Avoid mass assignment error messages with current password.

CHANGELOG.rdoc

@@ -1,3 +1,12 @@
+== 1.0.1
+
+* enhancements
+  * HttpAuthenticatable is not added by default automatically.
+  * Avoid mass assignment error messages with current password.
+
+* bug fix
+  * Fixed encryptors autoload
+
 == 1.0.0
 
 * deprecation

lib/devise/models/authenticatable.rb

@@ -86,11 +86,12 @@ module Devise
 
         params.delete(:password) if params[:password].blank?
         params.delete(:password_confirmation) if params[:password_confirmation].blank?
+        current_password = params.delete(:current_password)
 
-        result = if valid_password?(params[:current_password])
+        result = if valid_password?(current_password)
           update_attributes(params)
         else
-          message = params[:current_password].blank? ? :blank : :invalid
+          message = current_password.blank? ? :blank : :invalid
           self.class.add_error_on(self, :current_password, message, false)
           self.attributes = params
           false