How to get reset_password working with rails-api app using devise_auth_token gem

I created a new rails-api app integrated with devise_auth_token. At the moment registration forgot password is working. But cant get reset password to work.

The confirmation url sent by mail gives success: false response.

Below is the confirmation url

http: // localhost: 3000 / auth / password / edit? config = default & redirect_url = foo & reset_password_token = P2a62x8mS9yP9ukeTSZ-

Here is the server log reset email

GET started "/ auth / password / edit? Config = default & redirect_url = foo & reset_password_token = [FILTERED]" for :: 1 at 2015-09-24 14:41:21 +0530 Processing DeviseTokenAuth :: PasswordsController # edit as /
Parameters: {"config" => "default", "redirect_url" => "foo", "reset_password_token" => "[FILTERED]"} Not listed parameters: config, redirect_url User Load (0.2ms) SELECT users

. * FROM users

WHERE users

. reset_password_token

= '0b3dfdf3a80dce289df8c2cb16c528614b302534264e85e747c4f6b51583da15' ORDER BY users

. id

ASC LIMIT 1 Completed 404 Not found in 5ms (Views: 0.3ms | ActiveRecord: 0.2ms)

Here is a confirmation email that is sent with a password reset.

Started POST "/auth/password?email=user@user.com&redirect_url=foo" for ::1 at 2015-09-24 14:04:05 +0530 Processing by

      

        
        
        
      

    

DeviseTokenAuth :: PasswordsController # create as / Parameters: {"email" => " user@user.com ", "redirect_url" => "foo"} Unexpected parameter: redirect_url Parameter unpermitted: redirect_url User Loading (66.5 ms) SELECT users

... * FROM users

WHERE (BINARY uid = ' user@user.com ' AND ISP = 'email') ORDER BY users

. id

ASC LIMIT 1 User Load (9.8ms) SELECT users

. * FROM users

WHERE users

. reset_password_token

= '0b3dfdf3a80dce289df8c2cb16c528614b302534264e85e747c4f6b51583da15' ORDER BY users

. id

ASC LIMIT 1 (0.1ms) BEGIN SQL (17.7ms) UPDATE users

SET reset_password_token

= '0b3dfdf3a80dce289df8c2cb16c528614b302534264e85e747c4f6b51583da15', reset_password_sent_at

= '2015-09-24 08:34:05 ',updated_at

= '2015-09-24 08:34:05' WHERE users

. id

= 6 (63.9ms) COMMIT
Posted /home/anjan/.rvm/gems/ruby-2.2.3/gems/devise_token_auth-0.1.34/app/views/devise/mailer/reset_password_instructions.html.erb(16.2ms)

Devise :: Mailer # reset_password_instructions: Processed outgoing mail in 424.3ms

Sent email to user@user.com (64.4ms) Date: Thu, 24 Sep 2015 14:04:06 +0530 From: account@qzick.com Reply to: account@qzick.com To: user@user.com Message ID : < 5603b57e80ae0_1cb520cceb4374ed@anjanbetsy.mail > Subject: Reset password instructions Mime-Version: 1.0 Content-Type: text / html; charset = UTF-8 Content-Transfer-Encoding: 7bit email: user@user.com provider: email address redirect-url: foo client-config: default

Hello user@user.com !

Someone has requested a link to change your password. You can do this via the link below.

Change my password

If you have not requested this, please ignore this email.

the password won't change until you go to the link above and create a new one.

Completed 200 OK in 979ms (Views: 0.6ms | ActiveRecord: 158.1ms)

The guys will appreciate this help. Even if this is a problem, the token sent by mail is different from the one that was generated.? it means that it is.

Below is my user model.

{ "Marker" => "$ 2a $ 10 $ l766Mu / s8IUIHi9r3sz40ODQk2R.YDo283JQ.82Lijb3fjJ5Unqgq", "expiration" => 1444283710}, "H2Cqp2kIt56BYikqXp1HgA" => { "marker" => "$ 2a $ 10 $ upMCA8ZKLXvq9VjVaz2Vp.sZu7zr2lSTCFrxWnBmg4wC2gQrW9sIW", " expiry "=> 1444293849}}, created_at:" 2015-09-24 05:55:10 ", updated_at:" 2015-09-24 08:44:09 ">

Here is my user model file below

class User < ActiveRecord::Base
  # Include default devise modules.
  devise :database_authenticatable, :registerable,
          :recoverable, :rememberable, :trackable, :validatable,
          :omniauthable
  include DeviseTokenAuth::Concerns::User
  #Deleted ":confirmable," from above
end

      

        
        
        
      

    

Below is my diagram.

ActiveRecord::Schema.define(version: 20150921074353) do

  create_table "users", force: :cascade do |t|
    t.string   "provider",               limit: 255,   default: "email", null: false
    t.string   "uid",                    limit: 255,   default: "",      null: false
    t.string   "encrypted_password",     limit: 255,   default: "",      null: false
    t.string   "reset_password_token",   limit: 255
    t.datetime "reset_password_sent_at"
    t.datetime "remember_created_at"
    t.integer  "sign_in_count",          limit: 4,     default: 0,       null: false
    t.datetime "current_sign_in_at"
    t.datetime "last_sign_in_at"
    t.string   "current_sign_in_ip",     limit: 255
    t.string   "last_sign_in_ip",        limit: 255
    t.string   "confirmation_token",     limit: 255
    t.datetime "confirmed_at"
    t.datetime "confirmation_sent_at"
    t.string   "unconfirmed_email",      limit: 255
    t.string   "name",                   limit: 255
    t.string   "nickname",               limit: 255
    t.string   "image",                  limit: 255
    t.string   "email",                  limit: 255
    t.text     "tokens",                 limit: 65535
    t.datetime "created_at"
    t.datetime "updated_at"
  end

  add_index "users", ["email"], name: "index_users_on_email", using: :btree
  add_index "users", ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true, using: :btree
  add_index "users", ["uid", "provider"], name: "index_users_on_uid_and_provider", unique: true, using: :btree

end

      

        
        
        
      

    

My PasswordController file looks like this:

class PasswordController < ApplicationController
  config.action_controller.action_on_unpermitted_parameters = :log
end