Skip to content


Subversion checkout URL

You can clone with
Download ZIP

How To: Allow users to edit their account without providing a password

Zack edited this page · 63 revisions
Clone this wiki locally

By default, Devise allows users to change their password using the :registerable module. But sometimes, developers want to create other actions that allow the user to change their information without requiring a password. The best option in this case is to create your own controller, that belongs to your application, and provide an edit and update actions, as you would do for any other resource in your application.

Keep in mind though to be restrictive in the parameters you allow to be changed. In particular, you likely want to permit just user data fields and avoid e-mail, password and such information to be changed:

params[:user].permit(:first_name, :last_name, :address)

The other solution would be to simply override "update resource" method in your registrations controller like that

class RegistrationsController < Devise::RegistrationsController


  def update_resource(resource, params)

And don't forget to tell devise to use your controller in routes.rb:

devise_for :users, controllers: {registrations: 'registrations'}
Something went wrong with that request. Please try again.