authenticatable.rb in devise-0.7.3

- old
+ new

@@ -45,11 +45,11 @@
       def self.included(base)
         base.class_eval do
           extend ClassMethods
           extend SessionSerializer
 
-          attr_reader :password
+          attr_reader :password, :old_password
           attr_accessor :password_confirmation
         end
       end
 
       # Regenerates password salt and encrypted password each time password is set.
@@ -60,12 +60,23 @@
           self.password_salt = Devise.friendly_token
           self.encrypted_password = password_digest(@password)
         end
       end
 
-      # Verifies whether an incoming_password (ie from login) is the user password.
+      # Verifies whether an incoming_password (ie from sign in) is the user password.
       def valid_password?(incoming_password)
         password_digest(incoming_password) == encrypted_password
+      end
+
+      # Update record attributes when :old_password matches, otherwise returns
+      # error on :old_password.
+      def update_with_password(params={})
+        if valid_password?(params[:old_password])
+          update_attributes(params)
+        else
+          errors.add(:old_password, :invalid)
+          false
+        end
       end
 
       protected
 
         # Digests the password using the configured encryptor.