CODEWITHSUNDEEP
ruby-on-railsauthenticationruby-on-rails-4devise
Zach
Zach

Reputation: 1243

Devise Password Reset Issue Rails 4

I'm using Devise for authentication with a Rails 4 app and am having issues with the password reset. Locally, everything works fine, when I paste the reset link in (i.e. localhost:3000/users/password/edit?reset_password_token=e_f3ZpqrE_rTBZmKJk_E) it works as expected.

On Heroku however, Devise seems to not even notice the :reset_password_token param, and automatically redirect to /users/signin with the notice "You can't access this page without coming from a password reset email. If you do come from a password reset email, please make sure you used the full URL provided."

Here's is an example of the link that is being generated: http://mysite.io/users/password/edit?reset_password_token=anzYNreZEcz4-dtZy5Uf

I even overrode the assert_reset_token_passed method in my own controller to check if params[:reset_password_token] was actually blank, and for some reason it is, rails is not pulling this out of the url. Here's my modified method:

def assert_reset_token_passed
    logger.info params[:reset_password_token] #This is blank somehow
    if params[:reset_password_token].blank?
      set_flash_message(:alert, :no_token)
      redirect_to new_session_path(resource_name) #This is where the redirect happens
    end
end

Any help would be much appreciated.

Upvotes: 3

Views: 1520

Answers (1)

user3486463
user3486463

Reputation: 51

I was having the exact same issue. The fix for me was to update the config.action_mailer.default_url_options in production.rb to include the full host (in my case 'www.mydomain.com' vs 'mydomain.com').

To clarify, it used to be

config.action_mailer.default_url_options = { :host => 'mydomain.com' }

and now it's

config.action_mailer.default_url_options = { :host => 'www.mydomain.com' }

Upvotes: 5

Related Questions