All threads / Rails 6, Devise not allowing editing of user without password

Ask A Question

Notifications

You’re not receiving notifications from this thread.

Rails 6, Devise not allowing editing of user without password

Matt Bjornson asked in Gems / Libraries

I've followed the instructions on the devise wiki. I'd like a user to be able to modify their name, username, and email via the new_user_registration route. I keep running into the error where devise is expecting a password with greater than 1 character.

In RegistrationsController,

class RegistrationsController < Devise::RegistrationsController
  before_action :configure_account_update_params, only: [:edit, :update]
    protected

  def update_resource(resource, account_update_params)
    resource.update_without_password(account_update_params)
  end

  def after_update_path_for(resource)
    #redirect_to [current_account, resource]
    account_user_path(current_account, current_user)
  end

  def configure_account_update_params
    devise_parameter_sanitizer.permit(:account_update, except: [:current_password, :password])
  end

  def account_update_params
    params.require(:user).permit(:name, :email, :username)
  end

routes.rb

Rails.application.routes.draw do
  devise_for :users, controllers: {
    registrations: 'registrations',
    sessions: 'sessions'
  }
  devise_scope :user do
    get 'login', to: 'users/sessions#new'
    get 'signup', to: 'users/registrations#new'
  end
end

in edit.html.erb

<h3>Edit Profile</h3>

<%= simple_form_for(resource, as: resource_name, url: registration_path(resource_name), defaults: {input_html: { class: 'form-control'}, wrapper_html: { class: 'form-group'}}, html: { method: :put }) do |f| %>
  <%= render "devise/shared/error_messages", resource: resource %>
  <%= f.input :email, as: :email %>
  <%= f.input :username %>
  <%= f.input :name %>

  <% if devise_mapping.confirmable? && resource.pending_reconfirmation? %>
    <div>Currently waiting confirmation for: <%= resource.unconfirmed_email %></div>
  <% end %>
  <%= f.button :submit, "Update", class: 'btn btn-primary' %>
<% end %>
<p>
  <h5 class="page-header text-center">Cancel my account</h5>
  <p>Unhappy? <%= button_to "Cancel my account", registration_path(resource_name), data: { confirm: "Are you sure?" }, method: :delete, class: 'btn btn-danger' %></p>
</p>
<p><%= link_to "Home", dashboard_path %></p>

In application_controller.rb

class ApplicationController < ActionController::Base
  set_current_tenant_through_filter
  before_action :find_current_tenant, unless: :devise_controller?
  protect_from_forgery with: :exception
  before_action :configure_permitted_parameters, if: :devise_controller?
  before_action :authenticate_user!, unless: :devise_controller?


  protected

  def configure_permitted_parameters
        devise_parameter_sanitizer.permit(:sign_up,        keys: [:email, :password, :password_confirmation])
        devise_parameter_sanitizer.permit(:account_update, keys: [:email, :username, :name], except: [:password, :password_confirmation])
        devise_parameter_sanitizer.permit(:sign_in,        keys: [:login, :password])

  end
    ....
    ```

    Any ideas, I've been trying to find an answer to this for a few hours and am stuck and can't seem to find out why Devise continues to ask for a password... Any hints would be great. Thanks!

I'd also add that something doesn't seem quite right as my url for this edit route looks like this....

http://localhost:3000/users/edit.584a1cc3-844d-4b47-9281-dfc520a749b1

note: I'm using UUIDs instead of regular IDs.

I finally figured out what the issues were ( there were multiple)...

  1. for the routing issue above in my last post, it was related to adding current_user.id on to the edit_user_registration_path route. The issue is that devise isn't expecting a user.id for that route.
  2. Also related to the edit_user_registration path requiring :password, it wasn't because I misconfigured the devise_parameters_sanitizer, it was because ( for whatever reason), I added to my user.rb validates_length_of :password, allow_blank: false once I removed that line, everything worked fine.
Join the discussion

Want to stay up-to-date with Ruby on Rails?

Join 33,665+ developers who get early access to new tutorials, screencasts, articles, and more.

    We care about the protection of your data. Read our Privacy Policy.

    logo Created with Sketch.

    Ruby on Rails tutorials, guides, and screencasts for web developers learning Ruby, Rails, Javascript, Turbolinks, Stimulus.js, Vue.js, and more. Icons by Icons8

    © 2020 GoRails, LLC. All rights reserved.