Ruby-on-rails – Devise: edit_password_url in password reset email is sending users to url/api/v1/

deviseruby-on-rails

I have my rails app and Devise set up to use a JSON API to do user registration and login. A side effect is that edit_password_url in the password reset email is accidentally sending users to:

 http://localhost:3000/api/v1/password/edit?reset_password_token=ZzyPCgmspN2964ENUkSS 

when it shouldn't have api/v1/, and should send them to:

http://localhost:3000/password/edit?reset_password_token=ZzyPCgmspN2964ENUkSS

I've been looking, but can't figure out where to fix this.

I've created the following:

Api::V1::SessionsController < Devise::SessionsController 

and

Api::V1::RegistrationsController < RegistrationsController

I have a regular RegistrationsController that inherits from devise, but not a regular SessionsController, so I just inherit straight from devise there.

Thanks for the help!

EDIT:

routes.rb

namespace :api, defaults: {format: 'json'} do
    namespace :v1 do
      resources :users
      devise_for :users, :path => '', path_names: {sign_in: "login", sign_out: "logout"},
                                      controllers: {  omniauth_callbacks: "authentications", registrations: "registrations"}
    end
  end

devise_for :users, :path => '', path_names: {sign_in: "login", sign_out: "logout"},
                                  controllers: {  omniauth_callbacks: "authentications", registrations: "registrations"}

  resources :users

EDIT 2: rake routes output

        new_api_v1_user_session GET      /api/v1/login(.:format)                                    api/v1/sessions#new {:format=>"json"}
            api_v1_user_session POST     /api/v1/login(.:format)                                    api/v1/sessions#create {:format=>"json"}
    destroy_api_v1_user_session DELETE   /api/v1/logout(.:format)                                   api/v1/sessions#destroy {:format=>"json"}
 api_v1_user_omniauth_authorize GET|POST /auth/:provider(.:format)                                  authentications#passthru {:provider=>/twitter|facebook/, :format=>"json"}
  api_v1_user_omniauth_callback GET|POST /auth/:action/callback(.:format)                           authentications#(?-mix:twitter|facebook) {:format=>"json"}
           api_v1_user_password POST     /api/v1/password(.:format)                                 api/v1/passwords#create {:format=>"json"}
       new_api_v1_user_password GET      /api/v1/password/new(.:format)                             api/v1/passwords#new {:format=>"json"}
      edit_api_v1_user_password GET      /api/v1/password/edit(.:format)                            api/v1/passwords#edit {:format=>"json"}
                                PUT      /api/v1/password(.:format)                                 api/v1/passwords#update {:format=>"json"}
cancel_api_v1_user_registration GET      /api/v1/cancel(.:format)                                   registrations#cancel {:format=>"json"}
       api_v1_user_registration POST     /api/v1(.:format)                                          registrations#create {:format=>"json"}
   new_api_v1_user_registration GET      /api/v1/sign_up(.:format)                                  registrations#new {:format=>"json"}
  edit_api_v1_user_registration GET      /api/v1/edit(.:format)                                     registrations#edit {:format=>"json"}
                                PUT      /api/v1(.:format)                                          registrations#update {:format=>"json"}
                                DELETE   /api/v1(.:format)                                          registrations#destroy {:format=>"json"}
                       sessions GET      /sessions(.:format)                                        sessions#index
                                POST     /sessions(.:format)                                        sessions#create
                    new_session GET      /sessions/new(.:format)                                    sessions#new
                   edit_session GET      /sessions/:id/edit(.:format)                               sessions#edit
                        session GET      /sessions/:id(.:format)                                    sessions#show
                                PUT      /sessions/:id(.:format)                                    sessions#update
                                DELETE   /sessions/:id(.:format)                                    sessions#destroy
                authentications GET      /authentications(.:format)                                 authentications#index
                                POST     /authentications(.:format)                                 authentications#create
             new_authentication GET      /authentications/new(.:format)                             authentications#new
            edit_authentication GET      /authentications/:id/edit(.:format)                        authentications#edit
                 authentication GET      /authentications/:id(.:format)                             authentications#show
                                PUT      /authentications/:id(.:format)                             authentications#update
                                DELETE   /authentications/:id(.:format)                             authentications#destroy

               new_user_session GET      /login(.:format)                                           devise/sessions#new
                   user_session POST     /login(.:format)                                           devise/sessions#create
           destroy_user_session DELETE   /logout(.:format)                                          devise/sessions#destroy
        user_omniauth_authorize GET|POST /auth/:provider(.:format)                                  authentications#passthru {:provider=>/twitter|facebook/}
         user_omniauth_callback GET|POST /auth/:action/callback(.:format)                           authentications#(?-mix:twitter|facebook)
                  user_password POST     /password(.:format)                                        devise/passwords#create
              new_user_password GET      /password/new(.:format)                                    devise/passwords#new
             edit_user_password GET      /password/edit(.:format)                                   devise/passwords#edit
                                PUT      /password(.:format)                                        devise/passwords#update
       cancel_user_registration GET      /cancel(.:format)                                          registrations#cancel
              user_registration POST     /                                                          registrations#create
          new_user_registration GET      /sign_up(.:format)                                         registrations#new
         edit_user_registration GET      /edit(.:format)                                            registrations#edit
                                PUT      /                                                          registrations#update
                                DELETE   /                                                          registrations#destroy

EDIT 3:

So I've been testing some thing out, and in the devise email template, the path edit_password_url is there, and works to generate the above wrong url, but when I do rake routes, only edit_user_password_url exists.

Best Answer

Looking at the Devise Controller URL Helpers doc (found here), I would've used:

edit_password_path(:user) which translates to edit_user_password_path. path seems to be interchangeable with url.

I'm not 100% certain but this line defines a method called edit_password_path whereas this line creates a route in the Devise context...

Related Topic