18

In my rails 3 app using devise, I want to provide a link for users to edit their password.

I have a standard link that points to: /users/password/edit ... Log output below

Started GET "/users/password/edit" for 127.0.0.1 at 2011-08-10 10:11:46 -0700
  Processing by Devise::PasswordsController#edit as HTML
  User Load (0.6ms)  SELECT "users".* FROM "users" WHERE "users"."id" = 3 LIMIT 1
Redirected to http://localhost:3000/
Completed 302 Found in 309ms

Why is rails redirecting? Why can't I show the edit password page? Thanks

AnApprentice
  • 108,152
  • 195
  • 629
  • 1,012
  • 1
    show your `routes.rb` and `PasswordController` – fl00r Aug 10 '11 at 17:16
  • What's the reason for the redirect in the flash message? Is the user not logged in, because yeah, it'll redirect you to root if you're not logged in and trying to edit a password. – numbers1311407 Aug 10 '11 at 18:38
  • @numbers1311407 Actually the problem is that the user **is** logged in. This action is only for users who are **not** logged in, have forgotten their password, and have already received a reset password token. – M. Cypher Aug 10 '11 at 18:40
  • well what does the flash message say? That edit url should only be valid if there's a valid token parameter attached. – numbers1311407 Aug 10 '11 at 18:56

1 Answers1

32

Devise::PasswordsController#edit is for non-authenticated users who wish to change their password using a reset token. This reset token was previously sent to the user in an email (Reset password instructions). If the user is already logged in, this edit password page will always redirect to the after-sign-in path since it shouldn't be accessible to authenticated users.

I suppose what you want is to allow the user to change his password after logging in. You have to use Devise::RegistrationsController#edit for that.

M. Cypher
  • 6,966
  • 2
  • 34
  • 34
  • 2
    What if I'm using the edit action in the registration controller for other user profile information. I want to separate editing the user profile information (name, address, etc) and the password update – Batman Aug 04 '15 at 22:12
  • @Batman https://github.com/plataformatec/devise/wiki/How-To:-Allow-users-to-edit-their-password – Eben Geer Oct 27 '17 at 22:04
  • If that's true then why is there a view for it? Really confusing. – pguardiario Nov 03 '18 at 01:40
  • Im having this same issue. Following Michael Hartl's Ruby Tutorial on Lesson 12, Im not brought to the reset password form because it keeps redirecting me to the home page! The reason is because "Filter chain halted as :valid user rendered or redirected" – Jessica Jun 23 '19 at 17:05