Custom password recovery Devise

Question 1

My solution was based on @Alex answer. I did a custom password reset view.

When dealing with password requirement on devise model, there are two (or more) options:

First, we can override the devise password requirement method. This would save a model object without password:

def email_required?
  false
end

Or we can set a simple token after the object creation:

if athlete.new_record?
  generated_password = Devise.friendly_token[0,20]
  athlete.password = generated_password
  athlete.password_confirmation = generated_password
  athlete.skip_confirmation!
end

Optionally, put the behavior above on model:

  def reset_password!(new_password, new_password_confirmation)
    self.password = new_password
    self.password_confirmation = new_password_confirmation
    save
  end

Briefly, that was the solution, including a view with birthday, password and password confirmation, validating the data on controller and overriding the password.

Question 2

Well, if the person is logged in you could just call the relevant method in this model (on User) to recover the password. I guess you'd need to create a view that then validate a request to reset the password based on those values in the controller and then called the correct method based on the current_user. My guess is you need the send_reset_password_instructions method from this file.

A simple form on a view should do it; if the values match (i.e. if you are able to validate the User based on the document number and birthdate from the POST compared to the expected values on the User called from the database), then call the method and send the reset email.

If you do not have an email address for the user (as I suspect perhaps from your question), then you could (in the controller) instead of calling the above method to send an email, instead call the reset_password! method, passing in their form input for new desired password, and that would change it.

EDIT: This link might also be of some use.