Rails - Devise - Disable Reset Password Token expiration time

Question

I currently working on a Rails app with devise authentication. I need to disabled the token expiration for reset password. According to Devise Documentation on Recoverable there is not configuration to do that. The only method I think to make this works is to override Recoverable and the reset_password_period_valid? function to always return true. But I not sure if is the best/proper solution.

Current on my devise.rb I have:

  # ==> Configuration for :recoverable
  #
  # Defines which key will be used when recovering the password for an account
  # config.reset_password_keys = [ :email ]

  # Time interval you can reset your password with a reset password key.
  # Don't put a too small interval or your users won't have the time to
  # change their passwords.
  config.reset_password_within = 2.hours

score 2 · Answer 1 · answered Mar 02 '20 at 13:15

2

You can set it as 10 years, for example, and it will be like disabled token expiration.

answered Mar 02 '20 at 13:15

Vasiliy Novikov

341
1
7

Yes, I propose that but i found a better solution using `devise-invitable` gem. – David Roth Mar 06 '20 at 21:38

Rails - Devise - Disable Reset Password Token expiration time

1 Answers1