I'm trying to use devise's reset_password_token to force users to change their password when they log in for the first time, using what I read here: Rails Devise: Set password reset token and redirect user
I get as far as a page loading that says "set your password", but every time I hit submit, there's a notice that says that the reset_password_token has expired and to request a new one. I've tried setting reset_password_token to a variable instead of accessing via the user object (@user.reset_password_token), in case expiration is calculated by if that token was accessed, but it still says it's expired when I try to set my initial password. I'm not sure how expiration is calculated, anybody have an idea?
Found the answer!
When a reset_password_token is generated, @user.reset_password_sent_at
needs to be set to Time.now, or else when devise runs
to find out if the reset token is
still valid, it will get nil and assume the token has expired.