Comments (8)
Sorry Gavin, but it's not clear for me. You want a method that does it? A view?
from devise.
José, what I was trying to say is that it would be nice if Devise offered this right out of the box:
Old password:
New password:
Confirm new password:
from devise.
If we provide that as view, you would probably need to customize it anyway. I think the only reusable piece would be a method to be used in your controllers. Something like update_with_password. Wdyt?
from devise.
From a consumer's point of view, I think it would look good like this:
In Devise.config:
password_update_requires_old_password = true
Then in the view:
:old_password
:new_password
:new_password_confirmation
How's that look?
from devise.
+1 for current password validation. This is a security issue, no one should be able to change password if user forgot to lock workstation on coffee break.
from devise.
I agree to be honest. Would be nice since this is something you probably want to do in (almost) every application. Would be nasty if someone somehow XSS's a session and changes the password of an account. Of course, the developer of the app would be at fault for allows XSS to happen. But yeah, regardless, I believe adding that as a "module" or "add-on", as mentioned above, to be able to handle this would be a nice addition.
from devise.
+1 i guess this will improve security for user
from devise.
Added update_with_password, so you are able to update the password only when the :old_password is valid. Create a form like this:
form_for @user, :url => update_password_path do |f|
f.label :old_password
f.password_field :old_password
f.label :password
f.password_field :password
f.label :password_confirmation
f.password_field :password_confirmation
end
And use in your controller:
@user.update_with_password(params[:user])
Closing.
from devise.
Related Issues (20)
- Rails 7.1.0 update leads to no warden strategies being found ? HOT 7
- current_user helper returning nil after successful authentication. HOT 1
- Password Reset Workflow Question 🔍 HOT 1
- Deprecation - Rails.application.secrets HOT 5
- undefines method utc in reset_password_period_valid? method HOT 3
- How to Expire Session IDs in Cookies for Active Admin?
- DEPRECATION WARNING: `Rails.application.secrets` is deprecated in favor of `Rails.application.credentials` and will be removed in Rails 7.2. HOT 2
- Possibly incorrect skip_trackable check for timeoutable
- strong params not working as per "lazy way" instructions
- Sorbet support for Devise Controllers
- ActionController::InvalidAuthenticityToken in Devise::SessionsController#create HOT 14
- "Encrypted password" is actually "Hash" of the password. Does it need to be renamed?
- Error during failsafe response: uncaught throw :warden HOT 1
- `confirmation_sent_at` is set regardless `skip_confirmation_notification!` method call HOT 1
- Resend confirmation instructions triggering error HOT 1
- Replace [data-turbo-cache=false] with [data-turbo-temporary]
- `parent_mailer` config option boot error
- Converting views from Erb to Haml causes them to be ignored by Devise HOT 1
- How to prevent to send a confirmation email when email field is updated ? #903 HOT 1
- Active Job integration clarification HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from devise.