Method: Devise::Models::DatabaseAuthenticatable#update_with_password

Defined in:
lib/devise/models/database_authenticatable.rb

#update_with_password(params, *options) ⇒ Object

Update record attributes when :current_password matches, otherwise returns error on :current_password.

This method also rejects the password field if it is blank (allowing users to change relevant information like the e-mail without changing their password). In case the password field is rejected, the confirmation is also rejected as long as it is also blank.


83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
 
# File 'lib/devise/models/database_authenticatable.rb', line 83

def update_with_password(params, *options)
  if options.present?
    ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc
      [Devise] The second argument of `DatabaseAuthenticatable#update_with_password`
      (`options`) is deprecated and it will be removed in the next major version.
      It was added to support a feature deprecated in Rails 4, so you can safely remove it
      from your code.
    DEPRECATION
  end

  current_password = params.delete(:current_password)

  if params[:password].blank?
    params.delete(:password)
    params.delete(:password_confirmation) if params[:password_confirmation].blank?
  end

  result = if valid_password?(current_password)
    update(params, *options)
  else
    assign_attributes(params, *options)
    valid?
    errors.add(:current_password, current_password.blank? ? :blank : :invalid)
    false
  end

  clean_up_passwords
  result
end