Rails 6, Devise not allowing editing of user without password
I've followed the instructions on the devise wiki. I'd like a user to be able to modify their name, username, and email via the new_user_registration route. I keep running into the error where devise is expecting a password with greater than 1 character.
In RegistrationsController,
class RegistrationsController < Devise::RegistrationsController
before_action :configure_account_update_params, only: [:edit, :update]
protected
def update_resource(resource, account_update_params)
resource.update_without_password(account_update_params)
end
def after_update_path_for(resource)
#redirect_to [current_account, resource]
account_user_path(current_account, current_user)
end
def configure_account_update_params
devise_parameter_sanitizer.permit(:account_update, except: [:current_password, :password])
end
def account_update_params
params.require(:user).permit(:name, :email, :username)
end
routes.rb
Rails.application.routes.draw do
devise_for :users, controllers: {
registrations: 'registrations',
sessions: 'sessions'
}
devise_scope :user do
get 'login', to: 'users/sessions#new'
get 'signup', to: 'users/registrations#new'
end
end
in edit.html.erb
<h3>Edit Profile</h3>
<%= simple_form_for(resource, as: resource_name, url: registration_path(resource_name), defaults: {input_html: { class: 'form-control'}, wrapper_html: { class: 'form-group'}}, html: { method: :put }) do |f| %>
<%= render "devise/shared/error_messages", resource: resource %>
<%= f.input :email, as: :email %>
<%= f.input :username %>
<%= f.input :name %>
<% if devise_mapping.confirmable? && resource.pending_reconfirmation? %>
<div>Currently waiting confirmation for: <%= resource.unconfirmed_email %></div>
<% end %>
<%= f.button :submit, "Update", class: 'btn btn-primary' %>
<% end %>
<p>
<h5 class="page-header text-center">Cancel my account</h5>
<p>Unhappy? <%= button_to "Cancel my account", registration_path(resource_name), data: { confirm: "Are you sure?" }, method: :delete, class: 'btn btn-danger' %></p>
</p>
<p><%= link_to "Home", dashboard_path %></p>
In application_controller.rb
class ApplicationController < ActionController::Base
set_current_tenant_through_filter
before_action :find_current_tenant, unless: :devise_controller?
protect_from_forgery with: :exception
before_action :configure_permitted_parameters, if: :devise_controller?
before_action :authenticate_user!, unless: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.permit(:sign_up, keys: [:email, :password, :password_confirmation])
devise_parameter_sanitizer.permit(:account_update, keys: [:email, :username, :name], except: [:password, :password_confirmation])
devise_parameter_sanitizer.permit(:sign_in, keys: [:login, :password])
end
....
```
Any ideas, I've been trying to find an answer to this for a few hours and am stuck and can't seem to find out why Devise continues to ask for a password... Any hints would be great. Thanks!
I'd also add that something doesn't seem quite right as my url for this edit route looks like this....
http://localhost:3000/users/edit.584a1cc3-844d-4b47-9281-dfc520a749b1
note: I'm using UUIDs instead of regular IDs.
I finally figured out what the issues were ( there were multiple)...
- for the routing issue above in my last post, it was related to adding current_user.id on to the edit_user_registration_path route. The issue is that devise isn't expecting a user.id for that route.
- Also related to the edit_user_registration path requiring :password, it wasn't because I misconfigured the devise_parameters_sanitizer, it was because ( for whatever reason), I added to my user.rb
validates_length_of :password, allow_blank: falseonce I removed that line, everything worked fine.