Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to generate reset password token

Tags:

I am using devise gem for authentication.

In my application admin will create the users, so I want the user's reset password link when admin creates users.

This is my action:-

def create    @user = User.new(user_params)    @user.password = '123123123'    @user.password_confirmation = '123123123'    if @user.save          @user.update_attributes(:confirmation_token => nil,:confirmed_at => Time.now,:reset_password_token => (0...16).map{(65+rand(26)).chr}.join,:reset_password_sent_at => Time.now)        UserMailer.user_link(@user).deliver        redirect_to users_path      else     render :action => "new"    end end 

This is my link to reset a user's password

But I am getting reset password token is invalid when I open the link and update the password.

like image 280
user3156721 Avatar asked Mar 24 '14 08:03

user3156721


People also ask

What is password reset token?

For security reasons, passwords are never sent out across the Internet. Instead a token will be sent to your email instead. A token is a one-time generated link that contains numbers and letters that'll allow you to reset your password. It cannot be reused and is only valid for seven days.

How can I get JWT token password?

From a User's Perspective A typical password reset flow consists of 3 simple steps for the user: User requests for password reset through the app. User receives an email of the password reset link. User clicks on the link and is directed to a page to enter a new password.


1 Answers

If you are using devise why are you creating your own password reset token? Devise has a feature for that. http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Recoverable

In case you wonder this is what devise does when the user wants to reset his password:

  raw, enc = Devise.token_generator.generate(self.class, :reset_password_token)    self.reset_password_token   = enc   self.reset_password_sent_at = Time.now.utc   self.save(validate: false) 

self is an User object here

In your URL you then have to pass raw as reset_password_token parameter

like image 140
Rails Fan Avatar answered Nov 16 '22 19:11

Rails Fan