I have upgraded devise in some legacy app and got tripped up by this before.
With the release of Devise 3.1.0 they changed to using hashes of the token.
# app/views/devise/mailer/reset_password_instructions.html.erb # Change this Line edit_password_url(@resource, reset_password_token: @resource.password_reset_token) # To This edit_password_url(@resource, reset_password_token: @token)
This change should be applied to the all pages in
app/views/devise/mailer/ which includes confirmation, invitation, password reset, and unlock.
Also if you are upgrading from an old version of
devise_invitable. Make Sure you remove the 60 character limit on the invitation token column in users.
class RemoveLimitOnInvitationToken < ActiveRecord::Migration def up change_column :users, :invitation_token, :string, limit: nil end def down change_column :users, :invitation_token, :string, limit: 60 end end
It should now have proper tokens in the email link.
Related External Links: