module Devise::Models::Recoverable

Recoverable takes care of resetting the user password and send reset instructions.

Options

Recoverable adds the following options to devise:

* +reset_password_keys+: the keys you want to use when recovering the password for an account
* +reset_password_within+: the time period within which the password must be reset or the token expires.
* +sign_in_after_reset_password+: whether or not to sign in the user automatically after a password reset.

Examples

# resets the user password and save the record, true if valid passwords are given, otherwise false
User.find(1).reset_password('password123', 'password123')

# creates a new token and send it with instructions about how to reset the password
User.find(1).send_reset_password_instructions

Public Class Methods

required_fields(klass) click to toggle source
# File lib/devise/models/recoverable.rb, line 27
def self.required_fields(klass)
  [:reset_password_sent_at, :reset_password_token]
end

Public Instance Methods

reset_password(new_password, new_password_confirmation) click to toggle source

Update password saving the record and clearing token. Returns true if the passwords are valid and the record was saved, false otherwise.

# File lib/devise/models/recoverable.rb, line 37
def reset_password(new_password, new_password_confirmation)
  if new_password.present?
    self.password = new_password
    self.password_confirmation = new_password_confirmation
    save
  else
    errors.add(:password, :blank)
    false
  end
end
reset_password_period_valid?() click to toggle source

Checks if the reset password token sent is within the limit time. We do this by calculating if the difference between today and the sending date does not exceed the confirm in time configured. Returns true if the resource is not responding to reset_password_sent_at at all. reset_password_within is a model configuration, must always be an integer value.

Example:

# reset_password_within = 1.day and reset_password_sent_at = today
reset_password_period_valid?   # returns true

# reset_password_within = 5.days and reset_password_sent_at = 4.days.ago
reset_password_period_valid?   # returns true

# reset_password_within = 5.days and reset_password_sent_at = 5.days.ago
reset_password_period_valid?   # returns false

# reset_password_within = 0.days
reset_password_period_valid?   # will always return false
# File lib/devise/models/recoverable.rb, line 77
def reset_password_period_valid?
  reset_password_sent_at && reset_password_sent_at.utc >= self.class.reset_password_within.ago.utc
end
send_reset_password_instructions() click to toggle source

Resets reset password token and send reset password instructions by email. Returns the token sent in the e-mail.

# File lib/devise/models/recoverable.rb, line 50
def send_reset_password_instructions
  token = set_reset_password_token
  send_reset_password_instructions_notification(token)

  token
end

Protected Instance Methods

clear_reset_password_token() click to toggle source

Removes reset_password token

# File lib/devise/models/recoverable.rb, line 84
def clear_reset_password_token
  self.reset_password_token = nil
  self.reset_password_sent_at = nil
end
clear_reset_password_token?() click to toggle source
# File lib/devise/models/recoverable.rb, line 102
def clear_reset_password_token?
  encrypted_password_changed = devise_respond_to_and_will_save_change_to_attribute?(:encrypted_password)
  authentication_keys_changed = self.class.authentication_keys.any? do |attribute|
    devise_respond_to_and_will_save_change_to_attribute?(attribute)
  end

  authentication_keys_changed || encrypted_password_changed
end
send_reset_password_instructions_notification(token) click to toggle source
# File lib/devise/models/recoverable.rb, line 98
def send_reset_password_instructions_notification(token)
  send_devise_notification(:reset_password_instructions, token, {})
end
set_reset_password_token() click to toggle source
# File lib/devise/models/recoverable.rb, line 89
def set_reset_password_token
  raw, enc = Devise.token_generator.generate(self.class, :reset_password_token)

  self.reset_password_token   = enc
  self.reset_password_sent_at = Time.now.utc
  save(validate: false)
  raw
end