Devise Giving Token Is Invalid Error After Updating Devise Or Devise Invitable

Posted by Weston Ganger on September 21, 2015

I have upgraded devise in some legacy app and got tripped up by this before.

With the release of Devise 3.1.0 they changed to using hashes of the token.

# app/views/devise/mailer/reset_password_instructions.html.erb

# Change this Line
edit_password_url(@resource, reset_password_token: @resource.password_reset_token)

# To This
edit_password_url(@resource, reset_password_token: @token)

This change should be applied to the all pages in app/views/devise/mailer/ which includes confirmation, invitation, password reset, and unlock.

Also if you are upgrading from an old version of devise_invitable. Make Sure you remove the 60 character limit on the invitation token column in users.

class RemoveLimitOnInvitationToken < ActiveRecord::Migration
  def up
    change_column :users, :invitation_token, :string, limit: nil

  def down
    change_column :users, :invitation_token, :string, limit: 60

It should now have proper tokens in the email link.

Related External Links:

Posted in Rails and Tagged with devise token 

Need help on your next project or application?

I specialize in Ruby-on-Rails, AngularJS, Javascript, Bootstrap, and Hybrid Mobile Apps with Cordova & Ionic.

Contact Me

Recommended Posts