One of the users of one of a sort of SaaS I look after on the side reached out saying they couldn't reset the password.
Apparently, they did not receive the reset password email; it wasn't even in their spam folder.
The simplest thing to do was to generate a new reset password link and send it to them directly.
I use Ruby on Rails for my backend, with as little custom logic as possible. Naturally, the authentication layer is taken care of by devise.
To manually generate a reset password link using devise, the first step is to log in your server and launch the Rails console.
bundle exec rails c
Once in there, ask devise for a new reset password token. The call returns two values. The first is the raw token to use in the reset password URL query string, and the second is a hashed version of the token.
raw, hashed = Devise.token_generator.generate(User, :reset_password_token)
For the reset password to work, you need to associate the token to the user that will use it.
user = User.find_by(email: 'firstname.lastname@example.org') user.reset_password_token = hashed user.reset_password_sent_at = Time.now.utc user.save
Finally, you can share the URL. Unless you have customized your routes, it'll look like this:
Full credits for these steps to this StackOverflow answer.