Devise send_reset_password_instructions not working
I am adding a function to my controller, the only purpose is to run the forgot password procedure through an API request.
Here is the method reset_password
-
def reset_password
@user = User.find_by_email(params[:email])
@user.send_reset_password_instructions
respond_to do |format|
format.xml { render :xml => user_api_ressource(@user, :xml)}
format.json { render :json => user_api_ressource(@user, :json)}
end
end
I receive mail using the reset password link, it opens a page where I can set a new password, but when I submit the form, it says the token is invalid.
I am using sendgrid to send email. I think this is not a token truncation issue.
I am running rails app on Heroku cedar with latest development release.
Any idea?
source to share
I faced the same problem. In my case, it was because it user
was unscoped
. It looks like the user was not found in this case.
It is in the sources /lib/devise/models/authenticatable.rb on line 113
recoverable = find_or_initialize_with_error_by(:reset_password_token, reset_password_token)
which do not search unscoped
.
I'll fork out the repo, let me know if you're interested too.
source to share