Permitted Params for Devise Reset Password

0
votes

I have a Devise auth working on my Rails 4 app, I'm facing this problem which I have my Member model with some extra fields being validated (required) only on the update method (so it doesn't messed up the sign up form) but I just noticed that the "reset password" also uses the update method, but in a different controller (DeviseController). Here's what's happening:

  • I try to reset a member's password
  • submit the form (only password and password_confirmation fields)
  • Got errors about the extra/required fields

Is there a way to tell Devise to only request the password and password_confirmation fields on this specific form?

Thanks!

1
ruby-on-railsactiverecordruby-on-rails-4devise
Did you ever figure out a solution to this issue? - Lorenz

1 Answers

0
votes

I had the same problem, I don't know why but it was only on production.

First of all, check if this fields(extra/required fields) are not empty, before you reset password.

Also you can try smth like this in your user model

  validates :first_name, :last_name, presence: true, format: { with: /\A[a-zA-Z]+\z/, message: 'only allows letters' }, unless: :password_reset

  def password_reset
    reset_password_token.present?
  end

I tested, just check fields that must be validated before you'll reset password.