Current password can't be blank when updating devise account
I am using devise and I want to allow the user to update his account (email & password). So when I click on edit_user_registration_path, I get a page where the user can change his email and password. But when submitting this update form I constantly get this message :
1 error prohibited this user from being saved: ×
Current password can't be blank
in my ApplicationController, I have
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:name, :surname, :email, :user_name, :terms_of_service, :password, :password_confirmation) }
devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:email, :password, :password_confirmation) }
end
Someone can explain that ?
Answer
By default, Devise has three password fields on edit_user_registration: password, password_confirmation and current_password: default registrations/edit.html.erb
current_password is required for any change; the other two can be left blank if the password is not supposed to be changed.