Module: Devise::Models::Recoverable

Extended by:

ActiveSupport::Concern

Defined in:

lib/devise/models/recoverable.rb

Overview

Recoverable takes care of resetting the user password and send reset instructions.

Options

Recoverable adds the following options to devise_for:

* +reset_password_keys+: the keys you want to use when recovering the password for an account

Examples

# resets the user password and save the record, true if valid passwords are given, otherwise false
User.find(1).reset_password!('password123', 'password123')

# only resets the user password, without saving the record
user = User.find(1)
user.reset_password('password123', 'password123')

# creates a new token and send it with instructions about how to reset the password
User.find(1).send_reset_password_instructions

Defined Under Namespace

Modules: ClassMethods

Class Method Summary

• .required_fields(klass) ⇒ Object

Instance Method Summary

• #after_password_reset ⇒ Object protected
• #clear_reset_password_token ⇒ Object protected

  Removes reset_password token.

• #generate_reset_password_token ⇒ Object protected

  Generates a new random token for reset password.

• #generate_reset_password_token! ⇒ Object protected

  Resets the reset password token with and save the record without validating.

• #reset_password!(new_password, new_password_confirmation) ⇒ Object

  Update password saving the record and clearing token.

• #reset_password_period_valid? ⇒ Boolean

  Checks if the reset password token sent is within the limit time.

• #send_reset_password_instructions ⇒ Object

  Resets reset password token and send reset password instructions by email.

• #should_generate_reset_token? ⇒ Boolean protected

Class Method Details

.required_fields(klass) ⇒ Object

# File 'lib/devise/models/recoverable.rb', line 27

def self.required_fields(klass)
  [:reset_password_sent_at, :reset_password_token]
end

Instance Method Details

#after_password_reset ⇒ Object (protected)

# File 'lib/devise/models/recoverable.rb', line 100

def after_password_reset
end

#clear_reset_password_token ⇒ Object (protected)

Removes reset_password token

# File 'lib/devise/models/recoverable.rb', line 95

def clear_reset_password_token
  self.reset_password_token = nil
  self.reset_password_sent_at = nil
end

#generate_reset_password_token ⇒ Object (protected)

Generates a new random token for reset password

# File 'lib/devise/models/recoverable.rb', line 82

def generate_reset_password_token
  self.reset_password_token = self.class.reset_password_token
  self.reset_password_sent_at = Time.now.utc
  self.reset_password_token
end

#generate_reset_password_token! ⇒ Object (protected)

Resets the reset password token with and save the record without validating

# File 'lib/devise/models/recoverable.rb', line 90

def generate_reset_password_token!
  generate_reset_password_token && save(:validate => false)
end

#reset_password!(new_password, new_password_confirmation) ⇒ Object

Update password saving the record and clearing token. Returns true if the passwords are valid and the record was saved, false otherwise.

# File 'lib/devise/models/recoverable.rb', line 33

def reset_password!(new_password, new_password_confirmation)
  self.password = new_password
  self.password_confirmation = new_password_confirmation

  if valid?
    clear_reset_password_token
    after_password_reset
  end

  save
end

#reset_password_period_valid? ⇒ Boolean

Checks if the reset password token sent is within the limit time. We do this by calculating if the difference between today and the sending date does not exceed the confirm in time configured. Returns true if the resource is not responding to reset_password_sent_at at all. reset_password_within is a model configuration, must always be an integer value.

Example:

# reset_password_within = 1.day and reset_password_sent_at = today
reset_password_period_valid?   # returns true

# reset_password_within = 5.days and reset_password_sent_at = 4.days.ago
reset_password_period_valid?   # returns true

# reset_password_within = 5.days and reset_password_sent_at = 5.days.ago
reset_password_period_valid?   # returns false

# reset_password_within = 0.days
reset_password_period_valid?   # will always return false

# File 'lib/devise/models/recoverable.rb', line 71

def reset_password_period_valid?
  reset_password_sent_at && reset_password_sent_at.utc >= self.class.reset_password_within.ago
end

#send_reset_password_instructions ⇒ Object

Resets reset password token and send reset password instructions by email

# File 'lib/devise/models/recoverable.rb', line 46

def send_reset_password_instructions
  generate_reset_password_token! if should_generate_reset_token?
  send_devise_notification(:reset_password_instructions)
end

#should_generate_reset_token? ⇒ Boolean (protected)

# File 'lib/devise/models/recoverable.rb', line 77

def should_generate_reset_token?
  reset_password_token.nil? || !reset_password_period_valid?
end