I currently working on a Rails app with devise authentication. I need to disabled the token expiration for reset password. According to Devise Documentation on Recoverable there is not configuration to do that. The only method I think to make this works is to override Recoverable and the reset_password_period_valid? function to always return true. But I not sure if is the best/proper solution.
Current on my devise.rb I have:
# ==> Configuration for :recoverable
#
# Defines which key will be used when recovering the password for an account
# config.reset_password_keys = [ :email ]
# Time interval you can reset your password with a reset password key.
# Don't put a too small interval or your users won't have the time to
# change their passwords.
config.reset_password_within = 2.hours
