diff --git a/app/controllers/devise_token_auth/registrations_controller.rb b/app/controllers/devise_token_auth/registrations_controller.rb
index ce00da197..8daa8af94 100644
--- a/app/controllers/devise_token_auth/registrations_controller.rb
+++ b/app/controllers/devise_token_auth/registrations_controller.rb
@@ -94,8 +94,7 @@ def create
 
     def update
       if @resource
-
-        if @resource.update_attributes(account_update_params)
+        if @resource.send(resource_update_method, account_update_params)
           yield @resource if block_given?
           render json: {
             status: 'success',
@@ -142,6 +141,14 @@ def account_update_params
 
     private
 
+    def resource_update_method
+      if account_update_params.has_key?(:current_password)
+        "update_with_password"
+      else
+        "update_attributes"
+      end
+    end
+
     def validate_sign_up_params
       validate_post_data sign_up_params, 'Please submit proper sign up data in request body.'
     end
diff --git a/test/controllers/devise_token_auth/registrations_controller_test.rb b/test/controllers/devise_token_auth/registrations_controller_test.rb
index 4ed02e52d..aa62aa7b9 100644
--- a/test/controllers/devise_token_auth/registrations_controller_test.rb
+++ b/test/controllers/devise_token_auth/registrations_controller_test.rb
@@ -469,6 +469,18 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
             assert_equal @email.downcase, @existing_user.email
             assert_equal @email.downcase, @existing_user.uid
           end
+
+          test "Supply current password" do
+            @request_params.merge!(
+              current_password: "secret123",
+              email: "new.email@example.com",
+            )
+
+            put "/auth", @request_params, @auth_headers
+            @data = JSON.parse(response.body)
+            @existing_user.reload
+            assert_equal @existing_user.email, "new.email@example.com"
+          end
         end
 
         describe 'validate non-empty body' do
diff --git a/test/dummy/app/controllers/application_controller.rb b/test/dummy/app/controllers/application_controller.rb
index c941fac42..44d131dde 100644
--- a/test/dummy/app/controllers/application_controller.rb
+++ b/test/dummy/app/controllers/application_controller.rb
@@ -10,5 +10,6 @@ def configure_permitted_parameters
     devise_parameter_sanitizer.for(:sign_up) << :favorite_color
     devise_parameter_sanitizer.for(:account_update) << :operating_thetan
     devise_parameter_sanitizer.for(:account_update) << :favorite_color
+    devise_parameter_sanitizer.for(:account_update) << :current_password
   end
 end