Ask A Question


You’re not receiving notifications from this thread.

Rails 6, Devise not allowing editing of user without password

Matt Bjornson asked in Gems / Libraries

I've followed the instructions on the devise wiki. I'd like a user to be able to modify their name, username, and email via the new_user_registration route. I keep running into the error where devise is expecting a password with greater than 1 character.

In RegistrationsController,

class RegistrationsController < Devise::RegistrationsController
  before_action :configure_account_update_params, only: [:edit, :update]

  def update_resource(resource, account_update_params)

  def after_update_path_for(resource)
    #redirect_to [current_account, resource]
    account_user_path(current_account, current_user)

  def configure_account_update_params
    devise_parameter_sanitizer.permit(:account_update, except: [:current_password, :password])

  def account_update_params
    params.require(:user).permit(:name, :email, :username)


Rails.application.routes.draw do
  devise_for :users, controllers: {
    registrations: 'registrations',
    sessions: 'sessions'
  devise_scope :user do
    get 'login', to: 'users/sessions#new'
    get 'signup', to: 'users/registrations#new'

in edit.html.erb

<h3>Edit Profile</h3>

<%= simple_form_for(resource, as: resource_name, url: registration_path(resource_name), defaults: {input_html: { class: 'form-control'}, wrapper_html: { class: 'form-group'}}, html: { method: :put }) do |f| %>
  <%= render "devise/shared/error_messages", resource: resource %>
  <%= f.input :email, as: :email %>
  <%= f.input :username %>
  <%= f.input :name %>

  <% if devise_mapping.confirmable? && resource.pending_reconfirmation? %>
    <div>Currently waiting confirmation for: <%= resource.unconfirmed_email %></div>
  <% end %>
  <%= f.button :submit, "Update", class: 'btn btn-primary' %>
<% end %>
  <h5 class="page-header text-center">Cancel my account</h5>
  <p>Unhappy? <%= button_to "Cancel my account", registration_path(resource_name), data: { confirm: "Are you sure?" }, method: :delete, class: 'btn btn-danger' %></p>
<p><%= link_to "Home", dashboard_path %></p>

In application_controller.rb

class ApplicationController < ActionController::Base
  before_action :find_current_tenant, unless: :devise_controller?
  protect_from_forgery with: :exception
  before_action :configure_permitted_parameters, if: :devise_controller?
  before_action :authenticate_user!, unless: :devise_controller?


  def configure_permitted_parameters
        devise_parameter_sanitizer.permit(:sign_up,        keys: [:email, :password, :password_confirmation])
        devise_parameter_sanitizer.permit(:account_update, keys: [:email, :username, :name], except: [:password, :password_confirmation])
        devise_parameter_sanitizer.permit(:sign_in,        keys: [:login, :password])


    Any ideas, I've been trying to find an answer to this for a few hours and am stuck and can't seem to find out why Devise continues to ask for a password... Any hints would be great. Thanks!

I'd also add that something doesn't seem quite right as my url for this edit route looks like this....


note: I'm using UUIDs instead of regular IDs.


I finally figured out what the issues were ( there were multiple)...

  1. for the routing issue above in my last post, it was related to adding on to the edit_user_registration_path route. The issue is that devise isn't expecting a for that route.
  2. Also related to the edit_user_registration path requiring :password, it wasn't because I misconfigured the devise_parameters_sanitizer, it was because ( for whatever reason), I added to my user.rb validates_length_of :password, allow_blank: false once I removed that line, everything worked fine.
Join the discussion
Create an account Log in

Want to stay up-to-date with Ruby on Rails?

Join 80,973+ developers who get early access to new tutorials, screencasts, articles, and more.

    We care about the protection of your data. Read our Privacy Policy.

    Screencast tutorials to help you learn Ruby on Rails, Javascript, Hotwire, Turbo, Stimulus.js, PostgreSQL, MySQL, Ubuntu, and more.

    © 2024 GoRails, LLC. All rights reserved.