0

I have a rails 3.2 app and I'm using devise for authentication.

I recently went to test to the password reset functionality and noticed that while the reset password appears to work (the app lets you reset the password and then logs you in) if I log out of the app and then try to log in again I cannot log in. The app reports that I have an invalid email/password combo.

I've checked that the DB is getting updated with and the reset_password_[token/sent_at] fields are getting updated correctly. The object (User object) is getting updated as well according to the timestamp. BUT, I can no longer log in with the password I just used.

I'm not sure what might be causing this. I've seen some one other related one other related post about this same issue but it doesn't really have an answer - only a clue: the salt/pepper logic.

What would allow the user to change their password but not log in again? Any ideas?

Current ENV: Rails 3.2 Devise 2.2.4 Ruby 1.9.3

4

1 回答 1

0

我解决了这个问题。我团队中的另一位开发人员在 User 对象上添加了 before_validation 回调,该回调正在为新用户生成随机密码(因为新的更简单的注册过程),他们忘记编写密码更新测试。因此,当密码更新时,会调用 before_validation 回调并生成新的随机密码。修复了这个问题并编写了一些测试,现在它可以正常工作了。

于 2013-08-02T00:22:18.183 回答