OmniAuth + Identity Forgot Password

Question

I'm developing a Rails 3.0 application and am using OmniAuth + Identity for authentication a registration. I've implemented a User model that's tied to the Identity model through a foreign key and everything is working well. Now, I want to implement a forgot password feature.

Given a user's email, I want to send them an email with a link to reset their password. The email contains a random hex string that's associated with the user.

Now, how do I reset the user's Identity password?

In the Identity database table, it's stored as a password_digest. Can I just overwrite this?

Answer 1

Do this:

@identity = Identity.find(1)
@identity.password = "newpassword"
@identity.password_confirmation = "newpassword"
@identity.save

In a omniauth-identity's issue, wdspkr say:

Once you understand that omniauth-identity is using ActiveModel's SecurePassword it's really easy to solve this. Instead of setting the password_digest you just set password and password_confirmation and update.

Answer 2

So it turns out it's that simple. Just overwrite the existing password_digest in the Identity table. Use the BCrypt library to create the password_digest:

require 'bcrypt'
...
class UsersController < ApplicationController
  ...
  def update
    @user = User.find(params[:id])
    ...
    user_identity = Identity.find_by_email(@user.email)
    unencrypted_password = params[:user][:password].to_s
    password_digest = BCrypt::Password.create(unencrypted_password)
    user_identity.password_digest = password_digest;
    user_identity.save!
  end
end