Rails+Devise "Reset password token is invalid"—but the token matches the db token...?

0
votes

Trying to reset a password, my (custom) mailer has this line:

edit_user_password_url(@user, reset_password_token: @user.reset_password_token)

And that creates a link like this:

http://fixit-rails.dev//users/password/edit.6?reset_password_token=13f76244d39b0dfb9746674058a45559280358b99c1fdc36c6b9af2de2ba6376

And within the database the user has the following reset_password_token:

13f76244d39b0dfb9746674058a45559280358b99c1fdc36c6b9af2de2ba6376

The user can successfully go to the new password screen, but when he clicks submit, an error message says "Reset password token is invalid"

Why is devise not recognising the token?

UPDATE

I create the token with the following code:

def generate_reset_password_token
    raw, enc = Devise.token_generator.generate(User, :reset_password_token)
    self.reset_password_token   = enc
    self.reset_password_sent_at = Time.now.utc
    self.save(validate: false)
end
1
ruby-on-railsdevise
In your email template it should be the @token not @user.reset_password_token. like : edit_user_password_url(@user, reset_password_token: @token)Muhammad Yawar Ali
@token doesn't exist, how do I create it? Please note I'm in a custom mailer, not one of the Devise ones.Mirror318
Can you share the code where you are setting the token in controller and sending reset password email if possible ?Muhammad Yawar Ali
I can, but after the weekend—it's easter! :)Mirror318

1 Answers

0
votes

I found the solution!

edit_user_password_url(@user, reset_password_token: @user.reset_password_token)

Should instead be:

edit_user_password_url(@user, reset_password_token: @token)

What is @token, you may ask? it's the raw from:

def generate_reset_password_token
    raw, enc = Devise.token_generator.generate(User, :reset_password_token)
    self.reset_password_token   = enc
    self.reset_password_sent_at = Time.now.utc
    self.save(validate: false)
end

In Devise it's set automagically, but if you are doing your own thing, you need to save raw and set @token to raw in your mailer.