Devise - password update via recoverable email causes email has already been taken

Question

Devise version 4.3.0 Rails 4.2.8

I am having trouble letting a user update their password after they are sent a password reset email.

Steps to reproduce
When a user clicks Forgot Your Password from the sign in page.
They enter in their email on the forgot password page
They are then sent a password reset email
In the email they click the link
They are taken to the Change your password page
They enter in an updated password and password confirmation
An error is shown that the email is already taken

The email is already taken because they have an account already, I would like to update their password not create a new account.

I do not have any devise controllers that I have overridden.

After checking the user logs when I make the request it is a post request not a put. Even though the form says method: put

Answer 1

This is how you are trying making your form send PUT request: html: {method: :put}.

html option adds optional HTML attributes for the form tag, so what is happening here is that you are simply adding method='PUT' attribute to the form.

However, most browsers don't support methods other than "GET" and "POST" when it comes to submitting forms.

To make this work you need some Rails magic. Rails magic will work if you pass method option another way, not inside html option:

form_for(resource, as: ..., url: ..., method: :put )

http://guides.rubyonrails.org/form_helpers.html#how-do-forms-with-patch-put-or-delete-methods-work-questionmark