Allow users to edit their account without providing a current password (

#442)
fs · Apr 22, 2016 · 06899bc · 06899bc
1 parent 655e65c
commit 06899bc
Show file tree

Hide file tree

Showing 6 changed files with 13 additions and 12 deletions.
diff --git a/app/controllers/users/registrations_controller.rb b/app/controllers/users/registrations_controller.rb
@@ -0,0 +1,9 @@
+module Users
+  class RegistrationsController < Devise::RegistrationsController
+    protected
+
+    def update_resource(resource, params)
+      resource.update_without_password(params)
+    end
+  end
+end
diff --git a/app/sanitizers/user/parameter_sanitizer.rb b/app/sanitizers/user/parameter_sanitizer.rb
@@ -12,7 +12,7 @@ def sign_up
     end
 
     def account_update
-      default_params.permit(USER_PARAMS, :current_password)
+      default_params.permit(USER_PARAMS)
     end
   end
 end
diff --git a/app/views/users/registrations/edit.html.slim b/app/views/users/registrations/edit.html.slim
@@ -17,8 +17,6 @@
             required: false
         = f.input :password_confirmation,
             required: false
-        = f.input :current_password,
-            required: true
 
       .form-actions
         = f.button :submit, "Update"

diff --git a/config/rails_best_practices.yml b/config/rails_best_practices.yml
@@ -28,6 +28,7 @@ RemoveTrailingWhitespaceCheck: { }
 RemoveUnusedMethodsInControllersCheck:
   except_methods:
   - ApplicationController#devise_parameter_sanitizer
+  - Users::RegistrationsController#update_resource
 RemoveUnusedMethodsInHelpersCheck: { except_methods: [] }
 RemoveUnusedMethodsInModelsCheck: { except_methods: [] }
 ReplaceComplexCreationWithFactoryMethodCheck: { attribute_assignment_count: 2 }

diff --git a/config/routes.rb b/config/routes.rb
@@ -1,4 +1,4 @@
 Rails.application.routes.draw do
-  devise_for :users
+  devise_for :users, controllers: { registrations: "users/registrations" }
   root to: "pages#home"
 end
diff --git a/spec/features/user/account/update_spec.rb b/spec/features/user/account/update_spec.rb
@@ -8,16 +8,9 @@
   end
 
   scenario "User updates account with valid data" do
-    fill_form(:user, full_name: "New Name", current_password: current_user.password)
+    fill_form(:user, full_name: "New Name")
     click_on "Update"
 
     expect(page).to have_content("New Name")
   end
-
-  scenario "User updates account with invalid password" do
-    fill_form(:user, full_name: "New Name", current_password: "wrong")
-    click_on "Update"
-
-    expect(page).to have_content("is invalid")
-  end
 end