devise token auth find user with password reset token

Question

I'm using devise token auth and I'm setting up password reset process. When I click the reset link in the email, it has the url parameter reset_password_token=hK3yxC1zVZCbWL8WgqKM but when in the rails console I do

2.5.1 :004 > User.first.reset_password_token
  User Load (0.6ms)  SELECT  "users".* FROM "users" ORDER BY "users"."id" ASC LIMIT $1  [["LIMIT", 1]]
 => "ab432079e4e8aacfa0ecb5df17a7cea169990b0e0809ea9553248064220471a7"

These tokens do not match but they should. Is it encoded somehow and if so how can I find a user which has a token?

score 1 · Answer 1 · answered Mar 17 '19 at 06:39

1

What is stored in the database, is the Digest::SHA256.

token = "hK3yxC1zVZCbWL8WgqKM"
Digest::SHA256.hexdigest token
#⇒ "ae74625ac2357c8f2de0f3f52647aaee191dbba5d383f8ec5822cfec5c24384e"

One obviously cannot revert it back to token, one can only hexdigest the token that came from the user and compare it against what is stored in the database.

answered Mar 17 '19 at 06:39

Aleksei Matiushkin

119,336
10
100
160

Okay, so how will I be able to find a user with the matching token? – RM64 Mar 23 '19 at 01:51

devise token auth find user with password reset token

1 Answers1