Merge remote-tracking branch 'upstream/pull/5208'

[rails.git] / app / controllers / passwords_controller.rb

diff --git a/app/controllers/passwords_controller.rb b/app/controllers/passwords_controller.rb
index 8025fd700977d35f82ba267c2dd9136dee2d80a4..26b21b6d9180e0f1737ab7b9afe5a03b01f40153 100644 (file)
--- a/app/controllers/passwords_controller.rb
+++ b/app/controllers/passwords_controller.rb
@@ -19,8 +19,7 @@ class PasswordsController < ApplicationController
     @title = t ".title"
 
     if params[:token]
-      self.current_user = User.find_by_token_for(:password_reset, params[:token]) ||
-                          UserToken.unexpired.find_by(:token => params[:token])&.user
+      self.current_user = User.find_by_token_for(:password_reset, params[:token])
 
       if current_user.nil?
         flash[:error] = t ".flash token bad"
@@ -43,18 +42,15 @@ class PasswordsController < ApplicationController
     if user
       token = user.generate_token_for(:password_reset)
       UserMailer.lost_password(user, token).deliver_later
-      flash[:notice] = t ".notice email on way"
-      redirect_to login_path
-    else
-      flash.now[:error] = t ".notice email cannot find"
-      render :new
     end
+
+    flash[:notice] = t ".send_paranoid_instructions"
+    redirect_to login_path
   end
 
   def update
     if params[:token]
-      self.current_user = User.find_by_token_for(:password_reset, params[:token]) ||
-                          UserToken.unexpired.find_by(:token => params[:token])&.user
+      self.current_user = User.find_by_token_for(:password_reset, params[:token])
 
       if current_user
         if params[:user]
@@ -64,7 +60,6 @@ class PasswordsController < ApplicationController
           current_user.email_valid = true
 
           if current_user.save
-            UserToken.delete_by(:token => params[:token])
             session[:fingerprint] = current_user.fingerprint
             flash[:notice] = t ".flash changed"
             successful_login(current_user)