Devise logging out automatically after password change
Ruby on-RailsRuby on-Rails Problem Overview
In Devise, if I change user's password and after it gets updated in the db, the site immediately logs out the user. I don't want this behavior - how do i do that. please help.
Ruby on-Rails Solutions
Solution 1 - Ruby on-Rails
I had the same problem and the following code seems to work for me.
Assume that the passwords controller is set for a singleton route. Also, assume that the authenticated model is an Account. With that, you have the following:
def update
if current_account.update_with_password(params[:account])
sign_in(current_account, :bypass => true)
flash[:notice] = 'Password updated.'
redirect_to account_path
else
render :action => :show
end
end
The key ingredient is the sign_in method call which seeks to re-sign-in the account, but bypasses the warden callbacks and stores the account into the session.
Solution 2 - Ruby on-Rails
The example above did not work for me using multiple scopes in Devise.
I had to add the scope/resource name in the sign_in path for it to work, and to prevent chaos I also had to sign out the old user or else all kinds of confusion would abound.
The changes I had to make would look something like this using the above example.
def update
if current_account.update_with_password(params[:account])
sign_out(current_account)
sign_in(:account, current_account, :bypass => true)
flash[:notice] = 'Password updated.'
redirect_to account_path
else
render :action => :show
end
end
Edit to add: I believe I had to forcibly sign out the user because somewhere I overrode Devise's code in order not to have users sign out during certain actions. In hindsight; not a good idea! This approach is much better! Being that it is safer to make your own Controllers versus overriding Devise's code unless it's absolutely unavoidable.
Solution 3 - Ruby on-Rails
You can simply set sign_in_after_reset_password in your devise.rb
config.sign_in_after_reset_password = true
Edit: As of 2020 this defaults to true
Solution 4 - Ruby on-Rails
Use this code to avoid sign out.
sign_in(current_user, :bypass => true)
Solution 5 - Ruby on-Rails
Update to Bill Eisenhauer answer above-
sign_in(current_account, :bypass => true) has been deprecated
use bypass_sign_in current_account instead
More details can be found here http://www.rubydoc.info/github/plataformatec/devise/Devise/Controllers/SignInOut#bypass_sign_in-instance_method
Solution 6 - Ruby on-Rails
Add the following piece of code to your method in which you are updating the user's password, right after updating the user's password in the database:
def update
. . . . .<your code>
. . . . .<your code>
sign_in(@user, :bypass => true)
. . . . .<your code>
. . . . .<your code>
end
Solution 7 - Ruby on-Rails
For some reasons, current_user is not equal to @user although current_user.id is equal to @user.id. So I have to use sign_in(@user, :bypass => true).
Solution 8 - Ruby on-Rails
Please refer to this answer here, I tried all the above answers. It din't work for not adding the scope. https://stackoverflow.com/a/30418266/4973585
This doesn't work -
sign_in @user, bypass: true
This works -
sign_in :user, @user, bypass: true
Solution 9 - Ruby on-Rails
Use the registerable module, which will give you both sign up and edit user features
https://github.com/plataformatec/devise/wiki/How-To:-Allow-users-to-edit-their-password