I am trying to update the user password on the profile page. To give you context, the user will click a "Change Password" link on their profile page, which will then show a modal with a bootstrap_form_for asking to confirm Old Password, type a New Password, and Confirm New Password.
Currently, I have the method passing successfully, however the password in the database in not being changed. I am not using Devise, this is done from scratch.
Ideally, I want to make sure the Old Password is correctly validated, then the new one updated in the database.
I left some commented out code in the Users Controller so you can see some of what I have been trying.
Please advise! Thank you!
Routes
resources :users do
member do
get :confirm_email
end
end
get 'change_password' => 'users#change_password'
patch 'change_password' => 'users#change_password'
Users Controller:
def update
@user = User.find(@current_user)
User.update(@user, edit_user_params)
@user.save
redirect_to user_path
end
def change_password
@user = User.find(@current_user)
current_password = params[:user][:current_password]
user = User.authenticate(@user.email, current_password)
if @user && user
# @user.update.password = params[:new_password]
# new_password = params[:password]
# @user.update(new_password)
User.update(@user, change_password_params)
@user.save
flash[:success] = "Password successfully changed!"
redirect_to user_path(@current_user)
else
flash[:danger] = "Your old password was incorrect. Please try again."
redirect_to user_path(@current_user)
end
end
private
def user_params
params.require(:new_user).permit(:name,:email,:password)
end
def edit_user_params
params.require(:user).permit(:name,:email,:password,:city,:state_id,:country_id,:about)
end
def change_password_params
params.require(:user).permit(:password)
end
edit.html.erb (modal portion)
<!-- Change Password Modal -->
<div id="changepasswordmodal" class="modal fade" tabindex="-1" role="dialog">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal">×</button>
<h3 class="">Change Password</h3>
</div>
<div class="modal-body">
<%= bootstrap_form_for @user, url: change_password_path do |p| %>
<%= p.password_field :current_password, hide_label: true, placeholder: "Enter your Old Password", class: "input-lg required" %>
<%= p.password_field :password, hide_label: true, placeholder: "Enter a New Password", class: "input-lg required" %>
<%= p.password_field :password_confirmation, hide_label: true, placeholder: "Confirm New Password", class: "input-lg required"%>
<%= p.submit "Change Password", :class=> "btn btn-primary" %>
<% end %>
</div>
</div>
</div>
</div>
User Model (Relevant portion only)
class User < ActiveRecord::Base
has_secure_password
before_create :confirmation_token
belongs_to :state
belongs_to :country
belongs_to :account_type
has_many :authentications
validates :email,
presence: true,
uniqueness: {case_sensitive: false},
format: { with: /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\z/i, on: :create }
validates :password,
presence: true,
:on => :create
def self.authenticate email, password
User.find_by_email(email).try(:authenticate, password)
end
end
I've been wondering for long times to find the problem:
def change_password
@user = User.find(@current_user)
current_password = params[:user][:current_password]
user = User.authenticate(@user.email, current_password)
if @user && user
# @user.update.password = params[:new_password]
# new_password = params[:password]
# @user.update(new_password)
user.update_attribute(password: params[:user][:current_password])
flash[:success] = "Password successfully changed!"
redirect_to user_path(@current_user)
else
flash[:danger] = "Your old password was incorrect. Please try again."
redirect_to user_path(@current_user)
end
end
There are many ways to update data. You can take a look different way to update attribute. I would prefer to choose update_attribute because in this case we don't have to validate another field. See how a update_attribute description. You have to remove @user.save because update_attribute has already saved it. Hopefully, It can help you.