The "Reset password token is invalid" message in Rails with Devise usually indicates an issue with the token provided during the password reset process. This message occurs when the token passed in the password reset URL does not match the one stored in the database or has expired.

Here are some common reasons and solutions for this issue:

  1. Token Expiry: Devise provides an option to set the token expiry period for password reset links. By default, the token is valid for 2 hours. If the user tries to reset the password after the token has expired, the "Reset password token is invalid" message will appear. You can adjust the token expiry period in the Devise initializer:

    # config/initializers/devise.rb config.reset_password_within = 6.hours # Set the token expiry to 6 hours
  2. Timezone Differences: If your application's server and database are in different timezones or if you are using a distributed database system, ensure that the time on both systems is synchronized. Token validation may fail if the token creation time on the server is ahead of or behind the database's time.

  3. URL Encoding Issues: Make sure the password reset URL passed to the user's email is correctly encoded. Improper URL encoding can result in the token being interpreted differently or getting truncated, leading to an invalid token error.

  4. Custom Token Generation: If you have customized the token generation process, ensure that the custom token generation logic correctly handles the token's expiration and uniqueness.

  5. Token Validation: Double-check the implementation of Devise's reset_password_by_token method in your User model. Verify that it correctly validates the token against the database record and returns the correct user or the "Reset password token is invalid" message.

  6. Database Issue: Check for any database-related issues, such as connection problems or data corruption, which might lead to incorrect token validation.

  7. Session or Cookie Issues: Ensure that your application's session and cookie settings are configured correctly. An issue with sessions or cookies can interfere with token validation.

  8. Middleware Order: If you are using any middleware that alters the request URL or headers, it might interfere with the password reset process. Make sure the Devise middleware is placed correctly in the middleware stack.

By addressing these potential causes, you should be able to resolve the "Reset password token is invalid" message during the password reset process in Rails with Devise. Double-check your implementation, settings, and configurations to ensure everything is working as expected.

Have questions or queries?
Get in Touch