TechQA.

Devise - how to check if reset password is token is valid

2.3k views Asked by At

I'm trying to figure out how I can check if a user reset token is valid BEFORE loading the reset password form. The issue is, currently users don't find out until after they submit.

Here is what I have

class PasswordsController < Devise::PasswordsController
before_action :check_valid_token

private

def check_valid_token
  resetCode = (params['resetCode'])
  reset_password_token = Devise.token_generator.digest(self, :reset_password_by_token, resetCode)
  user = User.find_by(reset_password_token: @reset_password_token)
  if user == nil
    redirect_to root_path
  end
end
end

This doesn't work and I can't find much documentation.

ruby-on-rails ruby devise devise-recoverable
Original Q&A
2

There are 2 answers

4
Roman Alekseiev On

I would do something basic, like this: 

def check_valid_token
  @user = User.find_by!(reset_password_token: params[:token])
rescue ActiveRecord::RecordNotFound
  redirect_to root_path
end

so you will have @user instance if token fits and if not it will redirect user to the root_path. You can also add some message before redirecting, like
flash.now[:error] = "Some message here"

0
Jin Lim On

Devise reset password token will be stored as hashed value. You need to decode it.

  def check_valid_token
    token = Devise.token_generator.digest(User, :reset_password_token, params['reset_password_token'])
    user = User.find_by(reset_password_token: token)
    user.present?
  end

This method will return, true or false

Related Questions in RUBY-ON-RAILS

Related Questions in RUBY

Related Questions in DEVISE

Related Questions in DEVISE-RECOVERABLE

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions