Module: Devise::Models::Recoverable

Extended by:
ActiveSupport::Concern
Defined in:
lib/devise/models/recoverable.rb

Overview

Recoverable takes care of resetting the user password and send reset instructions.

Options

Recoverable adds the following options to devise_for:

* +reset_password_keys+: the keys you want to use when recovering the password for an account
* +reset_password_within+: the time period within which the password must be reset or the token expires.
* +sign_in_after_reset_password+: whether or not to sign in the user automatically after a password reset.

Examples

# resets the user password and save the record, true if valid passwords are given, otherwise false
User.find(1).reset_password('password123', 'password123')

# only resets the user password, without saving the record
user = User.find(1)
user.reset_password('password123', 'password123')

# creates a new token and send it with instructions about how to reset the password
User.find(1).send_reset_password_instructions

Defined Under Namespace

Modules: ClassMethods

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.required_fields(klass) ⇒ Object



29
30
31
# File 'lib/devise/models/recoverable.rb', line 29

def self.required_fields(klass)
  [:reset_password_sent_at, :reset_password_token]
end

Instance Method Details

#clear_reset_password_tokenObject (protected)

Removes reset_password token



96
97
98
99
# File 'lib/devise/models/recoverable.rb', line 96

def clear_reset_password_token
  self.reset_password_token = nil
  self.reset_password_sent_at = nil
end

#reset_password(new_password, new_password_confirmation) ⇒ Object

Update password saving the record and clearing token. Returns true if the passwords are valid and the record was saved, false otherwise.



43
44
45
46
47
48
49
50
51
52
53
# File 'lib/devise/models/recoverable.rb', line 43

def reset_password(new_password, new_password_confirmation)
  self.password = new_password
  self.password_confirmation = new_password_confirmation

  if respond_to?(:after_password_reset) && valid?
    ActiveSupport::Deprecation.warn "after_password_reset is deprecated"
    after_password_reset
  end

  save
end

#reset_password!(new_password, new_password_confirmation) ⇒ Object



55
56
57
58
# File 'lib/devise/models/recoverable.rb', line 55

def reset_password!(new_password, new_password_confirmation)
  ActiveSupport::Deprecation.warn "reset_password! is deprecated in favor of reset_password"
  reset_password(new_password, new_password_confirmation)
end

#reset_password_period_valid?Boolean

Checks if the reset password token sent is within the limit time. We do this by calculating if the difference between today and the sending date does not exceed the confirm in time configured. Returns true if the resource is not responding to reset_password_sent_at at all. reset_password_within is a model configuration, must always be an integer value.

Example:

# reset_password_within = 1.day and reset_password_sent_at = today
reset_password_period_valid?   # returns true

# reset_password_within = 5.days and reset_password_sent_at = 4.days.ago
reset_password_period_valid?   # returns true

# reset_password_within = 5.days and reset_password_sent_at = 5.days.ago
reset_password_period_valid?   # returns false

# reset_password_within = 0.days
reset_password_period_valid?   # will always return false

Returns:

  • (Boolean)


89
90
91
# File 'lib/devise/models/recoverable.rb', line 89

def reset_password_period_valid?
  reset_password_sent_at && reset_password_sent_at.utc >= self.class.reset_password_within.ago
end

#send_reset_password_instructionsObject

Resets reset password token and send reset password instructions by email. Returns the token sent in the e-mail.



62
63
64
65
66
67
# File 'lib/devise/models/recoverable.rb', line 62

def send_reset_password_instructions
  token = set_reset_password_token
  send_reset_password_instructions_notification(token)

  token
end

#send_reset_password_instructions_notification(token) ⇒ Object (protected)



110
111
112
# File 'lib/devise/models/recoverable.rb', line 110

def send_reset_password_instructions_notification(token)
  send_devise_notification(:reset_password_instructions, token, {})
end

#set_reset_password_tokenObject (protected)



101
102
103
104
105
106
107
108
# File 'lib/devise/models/recoverable.rb', line 101

def set_reset_password_token
  raw, enc = Devise.token_generator.generate(self.class, :reset_password_token)

  self.reset_password_token   = enc
  self.reset_password_sent_at = Time.now.utc
  self.save(validate: false)
  raw
end