Merge pull request #240 from jasonswett/allow-current-password

Allow current_password to be supplied when updating profile.
lynndylanhurley · Jun 23, 2015 · 62f3d13 · 62f3d13
2 parents c1539d3 + d07eca5
commit 62f3d13
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 2 deletions.
diff --git a/app/controllers/devise_token_auth/registrations_controller.rb b/app/controllers/devise_token_auth/registrations_controller.rb
@@ -94,8 +94,7 @@ def create
 
     def update
       if @resource
-
-        if @resource.update_attributes(account_update_params)
+        if @resource.send(resource_update_method, account_update_params)
           yield @resource if block_given?
           render json: {
             status: 'success',
@@ -142,6 +141,14 @@ def account_update_params
 
     private
 
+    def resource_update_method
+      if account_update_params.has_key?(:current_password)
+        "update_with_password"
+      else
+        "update_attributes"
+      end
+    end
+
     def validate_sign_up_params
       validate_post_data sign_up_params, 'Please submit proper sign up data in request body.'
     end

diff --git a/test/controllers/devise_token_auth/registrations_controller_test.rb b/test/controllers/devise_token_auth/registrations_controller_test.rb
@@ -469,6 +469,18 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
             assert_equal @email.downcase, @existing_user.email
             assert_equal @email.downcase, @existing_user.uid
           end
+
+          test "Supply current password" do
+            @request_params.merge!(
+              current_password: "secret123",
+              email: "[email protected]",
+            )
+
+            put "/auth", @request_params, @auth_headers
+            @data = JSON.parse(response.body)
+            @existing_user.reload
+            assert_equal @existing_user.email, "[email protected]"
+          end
         end
 
         describe 'validate non-empty body' do

diff --git a/test/dummy/app/controllers/application_controller.rb b/test/dummy/app/controllers/application_controller.rb
@@ -10,5 +10,6 @@ def configure_permitted_parameters
     devise_parameter_sanitizer.for(:sign_up) << :favorite_color
     devise_parameter_sanitizer.for(:account_update) << :operating_thetan
     devise_parameter_sanitizer.for(:account_update) << :favorite_color
+    devise_parameter_sanitizer.for(:account_update) << :current_password
   end
 end