I recently setup a custom controller to edit/update my Admin accounts, which are authenticated using Plataformatec’s Devise gem.

I found an article in the Devise Wiki that mentions using some sort of ‘update_without_password’ method to update the model without requiring the password. In this case I’m not requiring the user to provide their own password to edit their info. I’m allowing them to do it straight out.

The solution that I found was to simply remove the ‘password’ and ‘password_confirmation’ from the parameter set if both are blank.

# remove password parameters if blank
if params[:admin]['password'].blank? && params[:admin]['confirmation'].blank?
  params[:admin].delete('password')
  params[:admin].delete('password_confirmation')
end