Devise :current_password validations and checking (how?)

Hi Guys,

In my devise applications in Rails 3, I created a separate form under my
SettingsController class of which it handles the ‘Change Password’ of
the User Model, so i can manipulate the current_user in the

Now, I followed the set-up in the Devise/Views on how to update the form
using ‘Change password’ and either way update User for current_password
change but I’ve no luck on the implementation. I need you experties

My question is, how to check the my :current_password to the
params[:user][:current_password] I tried to submit in the form. Meaning
how can the devise check the submitted params[:user][:current_password]
to match and validate on the current_user.pasword

This is my code, i’m using HAML
I’m also using config.encryptor = :restful_authentication_sha1
since I migrated from auth_logic to devise authentication tool

“Views/Settings/change_password.haml” goes like this

%li.pwd= link_to “Password”, change_password_path

= form_for(@user, :as => :user, :url => change_password_path(:user))
do |f|
%h1 Change your password
= f.hidden_field :reset_password_token
= f.label :current_password
= f.password_field :current_password, :autofocus => true
= f.label :password
= f.password_field :password
= f.label :password_confirmation
= f.password_field :password_confirmation

    = f.submit "Change password"
    = link_to "Cancel", settings_path

“SettingsController” goes like this below using change_password method

def change_password
if params[:user]
current_user.update_attributes!(:password =>
flash[:notice] = “Password successfully changed”
redirect_to settings_path
rescue Exception => msg
flash[:notice] = msg
@user = current_user