How to change password without current password?

Question

How to change password without current password?

I use devise for authentication , and I have a role for each user, and I allow the user with the admin role to create a new user, and I want the admin user to edit the password for the rest of the user if they forgot their password. But I can’t change the password without the current password in the editorial office. So, how can I let the administrator user change the password by editing the user password and saving as for the rest of the values.

+4

ruby-on-rails ruby-on-rails-3 devise

logesh Mar 26 '13 at 13:37

source share

3 answers

edgi · Answer 1 · 2013-10-08T19:47:56+0000

Since update_without_password still requires current_password to update the password, you will need to have update , like this:

  def update # required for settings form to submit when password is left blank if params[:user][:password].blank? params[:user].delete("password") params[:user].delete("password_confirmation") end @user = User.find(current_user.id) if @user.update_attributes(params[:user]) set_flash_message :notice, :updated # Sign in the user bypassing validation in case his password changed sign_in @user, :bypass => true redirect_to after_update_path_for(@user) else render "edit" end end

This example is intended to update the current user (including the user password), but you can change it to suit your needs.

chegoon · Answer 2 · 2014-10-27T07:51:17+0000

 @user.update_attributes(password: params[:user][:password])

Catfish · Answer 3 · 2013-03-26T14:00:37+0000

There is a built-in method for creating update_without_password .

Here is what I use in my update method:

  # PUT /manage_users/1 # PUT /manage_users/1.json def update @user = User.find(params[:id]) able_to_edit_profile? # required for settings form to submit when password is left blank if params[:user][:password].blank? params[:user].delete("password") params[:user].delete("password_confirmation") end respond_to do |format| if @user.update_attributes(params[:user]) @user.save # sign the user in with their new password so it doesn't redirect to the login screen sign_in @user, :bypass => true format.html { flash[:notice] = 'User was successfully updated.' redirect_to session.delete(:return_to) } format.json { head :no_content } else format.html { render action: "edit", notice: 'Error updating user.' } format.json { render json: @user.errors, status: :unprocessable_entity } end end end private # If the user is not an admin and trying to edit someone else profile, redirect them def able_to_edit_profile? if !current_user.try(:admin?) && current_user.id != @user.id flash[:alert] = "That area is for administrators only." redirect_to :root end end

How to change password without current password?

More articles: