[英]Rail 4 Devise 3.2 forgot password token is invalid
Whenever I set a new password I got an invalid token error message. 每当我设置新密码时,都会收到无效的令牌错误消息。 I've debug this method in Devise, reset_password_token = Devise.token_generator.digest(self, :reset_password_token, params[:reset_token]) and the token is indeed different from the one saved in the database. 我已经在Devise中调试了此方法,reset_password_token = Devise.token_generator.digest(self,:reset_password_token,params [:reset_token]),令牌确实不同于数据库中保存的令牌。 does any one here or know why the token are different? 有人在这里吗?或者知道令牌为什么不同吗?
EDIT: here's the controller code that I use to override Devise::PasswordController 编辑:这是我用来覆盖Devise :: PasswordController的控制器代码
class PasswordsController < Devise::PasswordsController
def edit
original_token = params[:reset_password_token]
reset_password_token = Devise.token_generator.digest(self, :reset_password_token, original_token)
self.resource = resource_class.find_or_initialize_with_error_by(:reset_password_token, reset_password_token)
if !resource.errors.empty?
flash[:alert] = "Password token is invalid"
redirect_to new_session_path(resource_name)
end
end
end
The problem is with the following line 问题是与以下行
Devise.token_generator.digest(self, :reset_password_token, original_token)
The first parameter should be the model class which acts as your user model. 第一个参数应该是充当用户模型的模型类。 At the moment, you pass the PasswordsController class. 目前,您传递了PasswordsController类。 If you also name your user model User
then change that line to 如果您还命名用户模型User
则将该行更改为
Devise.token_generator.digest(User, :reset_password_token, original_token)
You need to check reset_password_period_valid?
您需要检查reset_password_period_valid?
: :
if resource.reset_password_period_valid?
set_minimum_password_length
resource.reset_password_token = params[:reset_password_token]
else
flash[:alert] = 'Your password reset link has expired, please enter your email to send a new one.'
redirect_to new_password_path(resource_name)
end
An expired token error won't added to the resource unless you attempt to update by token. 除非您尝试通过令牌更新,否则过期的令牌错误不会添加到资源。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.