From 6a22e88dfa6877596a09a8895cb57b67258f00d0 Mon Sep 17 00:00:00 2001
From: Tod Detre <tod@tod.net>
Date: Tue, 20 Aug 2013 16:36:35 -0400
Subject: [PATCH 1/2] Allowed updating of attributes without a password if
 password_required? resolves to false

---
 app/controllers/devise/registrations_controller.rb | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/app/controllers/devise/registrations_controller.rb b/app/controllers/devise/registrations_controller.rb
index 7d1e7347..7fc472fb 100644
--- a/app/controllers/devise/registrations_controller.rb
+++ b/app/controllers/devise/registrations_controller.rb
@@ -40,7 +40,15 @@ class Devise::RegistrationsController < DeviseController
     self.resource = resource_class.to_adapter.get!(send(:"current_#{resource_name}").to_key)
     prev_unconfirmed_email = resource.unconfirmed_email if resource.respond_to?(:unconfirmed_email)
 
-    if resource.update_with_password(account_update_params)
+    #check to see if a password is required. If not, update_without_password
+    update_status = false
+    if resource.password_required?
+      update_status = resource.update_with_password(account_update_params)
+    else
+      update_status = resource.update_without_password(account_update_params)
+    end
+
+    if update_status
       if is_navigational_format?
         flash_key = update_needs_confirmation?(resource, prev_unconfirmed_email) ?
           :update_needs_confirmation : :updated

From 66c829eef453d5357e74dec4f96833d814647af8 Mon Sep 17 00:00:00 2001
From: Tod Detre <tod@tod.net>
Date: Wed, 21 Aug 2013 11:04:32 -0400
Subject: [PATCH 2/2] created update_resource method to allow subclass
 overwritting

---
 .../devise/registrations_controller.rb           | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/app/controllers/devise/registrations_controller.rb b/app/controllers/devise/registrations_controller.rb
index 7fc472fb..d8a4d4ce 100644
--- a/app/controllers/devise/registrations_controller.rb
+++ b/app/controllers/devise/registrations_controller.rb
@@ -40,15 +40,7 @@ class Devise::RegistrationsController < DeviseController
     self.resource = resource_class.to_adapter.get!(send(:"current_#{resource_name}").to_key)
     prev_unconfirmed_email = resource.unconfirmed_email if resource.respond_to?(:unconfirmed_email)
 
-    #check to see if a password is required. If not, update_without_password
-    update_status = false
-    if resource.password_required?
-      update_status = resource.update_with_password(account_update_params)
-    else
-      update_status = resource.update_without_password(account_update_params)
-    end
-
-    if update_status
+    if update_resource(resource, account_update_params)
       if is_navigational_format?
         flash_key = update_needs_confirmation?(resource, prev_unconfirmed_email) ?
           :update_needs_confirmation : :updated
@@ -88,6 +80,12 @@ class Devise::RegistrationsController < DeviseController
       previous != resource.unconfirmed_email
   end
 
+  # By default we want to require a password checks on update.
+  # You can overwrite this method in your own RegistrationsController.
+  def update_resource(resource, params)
+    resource.update_with_password(params)
+  end
+
   # Build a devise resource passing in the session. Useful to move
   # temporary session data to the newly created user.
   def build_resource(hash=nil)