Rails 4 + Devise: Password Reset is always giving a “Token is invalid” error on the production server, but works fine locally.

Question

I have a Rails 4 application set up to use Devise, and I\'m running a problem with password resets. I have the mailer set up, and the password reset email sends fine. The li

Answer 1

Check the code in app/views/devise/mailer/reset_password_instructions.html.erb

The link should be generated with:

edit_password_url(@resource, :reset_password_token => @token)

If your view still uses this code, that will be the cause of the issue:

edit_password_url(@resource, :reset_password_token => @resource.password_reset_token)

Devise started storing hashes of the token, so the email needs to create the link using the real token (@token) rather than the hashed value stored in the database.

This change occurred in Devise in 143794d701