I am currently developing a simple application using devise in version 4.2.5 of rails, but now I need to reset my password without using email.
So I thought I'd prepare a secret question and answer column in the users table and make a password reset using the following steps:
de Rewrite the password reset link on the device login screen and click here to go to the screen where all users select their names.
②Select a name to go to the form to select a secret question and the form to enter an answer.
③Submit questions and answers, and if they are the same as previously registered ones, display the password change entry form and password confirmation form (if not, display a statement to that effect)
④Enter and submit a new password to inform you that the password has been changed and go to the login screen
I was able to make a conditional branch of の among them, but I don't know how to make a form to change the password.
Therefore, I have a question, but is it possible to implement password reset without using email in the first place?
Also, if possible, how can I change the password?
It's only been about a month and I don't know anything about it, so I may not know if it's difficult, but I look forward to hearing from you.
user.update(password: 'hogehoge', password_confirmation: 'hogehoge')
You can change the password itself, so you simply need to create a form to enter this information.Please refer to the Edit Password form in Device.
Before doing so, it would be better to consider whether procedures such as the question really meet the required security level and whether implementation is possible accordingly.For example, "secret questions and answers" password resets are not considered very security-wise, but are you considering risks?
Also, the authentication mechanism is simple enough to handle the normal system, so you can feel for it, but it is very difficult to implement the complete system including the abnormal system.You may have created a "user can reset their own password" feature, but the actual implementation may be "any user can reset their password."
Yes, it's possible.
It seems that you have already created a form to select a secret question and a form to enter an answer, so you can implement a form to rewrite the password of user (assuming that the model using device is user) in a similar way.
© 2024 OneMinuteCode. All rights reserved.