Commit c68c2321 authored by Vinnie Okada's avatar Vinnie Okada

Redirect if password reset token is expired

Don't display the password editing form if the user's token is expired;
redirect to the form that allows users to request a new password reset
token.
parent 0bfab084
......@@ -36,4 +36,24 @@ class PasswordsController < Devise::PasswordsController
end
end
end
def edit
super
reset_password_token = Devise.token_generator.digest(
User,
:reset_password_token,
resource.reset_password_token
)
unless reset_password_token.nil?
user = User.where(
reset_password_token: reset_password_token
).first_or_initialize
unless user.reset_password_period_valid?
flash[:alert] = 'Your password reset token has expired.'
redirect_to(new_user_password_url)
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment