Also reset password token on email change

lib/devise/models/recoverable.rb

@@ -31,7 +31,11 @@ module Devise
       end
 
       included do
-        before_update :clear_reset_password_token, if: :encrypted_password_changed?
+        before_save do
+          if email_changed? || encrypted_password_changed?
+            clear_reset_password_token
+          end
+        end
       end
 
       # Update password saving the record and clearing token. Returns true if

test/models/recoverable_test.rb

@@ -54,6 +54,17 @@ class RecoverableTest < ActiveSupport::TestCase
     assert_nil user.reset_password_token
   end
 
+  test 'should clear reset password token if changing email' do
+    user = create_user
+    assert_nil user.reset_password_token
+
+    user.send_reset_password_instructions
+    assert_present user.reset_password_token
+    user.email = "another@example.com"
+    user.save!
+    assert_nil user.reset_password_token
+  end
+
   test 'should not clear reset password token if record is invalid' do
     user = create_user
     user.send_reset_password_instructions