From f6d399204587c8bd6e1eb80985330333b6a235b5 Mon Sep 17 00:00:00 2001 From: Emi Matchu Date: Mon, 8 Apr 2024 04:13:07 -0700 Subject: [PATCH] Don't require `current_password` for settings if user doesn't have one --- app/controllers/auth_users_controller.rb | 8 +++++++- app/views/auth_users/edit.html.erb | 19 +++++++++++-------- 2 files changed, 18 insertions(+), 9 deletions(-) diff --git a/app/controllers/auth_users_controller.rb b/app/controllers/auth_users_controller.rb index 77f9f6d3..784f96e3 100644 --- a/app/controllers/auth_users_controller.rb +++ b/app/controllers/auth_users_controller.rb @@ -24,7 +24,13 @@ class AuthUsersController < ApplicationController def update @auth_user = load_auth_user - if @auth_user.update_with_password(auth_user_params) + # If the user has a password, then the `current_password` field is required + # when updating. If not, then it's not! + success = @auth_user.uses_password? ? + @auth_user.update_with_password(auth_user_params) : + @auth_user.update(auth_user_params) + + if success # NOTE: Changing the password will sign you out, so make sure we stay # signed in! bypass_sign_in @auth_user, scope: :auth_user diff --git a/app/views/auth_users/edit.html.erb b/app/views/auth_users/edit.html.erb index a7eec3ec..29a6aaab 100644 --- a/app/views/auth_users/edit.html.erb +++ b/app/views/auth_users/edit.html.erb @@ -38,14 +38,17 @@ -
-
- <%= f.label :current_password %> - We need your current password to confirm your changes. -
- <%= f.password_field :current_password, autocomplete: "current-password" %> -
-
+ <%# Current password is only required if you have one! %> + <% if @auth_user.uses_password? %> +
+
+ <%= f.label :current_password %> + We need your current password to confirm your changes. +
+ <%= f.password_field :current_password, autocomplete: "current-password" %> +
+
+ <% end %>
<%= f.submit "Save changes" %>