Barrett Shepherd
Reputation: 21
Devise - how to check if reset password is token is valid
I'm trying to figure out how I can check if a user reset token is valid BEFORE loading the reset password form. The issue is, currently users don't find out until after they submit.
Here is what I have
class PasswordsController < Devise::PasswordsController
before_action :check_valid_token
private
def check_valid_token
resetCode = (params['resetCode'])
reset_password_token = Devise.token_generator.digest(self, :reset_password_by_token, resetCode)
user = User.find_by(reset_password_token: @reset_password_token)
if user == nil
redirect_to root_path
end
end
end
This doesn't work and I can't find much documentation.
Upvotes: 2
Views: 2773
Answers (2)
Jin Lim
Reputation: 2140
Devise reset password token will be stored as hashed value. You need to decode it.
def check_valid_token
token = Devise.token_generator.digest(User, :reset_password_token, params['reset_password_token'])
user = User.find_by(reset_password_token: token)
user.present?
end
This method will return, true or false
Upvotes: 5
Roman Alekseiev
Reputation: 1920
I would do something basic, like this:
def check_valid_token
@user = User.find_by!(reset_password_token: params[:token])
rescue ActiveRecord::RecordNotFound
redirect_to root_path
end
so you will have @user instance if token fits and if not it will redirect user to the root_path. You can also add some message before redirecting, like
flash.now[:error] = "Some message here"
Upvotes: 0
Related Questions
- devise token auth find user with password reset token
- How to generate reset password token
- Devise finding user by reset token
- Reset password token mismatch issue in Devise
- Devise get user by reset_password_token
- Accessing password reset token Rails 4 and Devise
- Devise (via API) recoverable : reset_password_token can't be blank
- devise reset password token invalid
- devise: "Reset password token is invalid" message
- Rails Devise reset_authentication_token