Whenever I set a new password I got an invalid token error message. I've debug this method in Devise, reset_password_token = Devise.token_generator.digest(self, :reset_password_token, params[:reset_token]) and the token is indeed different from the one saved in the database. does any one here or know why the token are different?
EDIT: here's the controller code that I use to override Devise::PasswordController
class PasswordsController < Devise::PasswordsController
def edit
original_token = params[:reset_password_token]
reset_password_token = Devise.token_generator.digest(self, :reset_password_token, original_token)
self.resource = resource_class.find_or_initialize_with_error_by(:reset_password_token, reset_password_token)
if !resource.errors.empty?
flash[:alert] = "Password token is invalid"
redirect_to new_session_path(resource_name)
end
end
end
The problem is with the following line
Devise.token_generator.digest(self, :reset_password_token, original_token)
The first parameter should be the model class which acts as your user model. At the moment, you pass the PasswordsController class. If you also name your user model User
then change that line to
Devise.token_generator.digest(User, :reset_password_token, original_token)
You need to check reset_password_period_valid?
:
if resource.reset_password_period_valid?
set_minimum_password_length
resource.reset_password_token = params[:reset_password_token]
else
flash[:alert] = 'Your password reset link has expired, please enter your email to send a new one.'
redirect_to new_password_path(resource_name)
end
An expired token error won't added to the resource unless you attempt to update by token.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.