I'm attempting to implement Railscast #274 in my app so I can provide a password reset option. I got to the point where I can type my email into a form for password resets and receive an email with a link to reset the password. Things start to go wrong when I enter my new password and attempt to save it. I ended up with an Action Controller:Exception caught. Here is what my log showed after I sent myself an email with the password_reset link:
Started GET "/password_resets/new" for 127.0.0.1 at 2012-01-26 00:50:42 -0500
Processing by PasswordResetsController#new as HTML
Clicking the password_reset link:
Started GET "/password_resets/qlslPnuOhdyMCNseMnV3bA/edit" for 127.0.0.1 at 2012-01-26 00:51:08 -0500
Processing by PasswordResetsController#edit as HTML
Parameters: {"id"=>"qlslPnuOhdyMCNseMnV3bA"}
Adding a new :password and :password_confirmation yields the error:
Started POST "/password_resets/qlslPnuOhdyMCNseMnV3bA" for 127.0.0.1 at 2012-01-26 00:53:08 -0500
Processing by PasswordResetsController#update as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"2egfT2lr35FhuVPWDB72vcS2zPlqC75tcyctRp61ZHw=", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "commit"=>"Update Password", "id"=>"qlslPnuOhdyMCNseMnV3bA"}
Started GET "/profiles/qlslPnuOhdyMCNseMnV3bA" for 127.0.0.1 at 2012-01-26 00:53:09 -0500
Processing by ProfilesController#show as HTML
Parameters: {"id"=>"qlslPnuOhdyMCNseMnV3bA"}
Profile Load (0.9ms) SELECT "profiles".* FROM "profiles" WHERE "profiles"."id" = 'qlslPnuOhdyMCNseMnV3bA' LIMIT 1
PGError: ERROR: invalid input syntax for integer: "qlslPnuOhdyMCNseMnV3bA"
LINE 1: ...ofiles".* FROM "profiles" WHERE "profiles"."id" = 'qlslPnuOh...
^
: SELECT "profiles".* FROM "profiles" WHERE "profiles"."id" = 'qlslPnuOhdyMCNseMnV3bA' LIMIT 1
Completed in 57ms
ActiveRecord::StatementInvalid (PGError: ERROR: invalid input syntax for integer: "qlslPnuOhdyMCNseMnV3bA"
LINE 1: ...ofiles".* FROM "profiles" WHERE "profiles"."id" = 'qlslPnuOh...
^
: SELECT "profiles".* FROM "profiles" WHERE "profiles"."id" = 'qlslPnuOhdyMCNseMnV3bA' LIMIT 1):
app/controllers/profiles_controller.rb:41:in `show'
In profiles_controller.rb:41 in show:
def show
@profile = Profile.find(params[:id])
@user = User.find(@profile.user_id)
..
end
Before doing this I dumped my database, ran rake:db create, then rake:db migrate before re-seeded the db. Could this be because I haven't run a script to give existing users a password_reset_token?
UPDATE: Including password_resets_controller.rb:
class PasswordResetsController < ApplicationController def new end
def create
@user = @User.find_by_email(params[:email])
if user
user.send_password_reset
redirect_to new_password_reset_path, :notice => "Check your email for password reset instructions."
else
redirect_to new_password_reset_path, :notice => "Sorry, we couldn't find that email. Please try again."
end
end
def edit
@user = User.find_by_password_reset_token!(params[:id])
end
def update
@user = User.find_by_password_reset_token!(params[:id])
if @user.password_reset_sent_at < 2.hours.ago
redirect_to new_password_reset_path, :alert => "Your password reset link has expired."
elsif @user.update_attributes(params[:user])
redirect_to profile_path, :notice => "Great news: Your password has been reset."
else
render :edit
end
end
end
Looks like the problem is in your
PasswordResetsController#update:The
redirect_to profile_pathin particular.If you look at the logs, you'll see this sequence:
and the routes should be
/password_resets/:idand/profiles/:id. The/password_resetswants the'qlslPnuOhdyMCNseMnV3bA'token but/profileswants the user's numeric ID.Going back to the controller we see this:
You don't tell
profile_pathwhich user to use so apparently it is grabbingparams[:id]to build the incorrect/profiles/qlslPnuOhdyMCNseMnV3bAURL. Try tellingprofile_pathwhich user to use with something like this: