Home/ Questions/Q 4613298
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-22T01:31:41+00:00

In my app for a certain use case I create a new user (programmatically

  • 0

In my app for a certain use case I create a new user (programmatically set the password) and send them a confirmation email.

I would like them to be able to change their password immediately after confirming (without having to enter the system generated one which I don’t want to send them)

In effect I would like
1) System creates a new user account with generated password.
2) System sends confirmation email.
3) User clicks confirmation and is redirected to enter in their password (effectively send them to a URL like below) 

<a href="http://localhost:3000/users/password/edit?reset_password_token=v5Q3oQGbsyqAUUxyqLtb">Change my password</a>

Any help / pointers would be great.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    A simple way to have just one step for users to confirm email address and set initial password using the link you proposed…

    Send one email your app generates, including a reset_password_token, and consider user’s possession of that token confirmation of the validity of that email address.

    In system account generation code, assuming User model is set up with :recoverable and :database_authenticatable Devise modules… 

    acct = User.new
acct.password = User.reset_password_token #won't actually be used...  
acct.reset_password_token = User.reset_password_token 
acct.email = "user@usercompany.com" #assuming users will identify themselves with this field
#set other acct fields you may need
acct.save

    Make the devise reset password view a little clearer for users when setting initial password.

    views/devise/passwords/edit.html.erb

    ...
<%= "true" == params[:initial] ? "Set your password" : "Reset your password" %>
...

    Generated Email

    Hi <%= @user.name %>
An account has been generated for you.
Please visit www.oursite.com/users/password/edit?initial=true&reset_password_token=<%= @user.reset_password_token %> to set your password.

    No need to include :confirmable Devise module in your User model, since accounts created by your app won’t get accessed without the reset_password_token in the email.

    Devise will handle the submit and clear the reset_password_token field.

    See devise_gem_folder/lib/devise/models/recoverable.rb and database_authenticatable.rb for details on reset_password_token method and friends.

    If you want to use Devise :confirmable module rather than this approach, see the Devise wiki page.

    • 0