mercredi 26 septembre 2018

Resend reset password confirmation token

I am using Devise with Rails for authentication and I am facing the issue that if a user clicks on Forgot Password multiple times and then click on an old email link then it throws an error for invalid confirmation token.

There is an issue on the Devise Github repo where it is suggested that it is bad practice to check if there is an existing reset password token

Is there a way I can fix this issue?

I read multiple blogs online which focus on the fact that it is unsafe to allow multiple reset password tokens to be valid.




Aucun commentaire:

Enregistrer un commentaire