Clever Geek Handbook

Clearance: Change User Password

I am using gem to authenticate users, but now I am having trouble implementing the change password link. This is what I have:

    <a href="<%= edit_user_password_path(current_user) %>">...</a>

but in Clearance::passwords_controller

we have the following:

    before_filter :forbid_missing_token, only: [:edit, :update]
    ...
      def forbid_missing_token
        if params[:token].to_s.blank?
          flash_failure_when_forbidden
          render template: 'passwords/new'
        end
      end

So edit

a template is created instead new

. What is it :token

for? How can I pass it to the controller? Where can I get it?

+3


source to share


1 answer


The token is the reset password token. This password edit page is for the user to use to complete the Forgotten Password workflow. A reset password token is generated when the user clicks "forgot password" and supplies their email address. It is stored in the user's record.

The user receives an email that links them to the password page for editing. The reset current is included as a parameter in this link.



I think the resource name used here ( password

) is misleading. I think password_reset

it could be more accurate , which could eliminate this confusion. If you want to implement a standard password change form (rather than password reset), I would suggest a separate controller for that.

+1


source






More articles:


All Articles