Reputation: 1988
Rails devise_token_auth gem, how do I set password reset link?
I have a problem for using password reset function of this gem. https://github.com/lynndylanhurley/devise_token_auth
This is from the document.
/password/edit GET
"Verify user by password reset token. This route is the destination URL for password reset confirmation. This route must contain reset_password_token and redirect_url params. These values will be set automatically by the confirmation email that is generated by the password reset request."
When users forget theirs passwords, they can enter their registered email, and they will receive a password reset link via email.
POST :https://example.com/api/auth/password
params = email and redirect link (https://example.com/api/auth/password/edit)
I can send a password reset link via email, but when I click the link or "Change my password" in the email, it jump to the redirect address with token.
And it shows the "The page you were looking for doesn't exist."
This might be routes errror or something, but I don't know. I am not even sure if I should set "/password/edit" for redirect link.
This is the related link for the github https://github.com/lynndylanhurley/devise_token_auth/issues/604
Am I missing something, or should I set a different address for redirect link part?
Upvotes: 4
Views: 4816
Answers (2)
Reputation: 2947
As noted above, devise_token_auth has three API's calls to make for resetting a password.
1. A POST call to send a Passsword Reset Email
POST /auth/password
Params: 'email', 'redirect_url'
E.g.:
curl -v -H 'Content-Type: application/json' -H 'Accept: application/json' -X POST https://myapp.com/auth/password -d '{"email":"[email protected]", "redirect_url": "https://myapp.com/auth/sign_in"}'
Note that the redirect_url given must correspond to the endpoint you want the user taken to for confirming and resetting their password.
E.g. if wanting redirect to somewhere within an iOS app, use the URL for that app scheme in the redirect_url definition. E.g. to manually do this on iOS:
curl -v -H 'Content-Type: application/json' -H 'Accept: application/json' -X POST https://myapp.com/auth/password -d '{"email":"[email protected]", "redirect_url": "myappStoreAppName://auth/password/edit"}'
2. A GET call to verify the password reset token (clicked in email)
GET /auth/password/edit
Params: 'password_reset_token', 'redirect_url'
E.g. via our iOS app would produce an email link like this: https://myapp.com/auth/password/edit?config=default&redirect_url=myappStoreName%3A%2F%2Fauth%2Fpassword%2Fedit&reset_password_token=Qv6mkLuoy9zN-Y1pKghB
If this is from a web app, the 'redirect_to' link should point to a form where a password and password_confirmation form can be filled out. If the password reset email link points to a mobile app, it's up to that app to create the password reset form.
Most important in this step is knowing that the client making the request will get back an Access-Token HEADER from the Rails app.
This Access-Token needs to be saved, because it's what the client will use in the next request to keep the user authenticated while the user changes their password.
3. A PUT call to update the user's password
PUT /auth/password
Head: 'uid: VALUE', 'client: VALUE', 'access-token: VALUE', 'token-type: Bearer'
Params: 'password', 'password_confirmation'
Note the HEAD values that need to be supplied for this PUT call. These ensure our (now authenticated user) has permission to execute a change of password, and ensure that our user can continue to remain authenticated even after changing their password.
E.g. via curl:
curl -v -H 'Content-Type: application/json' -H 'uid: [email protected]' -H 'client: U9FIDbiDbYVulsi1dBpxOQ' -H 'access-token: JbGQi97FTAwsW4n6SZ9aYQ' -H 'Accept: application/json' -X PUT https://myapp.com/auth/password -d '{"password": "foobar", "password_confirmation": "foobar"}'
Upvotes: 7
Reputation: 1413
The flow of the devise_token_auth reset password feature is that, it has three API's
- A post call for sending reset password token,
- A get request for getting authentication headers
- A patch call for changing the password
In post you will send the email and redirect url, this will call create method in the DeviseTokenAuth::PasswordsController, which creates a reset password token and sends it in the email.
The link in the email will call to the edit method of DeviseTokenAuth::PasswordsController, where it generates the authentication header and redirects to the redirect url which u have sent in the previous request with these authentication headers as query string(url parameters)
Use these authentication headers to patch request to the update method in the DeviseTokenAuth::PasswordsController, with password and password_confirmation as attributes.
the password will be changed.
Upvotes: 2
Related Questions
- How to make --no-ri --no-rdoc the default for gem install?
- How do I get the current absolute URL in Ruby on Rails?
- Ruby: How to install a specific version of a ruby gem?
- How can I rename a database column in a Ruby on Rails migration?
- Devise_token_auth Reset Password Flow 401 Error
- Devise password reset link not working with https
- How to get reset_password working with rails-api app using devise_auth_token gem
- Devise Password Reset Issue Rails 4
- Devise Gem in Ruby on Rails Reset password link?