开发者

Rails 3 - Devise : How to skip the 'current_password' when editing a registration?

问答 作者:

I've implemented omniauth with my devise model, so I can authenticate using other services. Password is not necessary anymore for my model, as users can authenticate using twitter, facebook...

Everything is working fine, but, when an user try to edit its registration, devise skip the process because the user did not inform the 'current_password' (which doesnt exist in some cases now).

I cre开发者_C百科ated a registration controller to overwrite the devises one:

class RegistrationsController < Devise::RegistrationsController
  def update
    super
  end
end

But I haven't find any documentation about how to skip the password verification, how could I do it in my update action?

Similar to above, try putting this in your user model:

# bypasses Devise's requirement to re-enter current password to edit
def update_with_password(params={}) 
  if params[:password].blank? 
    params.delete(:password) 
    params.delete(:password_confirmation) if params[:password_confirmation].blank? 
  end 
  update_attributes(params) 
end

The following worked for me:

In my users controller, in the update action, I have

params[:user].delete(:password) if params[:user][:password].blank?
params[:user].delete(:password_confirmation) if params[:user][:password_confirmation].blank?

Perhaps you could adapt that to a before_save callback?

Even the answer has been here for a while I want to post a new one, as I think the selected answer has a little flaws. Maybe it didn't have at the moment the answer was created, but now in 2013, the answer would be like this:

The solution would be to create in User model like this:

  # bypass re-entering current password for edit
  def update_with_password(params={}) 
    current_password = params.delete(:current_password)

    if params[:password].blank? 
      params.delete(:password) 
      params.delete(:password_confirmation) if params[:password_confirmation].blank? 
    end 
    update_attributes(params) 

    clean_up_passwords
  end

there is an easier answer, i do not know when devise first had this method but by just adding

Model.update_without_password(params)

it will update attributes without requiring current password.

As of devise v4.6.2. It is very easy to do.

As documentation said here:

By default we want to require a password checks on update. You can overwrite this method in your own RegistrationsController.

It means, in your controller override the method update_resource to replace update_with_password with update_without_password:

class Users::RegistrationsController < Devise::RegistrationsController

  # ...

  protected

  def update_resource(resource, params)
    resource.update_without_password(params)
  end
end

继续阅读:deviseomniauthruby-on-railsruby-on-rails-3

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9