devise_invitable icon indicating copy to clipboard operation
devise_invitable copied to clipboard

Published 20 hours ago verified publisher icon scambra

raw_invitation_token not matching invitation_token saved in DB after invite!

Open LeonardSellam opened this issue 4 years ago • 4 comments
trafficstars

devise (4.8.0) devise_invitable (2.0.5)

I have the following issue :

1 - Opening a console in local development, I run User.invite!(email: '[email protected]') 2 - It creates a User in the DB with a particular invitation_token. The invitation email is displayed in the terminal (config.action_mailer.default_url_options = { host: 'localhost', port: 3000 }) 3 - I get the MY_TOKEN_IN_EMAIL in the link provided in the email, and try: Devise.token_generator.digest(User, :invitation_token, MY_TOKEN_IN_EMAIL) it returns different token that the on saved in DB.

The result of this is that the link in the email is not working.

However, if I keep the user created (let's call it my_user), and run :

raw, enc = Devise.token_generator.generate(User, :invitation_token), and the my_user.update(invitation_token: enc), the raw token will work.

Any idea ?

Happy to give more information if need. Thanks a lot.

LeonardSellam avatar Aug 15 '21 15:08 LeonardSellam

I have tested in new app, and I can't reproduce it

DeviseInvitable uses Devise.token_generator.generate and Devise.token_generator.digest, as devise does in recoverable module. Can you try with a user and code from recoverable? Try calling raw = set_reset_password_token and User.with_reset_password_token(raw). These methods in Devise.token_generate are defined in devise gem, you may get more help creating an issue in devise project.

scambra avatar Aug 20 '21 22:08 scambra

@scambra It's totally my fault. After hours, I realised that in the mail displayed inside the terminal the token was prefixed with 3D(see quote-printable system). When you remove it, it works perfectly 😅

I can either suggest something to add to the Readme (if you think more people will struggle with it) or close the issue. Let me know.

LeonardSellam avatar Aug 24 '21 19:08 LeonardSellam

You can push a pull request improving README, it would only happen if email is read from rails console or rails log, if you receive email, email reader will display right url

scambra avatar Aug 24 '21 21:08 scambra

Thank you @LeonardSellam!!! I just encountered the same issue, doing a copy paste from the log, and the '3D'-prefix was included.

henningjensen avatar Mar 11 '22 19:03 henningjensen

Same issue here, I kept copying the accept URL with the 3D= in the token, removing that before visiting the URL fixed it.

dchapman1988 avatar Jan 23 '23 22:01 dchapman1988