require current_password to update user information

[dasibre]

Rails newbie here, I have been stuck on this for two days and can't figure out why its not working.

I want users to confirm/verify themselves by entering their current/old password before any information is updated.

This is what My user_controller update action looks like

I'm currently using rails 3.2 with the basic has_secured_password authentication that comes with it.

 def update

    @user = User.find(params[:id])

        respond_to do |format|

        if @user.update_attributes(params[:user])

        format.html { redirect_to users_url, notice: "User #{@user.name} was successfully updated." }

        format.json { head :no_content }

         else

                format.html { render action: "edit" }

                format.json { render json: @user.errors, status: :unprocessable_entity }

      end

    end

  end

here's my form view

        <% if params[:action] == "edit" %>

        <div class="field">

                <%= f.label :password %><br />

                <%= f.password_field :current_password, :placeholder => "current password" %>

        </div>

        <% end %>

  <div class="field">

    <%= f.label :password, "Password" %><br />

    <%= f.password_field :password, size: 40 %>

  </div>

   <div class="field">

        <%= f.label :password_confirmation, 'Confirm' %><br />

        <%= f.password_field :password_confirmation, size: 40 %>

   </div>

I've tried using a before_update :confirm_password in the User model, but it hasn't worked.

I created a private method in the user controller

private

def password_match

     @user = User.find(params[:id])

    @user.authenticate(params[:current_password)

end

then call a before_filter :password_match, :only => [:update] in the user controller.

Can anyone help, please. Thank you.

[Avi]

How is your user model look like ?