Devise - How send same token if its not expired in forget password scenario.

454 views
Skip to first unread message

Manabendra Maji

unread,
Jun 10, 2015, 5:34:18 AM6/10/15
to plataforma...@googlegroups.com
Hi All,
        I am using 'send_reset_password_instructions' to send the forget password instruction by mail.

My requirement is :
If password is not reset within the expiry date, then next time(within expiry date) user requests for forget password, the same token will be returned in the forget password mail.

I tried with the below logic, but its not working. [may be because of encrypted password stored in DB. ]

if user.reset_password_period_valid?           
     user.send_reset_password_instructions_notification(user.reset_password_token)
else            
     user.send_reset_password_instructions
end

So please suggest me?

Thanks
Manab

Carlos Antonio da Silva

unread,
Jun 10, 2015, 6:34:21 AM6/10/15
to Devise

You should not send the same token over and over, it's not even stored in the database for you to do that (what's stored is an encrypted version of it). Also when you request to reset a new password, the new token is generated and the user gets another X time to reset, so "within the expiry period" isn't something you should reuse either. Each new password request has its own period.

Is there anything preventing you from using it like that? Other than "requirements", are there any reason behind this need?

Carlos Antonio da Silva - via celular

--

---
You received this message because you are subscribed to the Google Groups "Devise" group.
To unsubscribe from this group and stop receiving emails from it, send an email to plataformatec-de...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Manabendra Maji

unread,
Jun 11, 2015, 5:34:16 AM6/11/15
to plataforma...@googlegroups.com
Thanks Carlos...

Actually, generating the token every time sends different links to the users. If user clicks the first link he will get link expired message. If multiple emails appear in his inbox, he would be simply confused.
To unsubscribe from this group and stop receiving emails from it, send an email to plataformatec-devise+unsub...@googlegroups.com.

Carlos Antonio da Silva

unread,
Jun 11, 2015, 6:32:08 AM6/11/15
to Devise

I think it's not very common for users to ask for reset password many times, a normal user would do it once and go to their inbox. Only if they do not get the email in a timely fashion, they'd another I think.

For you to do that you'd have to save the raw token somehow, which is something devise does not do anymore for security reasons. You must take a look at devise recoverable model implementation, and override a couple methods there to achieve that.

Hope that helps.

Carlos Antonio da Silva - via celular

Thanks Carlos...

To unsubscribe from this group and stop receiving emails from it, send an email to plataformatec-de...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

---
You received this message because you are subscribed to the Google Groups "Devise" group.
To unsubscribe from this group and stop receiving emails from it, send an email to plataformatec-de...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages