Rail 4 Devise 3.2 forgot password token is invalid

Question

Whenever I set a new password I got an invalid token error message. I've debug this method in Devise, reset_password_token = Devise.token_generator.digest(self, :reset_password_token, params[:reset_token]) and the token is indeed different from the one saved in the database. does any one here or know why the token are different?

EDIT: here's the controller code that I use to override Devise::PasswordController

class PasswordsController < Devise::PasswordsController

 def edit
   original_token       = params[:reset_password_token]
   reset_password_token = Devise.token_generator.digest(self, :reset_password_token, original_token)
   self.resource = resource_class.find_or_initialize_with_error_by(:reset_password_token, reset_password_token)
   if !resource.errors.empty?
     flash[:alert] = "Password token is invalid"
     redirect_to new_session_path(resource_name)
   end
  end
end

Answer 1

The problem is with the following line

Devise.token_generator.digest(self, :reset_password_token, original_token)

The first parameter should be the model class which acts as your user model. At the moment, you pass the PasswordsController class. If you also name your user model User then change that line to

Devise.token_generator.digest(User, :reset_password_token, original_token)

Answer 2

You need to check reset_password_period_valid? :

if resource.reset_password_period_valid?
  set_minimum_password_length
  resource.reset_password_token = params[:reset_password_token]
else
  flash[:alert] = 'Your password reset link has expired, please enter your email to send a new one.'
  redirect_to new_password_path(resource_name)
end

An expired token error won't added to the resource unless you attempt to update by token.