Dispatch token after reset password flow
mvaragnat opened this issue · comments
Expected behavior
After I
- click on "forgot password",
- sent my reset password request,
- receive the reset instruction email with the link with the reset token
- submit the form with the new password, password confirmation, and reset token
- and receive a success response from the server
I expect
- the server response to come up with an Authorization header with the bearer token
- so I can log in the user
Actual behavior
I receive the successful response without token, to I have to redirect user to the login page
Is this the expected behavior ? Is there a configuration option to provide that would change the behavior, and/or a way to overwrite PasswordsController#update to send the token ?
Hi @mvaragnat you need to add the dispatch requests path in devise.rb. For ex.
config.jwt do |jwt|
jwt.secret = Rails.application.credentials.devise[:jwt_secret_key]
jwt.dispatch_requests = [['POST', %r{^/api/v1/sign_in$}],
['PUT', %r{^/api/v1/users/password$}]
]
end
So here you need to add or modify the path according to your reset password update path. Then it will dispatch the token after successfully sign in.
Yeah. It could be supported if we change code around this line
Hi @mvaragnat you need to add the dispatch requests path in devise.rb. For ex.
config.jwt do |jwt|
jwt.secret = Rails.application.credentials.devise[:jwt_secret_key]
jwt.dispatch_requests = [['POST', %r{^/api/v1/sign_in$}],
['PUT', %r{^/api/v1/users/password$}]
]
end
So here you need to add or modify the path according to your reset password update path. Then it will dispatch the token after successfully sign in.
Sorry I forgot to reply and thank you for the tip. This worked fine !
Yeah. It could be supported if we change code around this line
it could be made default, because I assume you always want to log in your user after a successful password reset, instead of asking them to enter it again on a login screen ?
Anyways, thanks for the help, I'm closing the issue now