Allowing user to change password with Devise - Rails 4
I'm setting up the last bit of devise and need to allow a user to change their password from their my account page. I've taken a look at this https://github.com/plataformatec/devise/wiki/How-To:-Allow-users-to-edit-their-password) page from devise and still can't get it to correctly work.
I'm getting the following error when I click on the link to bring up my modal.
ActionController::RoutingError (No route matches [GET] "/users/1/change_password_modal"):
When I submit my change password request I get the following error:
unknown attribute: current_password
My link to bring up the modal is:
button.btn.btn-dashboard data-target="#change_password_modal" data-toggle="modal"
and finally my modal
<div class="modal fade" id="change_password_modal">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<button class="close" data-dismiss="modal">x</button>
<h2 class="modal-title">Change Password</h2>
</div>
<div class="modal-body">
<div class="flash"></div>
<%= form_for(resource, :as => resource_name, :url => edit_user_registration_path, :html => { :method => :put }) do |f| %>
<%= devise_error_messages! %>
<div>
<%= f.password_field :current_password, :autocomplete => "off", class: "sitewide-input", placeholder: "Current Password" %>
</div>
<div>
<%= f.password_field :password, :autocomplete => "off", class: "sitewide-input", placeholder: "New Password" %>
</div>
<div>
<%= f.password_field :password_confirmation, :autocomplete => "off", class: "sitewide-input", placeholder: "New Password Confirmation" %>
</div>
</div>
<div class="modal-footer">
<p>
<div>
<%= f.submit "Update", :class => 'advance-button' %>
</div>
</p>
</div>
<% end %>
</div>
</div>
</div>
I've updated my application controller to include the following:
before_filter :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) << :full_name
devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:email, :password, :password_confirmation, :current_password)}
end
Even with this code included I'm getting
ActiveRecord::UnknownAttributeError at /users/edit
unknown attribute: current_password
Server Logs
Started GET "/users/1/edit" for 127.0.0.1 at 2014-08-07 14:11:00 -0500
Processing by UsersController#edit as HTML
Parameters: {"id"=>"1"}
User Load (0.3ms) SELECT `users`.* FROM `users` WHERE `users`.`id` = 1 ORDER BY `users`.`id` ASC LIMIT 1
Rendered users/_edit_profile.html.slim (14.0ms)
Rendered registrations/_edit.html.erb (3.4ms)
Rendered users/_edit_billing.html.slim (9.3ms)
Rendered users/edit.html.slim within layouts/topthird (37.1ms)
Rendered shared/_javascript_head.html.slim (0.0ms)
App Load (0.4ms) SELECT `apps`.* FROM `apps` WHERE `apps`.`user_id` = 1 ORDER BY updated_at DESC
Rendered application/_dashboard_menu.html.slim (3.4ms)
Rendered application/_navigation.html.slim (0.1ms)
Completed 200 OK in 129ms (Views: 126.3ms | ActiveRecord: 0.7ms)
Started GET "/__rack/swfobject.js" for 127.0.0.1 at 2014-08-07 14:11:01 -0500
Started GET "/__rack/livereload.js?host=bangner.ngrok.com" for 127.0.0.1 at 2014-08-07 14:11:01 -0500
Started GET "/__rack/web_socket.js" for 127.0.0.1 at 2014-08-07 14:11:01 -0500
Started PUT "/users/edit" for 127.0.0.1 at 2014-08-07 14:11:10 -0500
Processing by UsersController#update as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"4QIZriwJGaeTynF8y1JYN3x5sBfhpNabYHWTBdzhRK4=", "user"=>{"current_password"=>"[FILTERED]", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}, "commit"=>"Update", "id"=>"edit"}
User Load (0.3ms) SELECT `users`.* FROM `users` WHERE `users`.`id` = 1 ORDER BY `users`.`id` ASC LIMIT 1
(0.1ms) BEGIN
(0.1ms) ROLLBACK
Completed 500 Internal Server Error in 4ms
ActiveRecord::UnknownAttributeError - unknown attribute: utf8:
activerecord (4.0.2) lib/active_record/attribute_assignment.rb:47:in `rescue in _assign_attribute'
activerecord (4.0.2) lib/active_record/attribute_assignment.rb:42:in `_assign_attribute'
activerecord (4.0.2) lib/active_record/attribute_assignment.rb:29:in `block in assign_attributes'
activerecord (4.0.2) lib/active_record/attribute_assignment.rb:23:in `assign_attributes'
activerecord (4.0.2) lib/active_record/persistence.rb:229:in `block in update'
activerecord (4.0.2) lib/active_record/transactions.rb:326:in `block in with_transaction_returning_status'
activerecord (4.0.2) lib/active_record/connection_adapters/abstract/database_statements.rb:202:in `block in transaction'
activerecord (4.0.2) lib/active_record/connection_adapters/abstract/database_statements.rb:210:in `within_new_transaction'
activerecord (4.0.2) lib/active_record/connection_adapters/abstract/database_statements.rb:202:in `transaction'
activerecord (4.0.2) lib/active_record/transactions.rb:209:in `transaction'
activerecord (4.0.2) lib/active_record/transactions.rb:323:in `with_transaction_returning_status'
activerecord (4.0.2) lib/active_record/persistence.rb:228:in `update'
app/controllers/users_controller.rb:31:in `update'
Answer
You need set current_password as permitted parameters on application_controller.rb:
def configure_permitted_parameters
devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:email, :password, :password_confirmation, :current_password)}
end
And skip the current_password on registration_controller.rb:
class RegistrationsController < Devise::RegistrationsController
protected
def update_resource(resource, params)
resource.update_without_password(params.except(:current_password))
end
end