Reputation: 6568
Devise sending forgot password instructions to any email id
I am looking for a customization in devise where if we click on forgot password it should send the mail to any e-mail id . Something like it happens in Gmail, irrespective of the email id exists or not.
Screen 1
Screen 2
Currently what i have is this in which it tries to validate with the valid users in the system.
The Devise, recoverable module takes care of this
def send_reset_password_instructions(attributes={})
recoverable = find_or_initialize_with_errors(reset_password_keys, attributes, :not_found)
recoverable.send_reset_password_instructions if recoverable.persisted?
recoverable
end
How can i remove this validation and have email sent to any Email id?
Upvotes: 4
Views: 5429
Answers (2)
Reputation: 51369
There is a Devise configuration called paranoid that, when set to true, would change the message in a way to avoid e-mail enumeration. Just set config.paranoid = true in your Devise configuration.
Upvotes: 16
Reputation: 19203
My solution would be to extend/override Devise's passwords controller. To do this, create a controller (let's call it passwords) that inherits from Devise's passwords controller, like this:
class PasswordsController < Devise::PasswordsController
Then edit your routes file so this change takes effect:
devise_for :users, :controllers => { :passwords => 'passwords' }
Now, you'll want to override the create action. There are several ways you could do this but since I'm not sure of what you want to do, I'll show you 2 things you could do:
You only want to prevent the "Email not found" error so that people can't find which emails exist or not in your database:
def create self.resource = resource_class.send_reset_password_instructions(resource_params) respond_with({}, :location => after_sending_reset_password_instructions_path_for(resource_name)) endYou really want to send emails to any entered email:
def create self.resource = resource_class.send_reset_password_instructions(resource_params) unless successfully_sent?(resource) Devise::Mailer.reset_password_instructions(resource).deliver end respond_with({}, :location => after_sending_reset_password_instructions_path_for(resource_name)) end
Now, the problem with this last solution is that you are sending an email to a user that doesn't exist... And so when the user comes back, he won't be able to enter his new password since his user account can't be found. But if you really want to do this, hopefully I set you on the right track.
Upvotes: 3
Related Questions
- Devise - forgot password not showing error message if the email does not exist in the db
- Devise forgot password url in email sending user to wrong link
- Send Password Reset to a Different Email - Devise
- Devise 4.2 Send Password Instructions Email Links to an ERR_NAME_NOT_RESOLVED page
- devise forgot password email not sending
- rails, devise recoverable not sending emails
- devise forgot password email not received
- Rails 3 Devise Forgot Password w/ Multiple Emails
- Getting Devise authentication to send the email for password retrieval
- How do I easily set devise in ruby on rails 3 to email forgotten password information?