Devise processes the password controller with the appropriate views to change the user password. In the application controller, you can override some development methods such as after_sign_up_path, after_sign_in_path, after_confirmation_path, etc. Using new_password_route, which, as I recall, is a router helper for changing the password, but not sure. I will think that you are sending mail with the generated password and a confirmation link. If not, then what you do is useless. Password generation, so the user must change that this is not true with respect to UX. Just ask the user with the desire to go at the beginning.
Good luck.