So I know there are like roughly half a million questions about bypassing the devise password requirement for editing user if they authenticated through Facebook. I promise I have read at least 75% of them and still can't figure this out.
Basically, I have followed Carl Edward & Laurie Laine's SO answer here to create a registrations controller for Devise that will allow me to bypass the password validation if the user is editing their account and user is logged in from Facebook. With the following code, it finally doesn't throw an error but none of my updated attributes are saving.
class RegistrationsController < Devise::RegistrationsController
def update_resource(resource, params)
if current_user.provider == "facebook"
params.delete("current_password")
resource.update_without_password(params)
else
resource.update_with_password(params)
end
end
def update
account_update_params = devise_parameter_sanitizer.sanitize(:account_update)
# required for settings form to submit when password is left blank
if account_update_params[:password].blank?
account_update_params.delete("password")
account_update_params.delete("password_confirmation")
end
@user = User.find(current_user.id)
if @user.update_attributes(account_update_params)
@user.update(account_update_params)
set_flash_message :notice, :updated
update_resource(@user,account_update_params)
# Sign in the user bypassing validation in case their password changed
sign_in @user, :bypass => true
redirect_to after_update_path_for(@user)
else
render "edit"
end
end
end
I literally can't figure out what I am doing wrong but everytime I try to update my user profile as a logged in user authenticated by Facebook, nothing changes on my profile or when i query the database in my console.
Figured it out it turns out that even though the necessary attributes were in my Devise parameter sanitizer I had misnamed the :account_update parameters as :update.
BEFORE(not working):
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit({ roles: [] }, :name,:email, :password, :password_confirmation) }
devise_parameter_sanitizer.for(:update) { |u| u.permit({ roles: [] }, :email, :password, :password_confirmation, :avatar,:current_password, :about,:user, :name) }
end
end
AFTER(working):
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit({ roles: [] }, :name,:email, :password, :password_confirmation) }
devise_parameter_sanitizer.for(:account_update) { |u| u.permit({ roles: [] }, :email, :password, :password_confirmation, :avatar,:current_password, :about,:user, :name) }
end
end