From 8bdc4b544f9fee5380bdbfcca0599c08b352c8dc Mon Sep 17 00:00:00 2001
From: fabian <fabian.schwahn@gmail.com>
Date: Thu, 5 May 2011 09:24:21 +0200
Subject: [PATCH] added update_without_password method

---
 lib/devise/models/database_authenticatable.rb | 11 +++++++++++
 test/models/database_authenticatable_test.rb  | 15 ++++++++++++++-
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb
index ad1fdbb2..7be356e5 100644
--- a/lib/devise/models/database_authenticatable.rb
+++ b/lib/devise/models/database_authenticatable.rb
@@ -67,6 +67,17 @@ module Devise
         result
       end
 
+      # Update record attributes without asking for the current password. Never allow to
+      # change the current password
+      def update_without_password(params={})
+        params.delete(:password)
+        params.delete(:password_confirmation)
+
+        result = update_attributes(params)
+        clean_up_passwords
+        result
+      end
+      
       def after_database_authentication
       end
 
diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb
index 251d0f7e..3a2be50e 100644
--- a/test/models/database_authenticatable_test.rb
+++ b/test/models/database_authenticatable_test.rb
@@ -70,7 +70,7 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
       :password => 'pass321', :password_confirmation => 'pass321')
     assert user.reload.valid_password?('pass321')
   end
-
+  
   test 'should add an error to current password when it is invalid' do
     user = create_user
     assert_not user.update_with_password(:current_password => 'other',
@@ -108,6 +108,19 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
     assert user.password_confirmation.blank?
   end
 
+  test 'should update the user without password' do
+    user = create_user
+    user.update_without_password(:email => 'new@example.com')
+    assert_equal 'new@example.com', user.email
+  end
+
+  test 'should not update password without password' do
+    user = create_user
+    user.update_without_password(:password => 'pass321', :password_confirmation => 'pass321')
+    assert !user.reload.valid_password?('pass321')
+    assert user.valid_password?('123456')
+  end
+
   test 'downcase_keys with validation' do
     user = User.create(:email => "HEllO@example.com", :password => "123456")
     user = User.create(:email => "HEllO@example.com", :password => "123456")