Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Avoid mass assignment error messages with current password.

  • Loading branch information...
commit 48a94cdece2b091f30e18552a2e3014d3a9e872e 1 parent bdacffa
@josevalim josevalim authored
Showing with 12 additions and 2 deletions.
  1. +9 −0 CHANGELOG.rdoc
  2. +3 −2 lib/devise/models/authenticatable.rb
View
9 CHANGELOG.rdoc
@@ -1,3 +1,12 @@
+== 1.0.1
+
+* enhancements
+ * HttpAuthenticatable is not added by default automatically.
+ * Avoid mass assignment error messages with current password.
+
+* bug fix
+ * Fixed encryptors autoload
+
== 1.0.0
* deprecation
View
5 lib/devise/models/authenticatable.rb
@@ -86,11 +86,12 @@ def update_with_password(params={})
params.delete(:password) if params[:password].blank?
params.delete(:password_confirmation) if params[:password_confirmation].blank?
+ current_password = params.delete(:current_password)
- result = if valid_password?(params[:current_password])
+ result = if valid_password?(current_password)
update_attributes(params)
else
- message = params[:current_password].blank? ? :blank : :invalid
+ message = current_password.blank? ? :blank : :invalid
self.class.add_error_on(self, :current_password, message, false)
self.attributes = params
false
Please sign in to comment.
Something went wrong with that request. Please try again.