I have a rails 3.2 app and I'm using devise for authentication.
I recently went to test to the password reset functionality and noticed that while the reset password appears to work (the app lets you reset the password and then logs you in) if I log out of the app and then try to log in again I cannot log in. The app reports that I have an invalid email/password combo.
I've checked that the DB is getting updated with and the reset_password_[token/sent_at] fields are getting updated correctly. The object (User object) is getting updated as well according to the timestamp. BUT, I can no longer log in with the password I just used.
I'm not sure what might be causing this. I've seen some one other related one other related post about this same issue but it doesn't really have an answer - only a clue: the salt/pepper logic.
What would allow the user to change their password but not log in again? Any ideas?
Current ENV: Rails 3.2 Devise 2.2.4 Ruby 1.9.3