Merge pull request #4550 from tomhughes/drop-user-tokens

Drop user tokens table

diff --combined app/controllers/passwords_controller.rb
index 25b2b96075bb2d24e79a8e21f4170a2e89756a65,a70883edace23c3899d4da7322f6af8290874260..26b21b6d9180e0f1737ab7b9afe5a03b01f40153
--- 1/app/controllers/passwords_controller.rb
--- 2/app/controllers/passwords_controller.rb
+++ b/app/controllers/passwords_controller.rb
@@@ -19,8 -19,7 +19,7 @@@ class PasswordsController < Application
      @title = t ".title"
  
      if params[:token]
-       self.current_user = User.find_by_token_for(:password_reset, params[:token]) ||
-                           UserToken.unexpired.find_by(:token => params[:token])&.user
+       self.current_user = User.find_by_token_for(:password_reset, params[:token])
  
        if current_user.nil?
          flash[:error] = t ".flash token bad"
@@@ -43,16 -42,17 +42,15 @@@
      if user
        token = user.generate_token_for(:password_reset)
        UserMailer.lost_password(user, token).deliver_later
 -      flash[:notice] = t ".notice email on way"
 -      redirect_to login_path
 -    else
 -      flash.now[:error] = t ".notice email cannot find"
 -      render :new
      end
 +
 +    flash[:notice] = t ".send_paranoid_instructions"
 +    redirect_to login_path
    end
  
    def update
      if params[:token]
-       self.current_user = User.find_by_token_for(:password_reset, params[:token]) ||
-                           UserToken.unexpired.find_by(:token => params[:token])&.user
+       self.current_user = User.find_by_token_for(:password_reset, params[:token])
  
        if current_user
          if params[:user]
@@@ -62,7 -62,6 +60,6 @@@
            current_user.email_valid = true
  
            if current_user.save
-             UserToken.delete_by(:token => params[:token])
              session[:fingerprint] = current_user.fingerprint
              flash[:notice] = t ".flash changed"
              successful_login(current_user)