Reset password token can't be blank
929 views
Skip to first unread message
Kevin DeGraaf
Dec 6, 2011, 6:34:24 PM12/6/11
to Spree
When I send a forgot password email in 0.70.3, the change fails due to
the above error. It looks like the password token is missing in the
email. Occurs in a demo project with no extensions, in 0.70.1, and in
my own customized project. Is anyone else seeing this behavior?
the above error. It looks like the password token is missing in the
email. Occurs in a demo project with no extensions, in 0.70.1, and in
my own customized project. Is anyone else seeing this behavior?
Kevin DeGraaf
Dec 6, 2011, 7:03:42 PM12/6/11
to Spree
It looks like this was reported by Prashanth HN on Oct 3, and fixed
by cmar on Oct 5. The problem is in send_reset_password_instructions
in auth/app/models/user.rb, the method reset_perishable_token! is
called, which doesn't exist in devise. It should be replaced with
generate_reset_password_token! This was apparently fixed in 0.60
only, although it has apparently been a problem since 0.40 (the switch
from authlogic to devise) and continues in the current version. This
is a pretty serious bug (although apparently not noticed), and should
be fixed for 0.70 at least, if not 0.50 and 0.40 too. I will do a
fork to at least apply the fix to 0.70.
by cmar on Oct 5. The problem is in send_reset_password_instructions
in auth/app/models/user.rb, the method reset_perishable_token! is
called, which doesn't exist in devise. It should be replaced with
generate_reset_password_token! This was apparently fixed in 0.60
only, although it has apparently been a problem since 0.40 (the switch
from authlogic to devise) and continues in the current version. This
is a pretty serious bug (although apparently not noticed), and should
be fixed for 0.70 at least, if not 0.50 and 0.40 too. I will do a
fork to at least apply the fix to 0.70.
Kevin DeGraaf
Dec 6, 2011, 7:12:51 PM12/6/11
to Spree
Sorry, mis-read fix location. It is in edge, not 0.60. Does anyone
know when it might make it into an official 0.70.x? Any reason why it
isn't there already?
know when it might make it into an official 0.70.x? Any reason why it
isn't there already?
Ryan Bigg
Dec 6, 2011, 7:14:12 PM12/6/11
to spree...@googlegroups.com
Could you please submit a patch that would bring this into 0-70-stable? I will review and add it as soon as I can.
--
You received this message because you are subscribed to the Google Groups "Spree" group.
To post to this group, send email to spree...@googlegroups.com.
To unsubscribe from this group, send email to spree-user+...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/spree-user?hl=en.
matteo folin
Jan 23, 2012, 6:03:25 AM1/23/12
to Spree
These are two different issues:
In 0.50.4 the reset url in email is correct (with the reset_token) but
there's an error updating the passord ("invalid reset token"), reset
token isn't present in /user/password edit action address/params.
In 0.60.4 works.
In 0.70.x the mail didn't has the reset token.
The best would be patch both issues. But I still haven't understood
where is the problem in 0.50.x.
It's a critical feature, it must work on all stable releases.
On 7 Dic 2011, 01:14, Ryan Bigg <r...@spreecommerce.com> wrote:
> Could you please submit a patch that would bring this into 0-70-stable? I will review and add it as soon as I can.
>
>
>
>
>
>
>
> On Wednesday, 7 December 2011 at 11:12 AM, Kevin DeGraaf wrote:
> > Sorry, mis-read fix location. It is in edge, not 0.60. Does anyone
> > know when it might make it into an official 0.70.x? Any reason why it
> > isn't there already?
>
> > --
> > You received this message because you are subscribed to the Google Groups "Spree" group.
> > To post to this group, send email to spree...@googlegroups.com (mailto:spree...@googlegroups.com).
> > To unsubscribe from this group, send email to spree-user+...@googlegroups.com (mailto:spree-user+...@googlegroups.com).
In 0.50.4 the reset url in email is correct (with the reset_token) but
there's an error updating the passord ("invalid reset token"), reset
token isn't present in /user/password edit action address/params.
In 0.60.4 works.
In 0.70.x the mail didn't has the reset token.
The best would be patch both issues. But I still haven't understood
where is the problem in 0.50.x.
It's a critical feature, it must work on all stable releases.
On 7 Dic 2011, 01:14, Ryan Bigg <r...@spreecommerce.com> wrote:
> Could you please submit a patch that would bring this into 0-70-stable? I will review and add it as soon as I can.
>
>
>
>
>
>
>
> On Wednesday, 7 December 2011 at 11:12 AM, Kevin DeGraaf wrote:
> > Sorry, mis-read fix location. It is in edge, not 0.60. Does anyone
> > know when it might make it into an official 0.70.x? Any reason why it
> > isn't there already?
>
> > --
> > You received this message because you are subscribed to the Google Groups "Spree" group.
> > To unsubscribe from this group, send email to spree-user+...@googlegroups.com (mailto:spree-user+...@googlegroups.com).
Reply all
Reply to author
Forward
0 new messages