Permalink
Browse files

Merge pull request #1138 from fschwahn/update_without_password

added update_without_password method, closes #801
  • Loading branch information...
2 parents 30f9da9 + 8bdc4b5 commit c0017ce76d53fb67ec51f60c8b33b3ccaa30ffcf @josevalim josevalim committed Jun 15, 2011
Showing with 25 additions and 1 deletion.
  1. +11 −0 lib/devise/models/database_authenticatable.rb
  2. +14 −1 test/models/database_authenticatable_test.rb
@@ -68,6 +68,17 @@ def update_with_password(params={})
result
end
+ # Update record attributes without asking for the current password. Never allow to
+ # change the current password
+ def update_without_password(params={})
+ params.delete(:password)
+ params.delete(:password_confirmation)
+
+ result = update_attributes(params)
+ clean_up_passwords
+ result
+ end
+
def after_database_authentication
end
@@ -103,7 +103,7 @@ def self.filter_auth_params(conditions)
:password => 'pass321', :password_confirmation => 'pass321')
assert user.reload.valid_password?('pass321')
end
-
+
test 'should add an error to current password when it is invalid' do
user = create_user
assert_not user.update_with_password(:current_password => 'other',
@@ -141,6 +141,19 @@ def self.filter_auth_params(conditions)
assert user.password_confirmation.blank?
end
+ test 'should update the user without password' do
+ user = create_user
+ user.update_without_password(:email => 'new@example.com')
+ assert_equal 'new@example.com', user.email
+ end
+
+ test 'should not update password without password' do
+ user = create_user
+ user.update_without_password(:password => 'pass321', :password_confirmation => 'pass321')
+ assert !user.reload.valid_password?('pass321')
+ assert user.valid_password?('123456')
+ end
+
test 'downcase_keys with validation' do
user = User.create(:email => "HEllO@example.com", :password => "123456")
user = User.create(:email => "HEllO@example.com", :password => "123456")

0 comments on commit c0017ce

Please sign in to comment.