Clearance: Change User Password
I am using gem to authenticate users, but now I am having trouble implementing the change password link. This is what I have:
<a href="<%= edit_user_password_path(current_user) %>">...</a>
but in Clearance::passwords_controller
we have the following:
before_filter :forbid_missing_token, only: [:edit, :update]
...
def forbid_missing_token
if params[:token].to_s.blank?
flash_failure_when_forbidden
render template: 'passwords/new'
end
end
So edit
a template is created instead new
. What is it :token
for? How can I pass it to the controller? Where can I get it?
source to share
The token is the reset password token. This password edit page is for the user to use to complete the Forgotten Password workflow. A reset password token is generated when the user clicks "forgot password" and supplies their email address. It is stored in the user's record.
The user receives an email that links them to the password page for editing. The reset current is included as a parameter in this link.
I think the resource name used here ( password
) is misleading. I think password_reset
it could be more accurate , which could eliminate this confusion. If you want to implement a standard password change form (rather than password reset), I would suggest a separate controller for that.
source to share