How to get reset_password working with rails-api app using devise_auth_token gem

3
votes

I have made a new rails-api app, integrated devise_auth_token in it. At the moment signup,forgot password is working. But cant get reset password to work.

The confirmation url sent in the mail gives success:false response.

Below is the confirmation url

http://localhost:3000/auth/password/edit?config=default&redirect_url=foo&reset_password_token=P2a62x8mS9yP9ukeTSZ-

Here is the server log of reset email

Started GET "/auth/password/edit?config=default&redirect_url=foo&reset_password_token=[FILTERED]" for ::1 at 2015-09-24 14:41:21 +0530 Processing by DeviseTokenAuth::PasswordsController#edit as /
Parameters: {"config"=>"default", "redirect_url"=>"foo", "reset_password_token"=>"[FILTERED]"} Unpermitted parameters: config, redirect_url User Load (0.2ms) SELECT users.* FROM users WHERE users.reset_password_token = '0b3dfdf3a80dce289df8c2cb16c528614b302534264e85e747c4f6b51583da15' ORDER BY users.id ASC LIMIT 1 Completed 404 Not Found in 5ms (Views: 0.3ms | ActiveRecord: 0.2ms)

Here is the confirmation email which is getting sent on password reset.

Started POST "/auth/[email protected]&redirect_url=foo" for ::1 at 2015-09-24 14:04:05 +0530 Processing by

DeviseTokenAuth::PasswordsController#create as / Parameters: {"email"=>"[email protected]", "redirect_url"=>"foo"} Unpermitted parameter: redirect_url Unpermitted parameter: redirect_url User Load (66.5ms) SELECT users.* FROM users WHERE (BINARY uid = '[email protected]' AND provider='email') ORDER BY users.id ASC LIMIT 1 User Load (9.8ms) SELECT users.* FROM users WHERE users.reset_password_token = '0b3dfdf3a80dce289df8c2cb16c528614b302534264e85e747c4f6b51583da15' ORDER BY users.id ASC LIMIT 1 (0.1ms) BEGIN SQL (17.7ms) UPDATE users SET reset_password_token = '0b3dfdf3a80dce289df8c2cb16c528614b302534264e85e747c4f6b51583da15', reset_password_sent_at = '2015-09-24 08:34:05', updated_at = '2015-09-24 08:34:05' WHERE users.id = 6 (63.9ms) COMMIT
Rendered /home/anjan/.rvm/gems/ruby-2.2.3/gems/devise_token_auth-0.1.34/app/views/devise/mailer/reset_password_instructions.html.erb (16.2ms)

Devise::Mailer#reset_password_instructions: processed outbound mail in 424.3ms

Sent mail to [email protected] (64.4ms) Date: Thu, 24 Sep 2015 14:04:06 +0530 From: [email protected] Reply-To: [email protected] To: [email protected] Message-ID: <[email protected]> Subject: Reset password instructions Mime-Version: 1.0 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit email: [email protected] provider: email redirect-url: foo client-config: default

Hello [email protected]!

Someone has requested a link to change your password. You can do this through the link below.

Change my password

If you didn't request this, please ignore this email.

Your password won't change until you access the link above and create a new one.

Completed 200 OK in 979ms (Views: 0.6ms | ActiveRecord: 158.1ms)

Guys would appreciate nay help with this. Even is it any issue the token sent in mail is different form the one generated.? is this suposed to be this way.

Below is my User model.

{"token"=>"$2a$10$l766Mu/s8IUIHi9r3sz40ODQk2R.YDo283JQ.82Lijb3fjJ5Unqgq", "expiry"=>1444283710}, "H2Cqp2kIt56BYikqXp1HgA"=>{"token"=>"$2a$10$upMCA8ZKLXvq9VjVaz2Vp.sZu7zr2lSTCFrxWnBmg4wC2gQrW9sIW", "expiry"=>1444293849}}, created_at: "2015-09-24 05:55:10", updated_at: "2015-09-24 08:44:09">

Here is my User model file as below

class User < ActiveRecord::Base
  # Include default devise modules.
  devise :database_authenticatable, :registerable,
          :recoverable, :rememberable, :trackable, :validatable,
          :omniauthable
  include DeviseTokenAuth::Concerns::User
  #Deleted ":confirmable," from above
end

Below is my schema.

ActiveRecord::Schema.define(version: 20150921074353) do

  create_table "users", force: :cascade do |t|
    t.string   "provider",               limit: 255,   default: "email", null: false
    t.string   "uid",                    limit: 255,   default: "",      null: false
    t.string   "encrypted_password",     limit: 255,   default: "",      null: false
    t.string   "reset_password_token",   limit: 255
    t.datetime "reset_password_sent_at"
    t.datetime "remember_created_at"
    t.integer  "sign_in_count",          limit: 4,     default: 0,       null: false
    t.datetime "current_sign_in_at"
    t.datetime "last_sign_in_at"
    t.string   "current_sign_in_ip",     limit: 255
    t.string   "last_sign_in_ip",        limit: 255
    t.string   "confirmation_token",     limit: 255
    t.datetime "confirmed_at"
    t.datetime "confirmation_sent_at"
    t.string   "unconfirmed_email",      limit: 255
    t.string   "name",                   limit: 255
    t.string   "nickname",               limit: 255
    t.string   "image",                  limit: 255
    t.string   "email",                  limit: 255
    t.text     "tokens",                 limit: 65535
    t.datetime "created_at"
    t.datetime "updated_at"
  end

  add_index "users", ["email"], name: "index_users_on_email", using: :btree
  add_index "users", ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true, using: :btree
  add_index "users", ["uid", "provider"], name: "index_users_on_uid_and_provider", unique: true, using: :btree

end

My PasswordController file is as below: 

class PasswordController < ApplicationController
  config.action_controller.action_on_unpermitted_parameters = :log
end
1
ruby-on-railsrubyauthenticationdeviserails-api
Can you post your User model file, if possible? To check that the devise options specified there are correct....Marco Sandrini
@MarcoSandrini Please check I have edited the question and included my User model file at the bottom. Thanks a lot for your helpAnjan
Ok, and now we would need to have a more thorough dump of the User table, cause from what you posted, it seems that the user table does not contain a reset_password_token column...Marco Sandrini
@MarcoSandrini Have added my schema.rb file at the bottom Can you please have a look. Thanks againAnjan
Again, everything looks ok. Have you checked this issue? github.com/lynndylanhurley/devise_token_auth/issues/160Marco Sandrini

1 Answers

3
votes

I faced some crazy difficulties working through this, too. Here's what I had to do go get it working with an AngularJS front end and Rails back:

Override the PasswordsController create, update, edit, and after_resetting_password_path_for

For the create and update functions, the primary issue was that I needed it to render a json response, so where it says something like respond_with resource I changed to render json: resource, status: <status>, && return (you can change resource and status to what you need for your application, same with the render method)

For edit, instead of using after_sending_reset_password_instructions_path_for, I grabbed the redirect URL from the email and simply do a redirect_to params[:redirect_url]

and I changed after_resetting_password_path_for to redirect where I want the user to be logged in to.

I also had to change the reset_password_instructions.html.erb template. the line which contains edit_password_url to this:

<p><%= link_to t('.password_change_link'), edit_password_url(@resource, reset_password_token: @token, config: 'default', redirect_url: message['redirect-url'].to_s+'?reset_token='+@token).html_safe %></p>

Then in routes.rb, I had to let devise know to use my controller:

mount_devise_token_auth_for 'User', at: 'auth', controllers: { passwords: 'passwords' }

I hope that helps!