4

I have made a new rails-api app, integrated devise_auth_token in it. At the moment signup,forgot password is working. But cant get reset password to work.

The confirmation url sent in the mail gives success:false response.

Below is the confirmation url

http://localhost:3000/auth/password/edit?config=default&redirect_url=foo&reset_password_token=P2a62x8mS9yP9ukeTSZ-

Here is the server log of reset email

Started GET "/auth/password/edit?config=default&redirect_url=foo&reset_password_token=[FILTERED]" for ::1 at 2015-09-24 14:41:21 +0530 Processing by DeviseTokenAuth::PasswordsController#edit as /
Parameters: {"config"=>"default", "redirect_url"=>"foo", "reset_password_token"=>"[FILTERED]"} Unpermitted parameters: config, redirect_url User Load (0.2ms) SELECT users.* FROM users WHERE users.reset_password_token = '0b3dfdf3a80dce289df8c2cb16c528614b302534264e85e747c4f6b51583da15' ORDER BY users.id ASC LIMIT 1 Completed 404 Not Found in 5ms (Views: 0.3ms | ActiveRecord: 0.2ms)

Here is the confirmation email which is getting sent on password reset.

Started POST "/auth/password?email=user@user.com&redirect_url=foo" for ::1 at 2015-09-24 14:04:05 +0530 Processing by

DeviseTokenAuth::PasswordsController#create as / Parameters: {"email"=>"user@user.com", "redirect_url"=>"foo"} Unpermitted parameter: redirect_url Unpermitted parameter: redirect_url User Load (66.5ms) SELECT users.* FROM users WHERE (BINARY uid = 'user@user.com' AND provider='email') ORDER BY users.id ASC LIMIT 1 User Load (9.8ms) SELECT users.* FROM users WHERE users.reset_password_token = '0b3dfdf3a80dce289df8c2cb16c528614b302534264e85e747c4f6b51583da15' ORDER BY users.id ASC LIMIT 1 (0.1ms) BEGIN SQL (17.7ms) UPDATE users SET reset_password_token = '0b3dfdf3a80dce289df8c2cb16c528614b302534264e85e747c4f6b51583da15', reset_password_sent_at = '2015-09-24 08:34:05', updated_at = '2015-09-24 08:34:05' WHERE users.id = 6 (63.9ms) COMMIT
Rendered /home/anjan/.rvm/gems/ruby-2.2.3/gems/devise_token_auth-0.1.34/app/views/devise/mailer/reset_password_instructions.html.erb (16.2ms)

Devise::Mailer#reset_password_instructions: processed outbound mail in 424.3ms

Sent mail to user@user.com (64.4ms) Date: Thu, 24 Sep 2015 14:04:06 +0530 From: account@qzick.com Reply-To: account@qzick.com To: user@user.com Message-ID: <5603b57e80ae0_1cb520cceb4374ed@anjanbetsy.mail> Subject: Reset password instructions Mime-Version: 1.0 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit email: user@user.com provider: email redirect-url: foo client-config: default

Hello user@user.com!

Someone has requested a link to change your password. You can do this through the link below.

Change my password

If you didn't request this, please ignore this email.

Your password won't change until you access the link above and create a new one.

Completed 200 OK in 979ms (Views: 0.6ms | ActiveRecord: 158.1ms)

Guys would appreciate nay help with this. Even is it any issue the token sent in mail is different form the one generated.? is this suposed to be this way.

Below is my User model.

{"token"=>"$2a$10$l766Mu/s8IUIHi9r3sz40ODQk2R.YDo283JQ.82Lijb3fjJ5Unqgq", "expiry"=>1444283710}, "H2Cqp2kIt56BYikqXp1HgA"=>{"token"=>"$2a$10$upMCA8ZKLXvq9VjVaz2Vp.sZu7zr2lSTCFrxWnBmg4wC2gQrW9sIW", "expiry"=>1444293849}}, created_at: "2015-09-24 05:55:10", updated_at: "2015-09-24 08:44:09">

Here is my User model file as below

class User < ActiveRecord::Base
  # Include default devise modules.
  devise :database_authenticatable, :registerable,
          :recoverable, :rememberable, :trackable, :validatable,
          :omniauthable
  include DeviseTokenAuth::Concerns::User
  #Deleted ":confirmable," from above
end

Below is my schema.

