Ruby-on-rails – Devise update user without password

deviseruby-on-rails

I want to update users attributes without password in devise. The case is like, if password and password confirmation fields are not blank then I need devise error and if they are blank then other user attributes need to be updated. How could I do this with devise?

Thanks in advance!

Best Answer

I think this is a much better solution:

if params[:user][:password].blank? && params[:user][:password_confirmation].blank?
    params[:user].delete(:password)
    params[:user].delete(:password_confirmation)
end

This prevents you from having to change the Devise controller by simply removing the password field from the form response if it is blank.

Just be sure to use this before @user.attributes = params[:user] or whatever you use in your update action to set the new parameters from the form.

Related Solutions

Ruby-on-rails – Rails Devise: Set password reset token and redirect user

A simple way to have just one step for users to confirm email address and set initial password using the link you proposed...

Send one email your app generates, including a reset_password_token, and consider user's possession of that token confirmation of the validity of that email address.

In system account generation code, assuming User model is set up with :recoverable and :database_authenticatable Devise modules...

acct = User.new
acct.password = User.reset_password_token #won't actually be used...  
acct.reset_password_token = User.reset_password_token 
acct.email = "user@usercompany.com" #assuming users will identify themselves with this field
#set other acct fields you may need
acct.save

Make the devise reset password view a little clearer for users when setting initial password.

views/devise/passwords/edit.html.erb

...
<%= "true" == params[:initial] ? "Set your password" : "Reset your password" %>
...

Generated Email

Hi <%= @user.name %>
An account has been generated for you.
Please visit www.oursite.com/users/password/edit?initial=true&reset_password_token=<%= @user.reset_password_token %> to set your password.

No need to include :confirmable Devise module in your User model, since accounts created by your app won't get accessed without the reset_password_token in the email.

Devise will handle the submit and clear the reset_password_token field.

See devise_gem_folder/lib/devise/models/recoverable.rb and database_authenticatable.rb for details on reset_password_token method and friends.

If you want to use Devise :confirmable module rather than this approach, see the Devise wiki page.

How to remove the Devise route to sign up

you can do this in your model

# typical devise setup in User.rb
devise :database_authenticatable, :registerable, :recoverable, :rememberable, :trackable, :validatable

change it to:

devise :database_authenticatable, :recoverable, :rememberable, :trackable, :validatable

notice that the symbol :registerable was removed

That's it, nothing else is required. All routes and links to registration page are magically removed too.