has_secure_password :recovery_password

app/controllers/users_controller.rb

@@ -24,10 +24,10 @@ class UsersController < ApplicationController
 
   def recover_password
     user = User.find(params[:user_id])
-    if user.password_recovery_code == params[:recovery_code]
+    if user.authenticate_recovery_password(params[:recovery_code])
       user.password = params[:password]
       user.password_confirmation = params[:repeated_password]
-      user.password_recovery_code = nil
+      user.recovery_password_digest = nil
       if user.save
         redirect_to '/welcome'
       end

app/mailers/user_mailer.rb

@@ -1,9 +1,10 @@
 class UserMailer < ApplicationMailer
   def password_recovery
     @user = params[:user]
-    recovery_code = ('a'..'z').to_a.shuffle[0,8].join
-    @user.update(password_recovery_code: recovery_code)
-    @url  = "http://localhost:18210/password_recovery/#{@user.id}/#{recovery_code}"
+    recovery_password = ('a'..'z').to_a.shuffle[0,8].join
+    @user.recovery_password = recovery_password
+    @user.save
+    @url  = "http://localhost:18210/password_recovery/#{@user.id}/#{recovery_password}"
     mail(to: @user.email, subject: 'Password recovery')
   end
 end

app/models/user.rb

@@ -1,3 +1,4 @@
 class User < ApplicationRecord
   has_secure_password
+  has_secure_password :recovery_password, validations: false
 end