ActiveRecord::Schema.define(version: 20150921074353) do

  create_table "users", force: :cascade do |t|
    t.string   "provider",               limit: 255,   default: "email", null: false
    t.string   "uid",                    limit: 255,   default: "",      null: false
    t.string   "encrypted_password",     limit: 255,   default: "",      null: false
    t.string   "reset_password_token",   limit: 255
    t.datetime "reset_password_sent_at"
    t.datetime "remember_created_at"
    t.integer  "sign_in_count",          limit: 4,     default: 0,       null: false
    t.datetime "current_sign_in_at"
    t.datetime "last_sign_in_at"
    t.string   "current_sign_in_ip",     limit: 255
    t.string   "last_sign_in_ip",        limit: 255
    t.string   "confirmation_token",     limit: 255
    t.datetime "confirmed_at"
    t.datetime "confirmation_sent_at"
    t.string   "unconfirmed_email",      limit: 255
    t.string   "name",                   limit: 255
    t.string   "nickname",               limit: 255
    t.string   "image",                  limit: 255
    t.string   "email",                  limit: 255
    t.text     "tokens",                 limit: 65535
    t.datetime "created_at"
    t.datetime "updated_at"
  end

  add_index "users", ["email"], name: "index_users_on_email", using: :btree
  add_index "users", ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true, using: :btree
  add_index "users", ["uid", "provider"], name: "index_users_on_uid_and_provider", unique: true, using: :btree

end

My PasswordController file is as below: 

class PasswordController < ApplicationController
  config.action_controller.action_on_unpermitted_parameters = :log
end
Anjan
  • 386
  • 2
  • 13
  • Can you post your User model file, if possible? To check that the devise options specified there are correct.... – Marco Sandrini Sep 24 '15 at 10:41
  • @MarcoSandrini Please check I have edited the question and included my User model file at the bottom. Thanks a lot for your help – Anjan Sep 24 '15 at 11:27
  • Ok, and now we would need to have a more thorough dump of the User table, cause from what you posted, it seems that the user table does not contain a reset_password_token column... – Marco Sandrini Sep 24 '15 at 11:41
  • @MarcoSandrini Have added my schema.rb file at the bottom Can you please have a look. Thanks again – Anjan Sep 24 '15 at 11:48
  • Again, everything looks ok. Have you checked this issue? https://github.com/lynndylanhurley/devise_token_auth/issues/160 – Marco Sandrini Sep 24 '15 at 11:59
  • @MarcoSandrini I did that still the same failure message pesists. Have added my PasswordController file at the bottom, can you please have a look at it. Thanks a ton. – Anjan Sep 24 '15 at 12:08
  • The line you added should go to application.rb, not to the password controller.... – Marco Sandrini Sep 24 '15 at 12:14
  • What should my password controller look like can you please help about that how to call this config in my passsword controller as over ride @MarcoSandrini – Anjan Sep 24 '15 at 12:29
  • Jsut remove the password controller file (you don't need to override anything from it) – Marco Sandrini Sep 24 '15 at 12:44
  • Done all that it still doesnt work @MarcoSandrini – Anjan Sep 24 '15 at 13:24
  • Then I am afraid I have run out of ideas :( – Marco Sandrini Sep 24 '15 at 14:30
  • @MarcoSandrini Thanks a lot ... appreciate your help and thanks again for your time – Anjan Sep 24 '15 at 14:57
  • How are you able to get the `redirect_url` in the email sent to user? I am doing the same thing, but still no success: http://stackoverflow.com/questions/36262609/redirect-url-is-missing-in-email-instructions-sent-to-the-user-for-password-rese – Vipin Verma Mar 29 '16 at 06:21

1 Answers1

4

I faced some crazy difficulties working through this, too. Here's what I had to do go get it working with an AngularJS front end and Rails back:

Override the PasswordsController create, update, edit, and after_resetting_password_path_for

For the create and update functions, the primary issue was that I needed it to render a json response, so where it says something like respond_with resource I changed to render json: resource, status: <status>, && return (you can change resource and status to what you need for your application, same with the render method)

For edit, instead of using after_sending_reset_password_instructions_path_for, I grabbed the redirect URL from the email and simply do a redirect_to params[:redirect_url]

and I changed after_resetting_password_path_for to redirect where I want the user to be logged in to.

I also had to change the reset_password_instructions.html.erb template. the line which contains edit_password_url to this:

<p><%= link_to t('.password_change_link'), edit_password_url(@resource, reset_password_token: @token, config: 'default', redirect_url: message['redirect-url'].to_s+'?reset_token='+@token).html_safe %></p>

Then in routes.rb, I had to let devise know to use my controller:

mount_devise_token_auth_for 'User', at: 'auth', controllers: { passwords: 'passwords' }

I hope that helps!

Justin Kruse
  • 1,020
  • 12
  • 27