Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Different invitation token -> invitation token is invalid #410

Closed
belgoros opened this issue Nov 28, 2013 · 3 comments
Closed

Different invitation token -> invitation token is invalid #410

belgoros opened this issue Nov 28, 2013 · 3 comments

Comments

@belgoros
Copy link

I can"t figure out the reason of the error "The invitation token provided is not valid!" when a User clicked on the linked received by email.
I could see that tokens in params and User search were different:

Started GET "/users/invitation/accept?invitation_token=a172dc623ba35066f37de602fdfff95e19cce2261871cab56ff7dabb27eed292" for 127.0.0.1 at 2013-11-28 11:49:17 +0100
Processing by Users::InvitationsController#edit as HTML
  Parameters: {"invitation_token"=>"a172dc623ba35066f37de602fdfff95e19cce2261871cab56ff7dabb27eed292"}

Now in the generated query the token is different:

User Load (0.4ms)  SELECT "users".* FROM "users" WHERE "users"."invitation_token" = 'cf6092da5ff99718b6400693527405a606b0672eb0c5f2ab4608c6964865f2e7' ORDER BY "users"."id" ASC LIMIT 1
Redirected to http://localhost:3000/
Filter chain halted as :resource_from_invitation_token rendered or redirected
Completed 302 Found in 7ms (ActiveRecord: 0.4ms)

The code seems to be in devise/invitations_controller:

def resource_from_invitation_token
    unless params[:invitation_token] && self.resource = resource_class.find_by_invitation_token(params[:invitation_token], true)
      set_flash_message(:alert, :invitation_token_invalid)
      redirect_to after_sign_out_path_for(resource_name)
    end
  end

I'm on Rails 4, devise 3.1.2, devise_invitable 1.3.1. Did I miss something in devise configuration? I commented the following line in devise.rb initialiser:

#config.token_authentication_key = :auth_token

Any idea? Thnx
@scambra
Copy link
Owner

scambra commented Nov 28, 2013

Did you write your own mail view? Devise 3.1 changed how token are persisted, now an encrypted token is persisted so mail view must use @token instead of resource.invitation_token.

@belgoros
Copy link
Author

Yes, here is what was in the mailer/invitation_instructions.html.haml view:

...
%p= link_to 'Accept invitation', accept_invitation_url(@resource, :invitation_token => @resource.invitation_token)

After changining it as follows:

%p= link_to 'Accept invitation', accept_invitation_url(@resource, :invitation_token => @token)

it worked as needed. THANKS a lot Sergio.

@kannans
Copy link

kannans commented Sep 1, 2015

@javix 💯

qmaruf added a commit to qmaruf/privly-web that referenced this issue Dec 25, 2015
@qmaruf
@esource.invitation_token is changed to @token as Devise 3.1 changed …
f5f9763 
…how token is persisted. Ref: scambra/devise_invitable#410
This was referenced Dec 25, 2015
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@scambra @belgoros @kannans