Avoid mass assignment error messages with current password.

smartinez87 · Feb 15, 2010 · 48a94cd · 48a94cd
1 parent bdacffa
commit 48a94cd
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 2 deletions.
diff --git a/CHANGELOG.rdoc b/CHANGELOG.rdoc
@@ -1,3 +1,12 @@
+== 1.0.1
+
+* enhancements
+  * HttpAuthenticatable is not added by default automatically.
+  * Avoid mass assignment error messages with current password.
+
+* bug fix
+  * Fixed encryptors autoload
+
 == 1.0.0
 
 * deprecation

diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb
@@ -86,11 +86,12 @@ def update_with_password(params={})
 
         params.delete(:password) if params[:password].blank?
         params.delete(:password_confirmation) if params[:password_confirmation].blank?
+        current_password = params.delete(:current_password)
 
-        result = if valid_password?(params[:current_password])
+        result = if valid_password?(current_password)
           update_attributes(params)
         else
-          message = params[:current_password].blank? ? :blank : :invalid
+          message = current_password.blank? ? :blank : :invalid
           self.class.add_error_on(self, :current_password, message, false)
           self.attributes = params
           false