stackoom
  简体   繁体   中英

devise token auth find user with password reset token

 原文  2019-03-17 05:26:02       ruby-on-rails/ ruby/ devise-token-auth

Question

I'm using devise token auth and I'm setting up password reset process. When I click the reset link in the email, it has the url parameter reset_password_token=hK3yxC1zVZCbWL8WgqKM but when in the rails console I do 

2.5.1 :004 > User.first.reset_password_token
  User Load (0.6ms)  SELECT  "users".* FROM "users" ORDER BY "users"."id" ASC LIMIT $1  [["LIMIT", 1]]
 => "ab432079e4e8aacfa0ecb5df17a7cea169990b0e0809ea9553248064220471a7"

These tokens do not match but they should. Is it encoded somehow and if so how can I find a user which has a token?

1 answers

solution1
 1  2019-03-17 06:39:31

What is stored in the database, is the Digest::SHA256 . 

token = "hK3yxC1zVZCbWL8WgqKM"
Digest::SHA256.hexdigest token
#⇒ "ae74625ac2357c8f2de0f3f52647aaee191dbba5d383f8ec5822cfec5c24384e"

One obviously cannot revert it back to token, one can only hexdigest the token that came from the user and compare it against what is stored in the database.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Devise get user by reset_password_token Devise_token_auth Reset Password Flow 401 Error Rails Devise: Set password reset token and redirect user Devise finding user by reset token How do I get redirected to the right url with emailed confirmation and password reset links with ng-token-auth and devise-token-auth? Devise Reset password token can't be blank reset password token is invalid devise rails Devise with jwt - recoverable reset_password_by_token Devise: How to customize reset password token? Reset password token mismatch issue in Devise
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM