Reputation: 342
Active admin: reset password does not show an error after token is expired
When I generate the reset password link sent through active admin forgot passoword I am able to change the password and log in to the dashboard but when i try to use the same link again to change password it does nothing and redirects to same page. It shows no errors even when i enter empty passwords. I want it to show an error that the token is expired
the same log is generated every time I submit the form.
AdminUser Load (0.6ms) SELECT "admin_users".* FROM "admin_users" WHERE "admin_users"."reset_password_token" = '14ad4bc9d075cbb5ed8057c9518848e448e56beab6430ff1d3c7459771a79662' ORDER BY "admin_users"."id" ASC LIMIT 1 [["reset_password_token", "14ad4bc9d075cbb5ed8057c9518848e448e56beab6430ff1d3c7459771a79662"]] method=PUT path=/admin/password format=html controller=ActiveAdmin::Devise::PasswordsController action=update status=200 duration=606.45 view=570.88 db=0.64 time=2016-07-26 12:25:20 UTC category=web ip=127.0.0.1 params={"admin_user"=>{"password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "reset_password_token"=>"[FILTERED]"}, "commit"=>"Change my password"}
I have no idea why I gives 200 status.Any idea where I should start looking?
Upvotes: 0
Views: 947
Answers (1)
Reputation: 342
I overrided the devise update method in Devise::PasswordsController and add a line to show errors flash[:error] = resource.errors.full_messages.to_sentence
basically it doesnt show erros if resource.errors.empty? is false.
here is the updated method
# PUT /resource/password
def update
self.resource = resource_class.reset_password_by_token(resource_params)
yield resource if block_given?
if resource.errors.empty?
resource.unlock_access! if unlockable?(resource)
if Devise.sign_in_after_reset_password
flash_message = resource.active_for_authentication? ? :updated : :updated_not_active
set_flash_message(:notice, flash_message) if is_flashing_format?
sign_in(resource_name, resource)
else
set_flash_message(:notice, :updated_not_active) if is_flashing_format?
end
respond_with resource, location: after_resetting_password_path_for(resource)
else
flash[:error] = resource.errors.full_messages.to_sentence
set_minimum_password_length
respond_with resource
end
end
Upvotes: 0
Related Questions
- Reset password token mismatch issue in Devise
- How can I make Devise immediately inform user of expired password reset token?
- Devise how to change reset_password_token error
- Devise error attempting to send password reset token
- Rails devise reset password token doesn't get clear
- Rails 4: ActiveAdmin/Devise -- filling in `reset_password_token` field when editing user in ActiveAdmin?
- ActiveAdmin with Devise, does not return the authentication_token when login
- devise: "Reset password token is invalid" message
- How to reset authentication token right after user creation
- Rails Devise reset_authentication_token