I am using devise gem for authentication.
In my application admin will create the users, so I want the user's reset password link when admin creates users.
This is my action:-
def create @user = User.new(user_params) @user.password = '123123123' @user.password_confirmation = '123123123' if @user.save @user.update_attributes(:confirmation_token => nil,:confirmed_at => Time.now,:reset_password_token => (0...16).map{(65+rand(26)).chr}.join,:reset_password_sent_at => Time.now) UserMailer.user_link(@user).deliver redirect_to users_path else render :action => "new" end end
This is my link to reset a user's password
But I am getting reset password token is invalid when I open the link and update the password.
For security reasons, passwords are never sent out across the Internet. Instead a token will be sent to your email instead. A token is a one-time generated link that contains numbers and letters that'll allow you to reset your password. It cannot be reused and is only valid for seven days.
From a User's Perspective A typical password reset flow consists of 3 simple steps for the user: User requests for password reset through the app. User receives an email of the password reset link. User clicks on the link and is directed to a page to enter a new password.
If you are using devise why are you creating your own password reset token? Devise has a feature for that. http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Recoverable
In case you wonder this is what devise does when the user wants to reset his password:
raw, enc = Devise.token_generator.generate(self.class, :reset_password_token) self.reset_password_token = enc self.reset_password_sent_at = Time.now.utc self.save(validate: false)
self is an User object here
In your URL you then have to pass raw as reset_password_token parameter
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With