Essentially this change means that you cannot edit a user without inputting the password (or if you forget to put in the password it errors out).
I'm not comfortable enough with Devise to suggest a fix. I deleted self.assign_attributes(params, *options) in devise /lib/devise/models/database_authenticatable.rb as a band-aid
Sorry, no idea. I haven't used MongoMapper for about 2 years now. Also haven't followed devise internals since I created this gem. Feel free to patch it as you see fix or do whatever hacks u find necessary :)
Not sure if this is right place to fix this. Such bug occurs because MongoMapper::Document instances don't respond to #assign_attributes used by Devise. In my opinion fixing this should be done in orm_adapter gem or even in mongo_mapper (AR instances responds to this method)
Yes, should be added to mongo_mapper or orm_adapter IMO. Cheers!
http://apidock.com/rails/ActiveRecord/Base/assign_attributes - deprecated since 3.1
Allows you to set all the attributes for a particular mass-assignment security role by passing in a hash of attributes with keys matching the attribute names (which again matches the column names) and the role name using the :as option.
To bypass mass-assignment security you can use the :without_protection => true option
:without_protection => true option
attr_accessible allows you to specify a whitelist of keys that can be set when using mass-assignment.
Anyone using this, feel free to fix and submit a pull request or even take over maintenance of this project...