gistfile1.rb

class ResetPasswordController < ApplicationController
  skip_before_filter :login_required
  
  def show
    user = User.find_by_reset_password_code(params[:id])
    self.current_user = user if user && user.reset_password_code_until && Time.now < user.reset_password_code_until 
    redirect_to logged_in? ? "/users/#{user.id}/edit" : "/login"    
  end
end

gistfile2.rb

class ForgottenPasswordsController < ApplicationController
  skip_before_filter :login_required
    
  def index
  end
  
  def create
    @user = User.find_by_email(params[:user][:email])
    if @user
      @user.reset_password_code_until = 1.day.from_now
      @user.reset_password_code =  Digest::SHA1.hexdigest( "#{@user.email}#{Time.now.to_s.split(//).sort_by {rand}.join}" )
      @user.save!
      UserNotifier.deliver_forgot_password(@user)
      respond_to do |format|
        format.html
        format.xml  { render :xml => "<errors><info>Reset Password link emailed to #{@user.email}.</info></errors>" }
      end
    else
      respond_to do |format|
        format.html { 
          flash[:notice] = "User not found!" 
          redirect_to forgotten_passwords_url
        }
        format.xml { render :xml => "<errors><error>User not found: #{params[:email]}</error></errors>" }
      end
    end
  end
end