Does this skill require external gems like Devise?

No, it utilizes the native password reset token features introduced in Rails 8, making your application lighter and easier to maintain.

How long are the reset tokens valid for by default?

Tokens are valid for 15 minutes by default, but this can be customized via the password_reset_token_in configuration in your initializers.

How does this skill prevent hackers from finding valid user emails?

The implementation follows the principle of not revealing user existence by showing the same success message regardless of whether the email exists in the database.

Is the token invalidated after a single use?

Yes, the flow is designed so that once the password is successfully updated, the token is effectively invalidated for further use.

Rails 8 Password Reset Flow

Name: Rails 8 Password Reset Flow
Author: rbarazi

byrbarazi

0•

セキュリティとテスト

Implements secure, gem-free password recovery workflows using Rails 8's native token generation features.

This skill provides a comprehensive pattern for implementing a secure 'forgot password' flow in Ruby on Rails 8 applications without relying on external gems. It leverages Rails 8's built-in signed token generation and has_secure_password to create time-limited, single-use recovery links. The implementation follows industry-standard security best practices, including protecting user privacy by avoiding user enumeration, enforcing cryptographically secure signatures, and providing integrated mailers and controllers for a production-ready authentication experience.

主な機能

01Native Rails 8 token generation with built-in has_secure_password support

02Privacy-focused design that prevents user enumeration via unified flash messages

03Automated 15-minute token expiration with customizable timeout settings

04Complete boilerplate for controllers, mailers, and internationalized views

05Security-hardened patterns including single-use tokens and signed signatures

060 GitHub stars

ユースケース

01Adding a 'Forgot Password' feature to a new or existing Rails 8 application

02Migrating from heavy authentication gems to a lightweight, native Rails implementation

03Implementing secure, time-sensitive account recovery for production environments

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add rbarazi/agent-skills password-reset-flow

For use in Claude.ai and ChatGPT

主な機能

01Native Rails 8 token generation with built-in has_secure_password support

02Privacy-focused design that prevents user enumeration via unified flash messages

03Automated 15-minute token expiration with customizable timeout settings

04Complete boilerplate for controllers, mailers, and internationalized views

05Security-hardened patterns including single-use tokens and signed signatures

060 GitHub stars

ユースケース

01Adding a 'Forgot Password' feature to a new or existing Rails 8 application

02Migrating from heavy authentication gems to a lightweight, native Rails implementation

03Implementing secure, time-sensitive account recovery for production environments

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add rbarazi/agent-skills password-reset-flow

For use in Claude.ai and ChatGPT