ruby-on-railsruby-on-rails-3devise

Devise, the separate pages for changing password and email address


I use devise as authentication system and I want to create the separate pages for changing password and email address.

Should I create additional actions like update_password and update_email, or might it be better to use single update action which could accept both password and email?


Solution

  • I guess that there's no real advantage at creating new actions. And from what I can remember from that book you should stick to the 7 classic actions (index / show / new / edit / create / update / delete) if you can, in order to keep everything RESTFul.

    Anyway, the action would probably do the same thing.

    a classic update would be :

    def update
      user = User.find(params[:id]).update_attributes! params[:user]
    end
    

    and the eventual update_password & update_email would probably look something like that

    def update_email
      user = User.find(params[:id]).update_attributes! email: params[:user][:email]
    end
    
    def update_password
      user = User.find(params[:id]).update_attributes! password: params[:user][:password]
    end
    

    When using a single action (the update one) , the only eventual problem would be that a user could update its password via the change email form by changing the html on the page for instance. I don't think that this is a problem as the user has the ability to change his password anyway.

    So I would stick to the classic update method.

    If I missed your point, please let me know ;)