I am using devise email activation for my account signup in my rails app.
I successfully receive a mail from my smtp client with the activation link in it..
But on clicking on the activation link, the page redirects to my app and it says
"invalid confirmation token" and the activation fails.
Can anyone help me deal with this problem??
Asked
Active
Viewed 1,184 times
0
Indrajeet
- 23
- 7
-
1Can you paste an example confirmation URL from your email with the GET params included? Then, find the User record that you're clicking the activation link for and paste the attributes for it? – Mike S Feb 25 '14 at 07:30
-
http://localhost:3000/users/confirmation?confirmation_token=3c2bbdfca8bf843cecafe02476fe441bc948011f23bf22f4fc85e4f0dad7563f is the url for confirmation. and the Token stated in this url and the token inserted into the row in the users' table is also the same. – Indrajeet Feb 25 '14 at 09:07
-
check in command line with that token for errors – santosh Feb 25 '14 at 12:14
-
What version of Devise are you using? – Mike S Feb 25 '14 at 15:02
-
the latest devise version – Indrajeet Apr 18 '14 at 10:29
1 Answers
0
If you are using Devise 3.1 or higher then your token inserted in the user's row should not be the same as the token in the GET params sent in the confirmation email. If this is the case then this will solve your problem:
config.allow_insecure_token_lookup = true
It was added to prevent timing attacks on user lookups by token. Or if you don't want to allow insecure token lookup then be sure to the devise confirmation function:
confirm_by_token(confirmation_token)
You can view the source here.
Mike S
- 11,329
- 6
- 41
- 76