Ask A Question


You’re not receiving notifications from this thread.

Rails 6, Devise not allowing editing of user without password

Matt Bjornson asked in Gems / Libraries

I've followed the instructions on the devise wiki. I'd like a user to be able to modify their name, username, and email via the new_user_registration route. I keep running into the error where devise is expecting a password with greater than 1 character.

In RegistrationsController,

class RegistrationsController < Devise::RegistrationsController
  before_action :configure_account_update_params, only: [:edit, :update]

  def update_resource(resource, account_update_params)

  def after_update_path_for(resource)
    #redirect_to [current_account, resource]
    account_user_path(current_account, current_user)

  def configure_account_update_params
    devise_parameter_sanitizer.permit(:account_update, except: [:current_password, :password])

  def account_update_params
    params.require(:user).permit(:name, :email, :username)


Rails.application.routes.draw do
  devise_for :users, controllers: {
    registrations: 'registrations',
    sessions: 'sessions'
  devise_scope :user do
    get 'login', to: 'users/sessions#new'
    get 'signup', to: 'users/registrations#new'

in edit.html.erb

<h3>Edit Profile</h3>

<%= simple_form_for(resource, as: resource_name, url: registration_path(resource_name), defaults: {input_html: { class: 'form-control'}, wrapper_html: { class: 'form-group'}}, html: { method: :put }) do |f| %>
  <%= render "devise/shared/error_messages", resource: resource %>
  <%= f.input :email, as: :email %>
  <%= f.input :username %>
  <%= f.input :name %>

  <% if devise_mapping.confirmable? && resource.pending_reconfirmation? %>
    <div>Currently waiting confirmation for: <%= resource.unconfirmed_email %></div>
  <% end %>
  <%= f.button :submit, "Update", class: 'btn btn-primary' %>
<% end %>
  <h5 class="page-header text-center">Cancel my account</h5>
  <p>Unhappy? <%= button_to "Cancel my account", registration_path(resource_name), data: { confirm: "Are you sure?" }, method: :delete, class: 'btn btn-danger' %></p>
<p><%= link_to "Home", dashboard_path %></p>

In application_controller.rb

class ApplicationController < ActionController::Base
  before_action :find_current_tenant, unless: :devise_controller?
  protect_from_forgery with: :exception
  before_action :configure_permitted_parameters, if: :devise_controller?
  before_action :authenticate_user!, unless: :devise_controller?


  def configure_permitted_parameters
        devise_parameter_sanitizer.permit(:sign_up,        keys: [:email, :password, :password_confirmation])
        devise_parameter_sanitizer.permit(:account_update, keys: [:email, :username, :name], except: [:password, :password_confirmation])
        devise_parameter_sanitizer.permit(:sign_in,        keys: [:login, :password])


    Any ideas, I've been trying to find an answer to this for a few hours and am stuck and can't seem to find out why Devise continues to ask for a password... Any hints would be great. Thanks!

I'd also add that something doesn't seem quite right as my url for this edit route looks like this....


note: I'm using UUIDs instead of regular IDs.


I finally figured out what the issues were ( there were multiple)...

  1. for the routing issue above in my last post, it was related to adding on to the edit_user_registration_path route. The issue is that devise isn't expecting a for that route.
  2. Also related to the edit_user_registration path requiring :password, it wasn't because I misconfigured the devise_parameters_sanitizer, it was because ( for whatever reason), I added to my user.rb validates_length_of :password, allow_blank: false once I removed that line, everything worked fine.
Join the discussion
Create an account Log in

Want to stay up-to-date with Ruby on Rails?

Join 83,770+ developers who get early access to new tutorials, screencasts, articles, and more.

    We care about the protection of your data. Read our Privacy Policy.