How can users use there existing password when they request a password reset?

[vjwilson]

We have users (often non-technical) who fat-finger their password when logging in, then request a password reset, and try to enter a password which happens to be the same as their existing password.

Rather than give them the default message, "Password must be different to the current password!", we'd just like the system to allow them to "reset" their password to whatever they type in, even if it's their current password.

We've tried the following in devise.rb:

config.deny_old_passwords = false

but that by itself doesn't seem to work.

Our User model includes these Devise modules:

devise :invitable, :database_authenticatable, :registerable, :confirmable, :recoverable, :trackable, :timeoutable, :lockable, :secure_validatable

Is this possible, and if so, what else do we need to do?