Current password can't be blank when updating devise account

user1611830 picture user1611830 · Dec 18, 2013 · Viewed 7.2k times · Source

I am using devise and I want to allow the user to update his account (email & password). So when I click on edit_user_registration_path, I get a page where the user can change his email and password. But when submitting this update form I constantly get this message :

1 error prohibited this user from being saved: ×
Current password can't be blank

in my ApplicationController, I have

def configure_permitted_parameters
    devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:name, :surname, :email, :user_name, :terms_of_service, :password, :password_confirmation) }
    devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:email, :password, :password_confirmation) }
end

Someone can explain that ?

Answer

janfoeh picture janfoeh · Dec 18, 2013

By default, Devise has three password fields on edit_user_registration: password, password_confirmation and current_password: default registrations/edit.html.erb

current_password is required for any change; the other two can be left blank if the password is not supposed to be changed.