Home/ Questions/Q 9273417
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-18T16:06:38+00:00

I am using Devise with my Rails 3 application. The current behavior for resetting

  • 0

I am using Devise with my Rails 3 application. The current behavior for resetting a password, is to click on the “Forgot your password?” link. The link here is:

(url)/password/new.user

Which will call the following method in the Devise passwords_controller.rb:

def new
    build_resource({})
end

This method will do:

  1. generates the password reset token and adds it to the database,

  2. sends an email to the person with a link that includes the token:

    (url)/password/edit?reset_password_token=xxxxxxxxxxxxxxx

Is there any way to convince Devise to perform step 1 ONLY and not step 2? Are there any security issues I should be aware of if this is possible, and I did take this approach in an effort to simplify a portion of the web site.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I would recommend overriding send_devise_notification on your User (?) model and return true when the notification value is :reset_password_instructions. Something like this:

    # app/models/user.rb
def send_devise_notification(notification)
    return true if notification == :reset_password_instructions
end

    Check their example on how to override/customize behavior for sending emails
    https://github.com/plataformatec/devise/blob/master/lib/devise/models/authenticatable.rb#L127

    • 0