How do I reset my password without using mail in rails device?

Asked 2 years ago, Updated 2 years ago, 63 views

I am currently developing a simple application using devise in version 4.2.5 of rails, but now I need to reset my password without using email.
So I thought I'd prepare a secret question and answer column in the users table and make a password reset using the following steps:

de Rewrite the password reset link on the device login screen and click here to go to the screen where all users select their names.
②Select a name to go to the form to select a secret question and the form to enter an answer.
③Submit questions and answers, and if they are the same as previously registered ones, display the password change entry form and password confirmation form (if not, display a statement to that effect)
④Enter and submit a new password to inform you that the password has been changed and go to the login screen

I was able to make a conditional branch of の among them, but I don't know how to make a form to change the password.
Therefore, I have a question, but is it possible to implement password reset without using email in the first place?
Also, if possible, how can I change the password?
It's only been about a month and I don't know anything about it, so I may not know if it's difficult, but I look forward to hearing from you.

ruby-on-rails devise

2022-09-29 22:04

2 Answers

user.update(password: 'hogehoge', password_confirmation: 'hogehoge')

You can change the password itself, so you simply need to create a form to enter this information.Please refer to the Edit Password form in Device.

Before doing so, it would be better to consider whether procedures such as the question really meet the required security level and whether implementation is possible accordingly.For example, "secret questions and answers" password resets are not considered very security-wise, but are you considering risks?

Also, the authentication mechanism is simple enough to handle the normal system, so you can feel for it, but it is very difficult to implement the complete system including the abnormal system.You may have created a "user can reset their own password" feature, but the actual implementation may be "any user can reset their password."

2022-09-29 22:04

Yes, it's possible.
It seems that you have already created a form to select a secret question and a form to enter an answer, so you can implement a form to rewrite the password of user (assuming that the model using device is user) in a similar way.

2022-09-29 22:04

If you have any answers or tips

Popular Tags
python x 4647
android x 1593
java x 1494
javascript x 1427
c x 927
c++ x 878
ruby-on-rails x 696
php x 692
python3 x 685
html x 656
Popular Questions

709 When building Fast API+Uvicorn environment with PyInstaller, console=False results in an error

548 rails db:create error: Could not find mysql2-0.5.4 in any of the sources

642 /usr/bin/google-chrome:symbol lookup error:/usr/bin/google-chrome: undefined symbol:gbm_bo_get_modifier

537 Uncaught (inpromise) Error on Electron: An object could not be cloned

542 Unable to install versioned in Google Colab

© 2024 OneMinuteCode. All rights reserved.