em>
  <% end %><br />
  <%= f.password_field :password, autocomplete: "new-password" %>
</div>

<div class="field">
  <%= f.label :password_confirmation %><br />
  <%= f.password_field :password_confirmation, autocomplete: "new-password" %>
</div>

<div class="actions">
  <%= f.submit "Sign up" %>
</div>
<% end %>

<%= render "devise/shared/links" %>

This completes the new user registration.

Setting strong parameters for updates

Then add a name field to the user edit view as well.

html:edit.html.erb

//add to
<div class="field">
  <%= f.label :name %><br />
  <%= f.text_field :name, autofocus: true, autocomplete: "name" %>
</div>

You can see that pressing the update button here does not update the name.

Therefore, create ʻusers / registrations_controller.rb` to update the name column, and write as follows.

registrations_controller.rb

class Users::RegistrationsController < Devise::RegistrationsController
  before_action :configure_account_update_params, only: [:update]

  protected

  def configure_account_update_params
    devise_parameter_sanitizer.permit(:account_update, keys: [:name])
  end
end

Then modify the routing to reference this registartions_controller.

routes.rb

Rails.application.routes.draw do
  root 'blogs#index'
  #changes
  devise_for :users, controllers: {
    registrations: 'users/registrations'
  }
  resources :blogs
  end

Then the Name column of Users can be updated.

Define a method to update without a password

However, at the moment, if you do not enter the current_password, an error will occur during update.

So, first, define a method to update the user model without a password.

user.rb

class User < ApplicationRecord
  # Include default devise modules. Others available are:
  # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
  devise :database_authenticatable, :registerable,
         :recoverable, :rememberable, :validatable

  //Method to add
  def update_without_current_password(params, *options)
    params.delete(:current_password)

    if params[:password].blank? && params[:password_confirmation].blank?
      params.delete(:password)
      params.delete(:password_confirmation)
    end

    result = update_attributes(params, *options)
    clean_up_passwords
    result
  end
end

Then call ʻupdate_without_password from registrations_controller`.

registrations_controller.rb

class Users::RegistrationsController < Devise::RegistrationsController
  before_action :configure_account_update_params, only: [:update]

  protected
  //add to(Mandatory)
  def update_resource(resource, params)
    resource.update_without_password(params)
  end

  //Method that redirects to the top screen after update, although not required
  def after_update_path_for(_resource)
    blogs_path
  end

  def configure_account_update_params
    devise_parameter_sanitizer.permit(:account_update, keys: [:name])
  end
end

Remove the current_password field from the view file

Remove current_password from the view file.

html:edit.html.erb

//Delete
<div class="field">
  <%= f.label :current_password %> <i>(we need your current password to confirm your changes)</i><br />
  <%= f.password_field :current_password, autocomplete: "current-password" %>
</div>

result

You can see that the user name has been updated without any errors.