Skip to main content

Rails 6, Devise not allowing editing of user without password

Gems / Libraries • Asked by Matt Bjornson

I've followed the instructions on the devise wiki. I'd like a user to be able to modify their name, username, and email via the new_user_registration route. I keep running into the error where devise is expecting a password with greater than 1 character.

In RegistrationsController,

class RegistrationsController < Devise::RegistrationsController
  before_action :configure_account_update_params, only: [:edit, :update]
    protected

  def update_resource(resource, account_update_params)
    resource.update_without_password(account_update_params)
  end

  def after_update_path_for(resource)
    #redirect_to [current_account, resource]
    account_user_path(current_account, current_user)
  end

  def configure_account_update_params
    devise_parameter_sanitizer.permit(:account_update, except: [:current_password, :password])
  end

  def account_update_params
    params.require(:user).permit(:name, :email, :username)
  end

routes.rb

Rails.application.routes.draw do
  devise_for :users, controllers: {
    registrations: 'registrations',
    sessions: 'sessions'
  }
  devise_scope :user do
    get 'login', to: 'users/sessions#new'
    get 'signup', to: 'users/registrations#new'
  end
end

in edit.html.erb

<h3>Edit Profile</h3>

<%= simple_form_for(resource, as: resource_name, url: registration_path(resource_name), defaults: {input_html: { class: 'form-control'}, wrapper_html: { class: 'form-group'}}, html: { method: :put }) do |f| %>
  <%= render "devise/shared/error_messages", resource: resource %>
  <%= f.input :email, as: :email %>
  <%= f.input :username %>
  <%= f.input :name %>

  <% if devise_mapping.confirmable? && resource.pending_reconfirmation? %>
    <div>Currently waiting confirmation for: <%= resource.unconfirmed_email %></div>
  <% end %>
  <%= f.button :submit, "Update", class: 'btn btn-primary' %>
<% end %>
<p>
  <h5 class="page-header text-center">Cancel my account</h5>
  <p>Unhappy? <%= button_to "Cancel my account", registration_path(resource_name), data: { confirm: "Are you sure?" }, method: :delete, class: 'btn btn-danger' %></p>
</p>
<p><%= link_to "Home", dashboard_path %></p>

In application_controller.rb

class ApplicationController < ActionController::Base
  set_current_tenant_through_filter
  before_action :find_current_tenant, unless: :devise_controller?
  protect_from_forgery with: :exception
  before_action :configure_permitted_parameters, if: :devise_controller?
  before_action :authenticate_user!, unless: :devise_controller?


  protected

  def configure_permitted_parameters
        devise_parameter_sanitizer.permit(:sign_up,        keys: [:email, :password, :password_confirmation])
        devise_parameter_sanitizer.permit(:account_update, keys: [:email, :username, :name], except: [:password, :password_confirmation])
        devise_parameter_sanitizer.permit(:sign_in,        keys: [:login, :password])

  end
    ....
    ```

    Any ideas, I've been trying to find an answer to this for a few hours and am stuck and can't seem to find out why Devise continues to ask for a password... Any hints would be great. Thanks!

I'd also add that something doesn't seem quite right as my url for this edit route looks like this....

http://localhost:3000/users/edit.584a1cc3-844d-4b47-9281-dfc520a749b1

note: I'm using UUIDs instead of regular IDs.


I finally figured out what the issues were ( there were multiple)...

  1. for the routing issue above in my last post, it was related to adding current_user.id on to the edit_user_registration_path route. The issue is that devise isn't expecting a user.id for that route.
  2. Also related to the edit_user_registration path requiring :password, it wasn't because I misconfigured the devise_parameters_sanitizer, it was because ( for whatever reason), I added to my user.rb validates_length_of :password, allow_blank: false once I removed that line, everything worked fine.

Login or Create An Account to join the conversation.

Subscribe to the newsletter

Join 27,623+ developers who get early access to new screencasts, articles, guides, updates, and more.

    By clicking this button, you agree to the GoRails Terms of Service and Privacy Policy.

    More of a social being? We're also on Twitter and YouTube.