在 Rails 中为 devise 自定义 reset_password_token

Question

what I want to do: setup an invite process, when a user invite a new user it creates a user (email and password) and send a welcome email to this new user with a link to reset his password.

My User model

def set_initial_password_reset!
    raw, enc = Devise.token_generator.generate(self.class, :reset_password_token)

      self.reset_password_token   = enc
      self.reset_password_sent_at = Time.now.utc
      save(validate: false)
      @token_reset = raw
end

My InviteController contain

@user_invitee = User.new(email: invite_params[:email]) do |u|
        u.password = SecureRandom.hex
        # raise
        end
   @user_invitee.skip_confirmation!
   @user_invitee.save
   @user_invitee.set_initial_password_reset!
   create_invite

   if @invite.save!
      InviteMailer.new_user_invite(@invite, edit_password_path(@resource = User.find_by(id: 
      @invite.recipient), reset_password_token: @token_reset)).deliver
          redirect_to trip_trip_form(@trip)

when I "raise" into the User model in set_initial_password_reset! to analyze @token_reset, I have got a value, but in the InviteController that value is nil and I don't understand how to grab this value?

I have try other method that I saw on stackoverflow to implement that process like:

User model

def set_initial_password_reset!
    self.reset_password_token   = Devise.token_generator.generate(self.class, :reset_password_token)
    self.reset_password_sent_at = Time.now.utc
    save(validate: false)
  end

and in InviteController

InviteMailer.new_user_invite(@invite, edit_password_path(@resource = User.find_by(id: @invite.recipient), reset_password_token: @resource.reset_password_token)).deliver

but the token generated was invalid. I should have a token like this: http://localhost:3000/users/password/edit?reset_password_token=i8t77fcdsj3PYRymVdEK but I get a much longer token.

for info my mailer controller

class InviteMailer < ApplicationMailer
  def new_user_invite(invite, edit_password_path)
    @invite = invite # Instance variable => available in view
    @new_user_registration_url = edit_password_path
    mail(to: @invite.email, subject: 'Welcome to Travlr!')
    @trip = Trip.find_by(id: @invite.trip_id)
    @sender = User.find_by(id: @invite.sender)
  end

Thanks for your help!

Answer 1

so the problem with set_initial_password_reset! is the you don't get the raw token value that will be later used to identify the resource in the password reset process.

look at the implementation of reset password token method from devise (below)

    def set_reset_password_token
      raw, enc = Devise.token_generator.generate(self.class, :reset_password_token)

      self.reset_password_token   = enc
      self.reset_password_sent_at = Time.now.utc
      save(validate: false)
      raw
    end

it saves the encrypted generated token to the user object and returns the raw value. This raw value then should be included in the mail/link that is going to be used be the recipient (the user) while confirming that indeed it's he/she who can reset the password.

so if we revisit the code samples you've posted the controller would look somewhat like below:

in model: (basically same as the devise method. the only difference is that devise method is private afaik)

def set_initial_password_reset!
  raw, enc   = Devise.token_generator.generate(self.class, :reset_password_token)
  self.reset_password_token = enc
  self.reset_password_sent_at = Time.now.utc
  save(validate: false)
  raw
end

in controller:

@user_invitee = User.new(email: invite_params[:email]) do |u|
    u.password = SecureRandom.hex
    # raise
end
@user_invitee.skip_confirmation!
@user_invitee.save
token = @user_invitee.set_initial_password_reset!
create_invite

InviteMailer.new_user_invite(@invite, edit_password_path(User.find_by(id: @invite.recipient), reset_password_token: token)).deliver