Rails 3.0 Devise reset Password by answering a question

3
votes

I am using devise with rails 3. In user model I have created fields for the question and answer to that question.

I want to know How I can implement forget password in following logic:

  1. On forget password page User enters the Username
  2. On Next step application should displays the question stored in db.
  3. User answers the question and app matches the answer if answer is matched with values stored in db.
  4. It redirects to edit password page where password can updated.

I tried to override password controller of devise but got stuck.

Thanks for help in advance.

Note: I am new to rails and its my first project

3
ruby-on-railsruby-on-rails-3passwordsdevise
Could you provide some code? What do you have already, what doesn't work etc.…polarblau

3 Answers

0
votes

I've actually not used Devise before, however assuming you have a befor_filter on your controller to route to Devise authentication, you could possibly do something like: 

skip_before_filter :authenticate_with_devise if user_answered_question_correctly?
0
votes

this gem has a security_questionable feature which would do the trick, amongst other things https://github.com/phatworx/devise_security_extension

0
votes

You don't need to override Devise for this.

  1. make your own forget_password routes:

in routes.rb:

get "forgot_password" => "passwords#forgot"
get "forgot_password/verify_question" => "passwords#verify_question"
post "forgot_password/verify_answer" => "passwords#verify_answer"
post "forgot_password/reset_password" => "passwords#reset"
  1. Create app/controller/passwords_controller.rb and fill out logic you want via forms / render.
  2. Create views.
  3. Change forgot password link to your own.
  4. Profit