Ruby on Rails, require old password to change password

Question

I have implemented a user authentication system in rails using the gem 'bcrypt';I would like to insert a current password field to the edit form to make the changes to the password. How can do this?

 class User < ActiveRecord::Base before_save { self.email = email.downcase} before_create :create_remember_token #Associations has_one :profile has_many :posts #validations validates :name, presence: true, length: {maximum: 50} VALID_EMAIL_REGEX = /\\A[\\w+\\-.]+@[az\\d\\-.]+\\.[az]+\\z/i validates :email, presence: true, format: {with: VALID_EMAIL_REGEX}, uniqueness: {case_sensitive: false} has_secure_password validates :password, length: {minimum: 6} def User.new_remember_token SecureRandom.urlsafe_base64 end def User.digest(token) Digest::SHA1.hexdigest(token.to_s) end private def create_remember_token self.remember_token = User.digest(User.new_remember_token) end end 

 <% provide(:title, "Edit user") %> <h1>Update your profile</h1> <div class="row"> <div class="span6 offset3"> <%= form_for(@user) do |f| %> <%= render 'shared/error_messages' %> <%= f.label :name %> <%= f.text_field :name %> <%= f.label :email %> <%= f.text_field :email %> <%= f.label :password %> <%= f.password_field :password %> <%= f.label :password_confirmation, "Confirm Password" %> <%= f.password_field :password_confirmation %> <%= f.submit "Save changes", class: "btn btn-large btn-primary" %> <% end %> </div> </div> 

Thank you

Answer 1

In your view file:

  <%= f.label :current_password %>
  <%= f.password_field :current_password %>

Also make sure you permit the current_password parameter in your controller.

I assumed current_password attr is already defined by has_secured_password.