Redirect if password reset token is expired
Don't display the password editing form if the user's token is expired; redirect to the form that allows users to request a new password reset token.
This commit is contained in:
parent
0bfab084a8
commit
c68c23210b
|
@ -36,4 +36,24 @@ class PasswordsController < Devise::PasswordsController
|
|||
end
|
||||
end
|
||||
end
|
||||
|
||||
def edit
|
||||
super
|
||||
reset_password_token = Devise.token_generator.digest(
|
||||
User,
|
||||
:reset_password_token,
|
||||
resource.reset_password_token
|
||||
)
|
||||
|
||||
unless reset_password_token.nil?
|
||||
user = User.where(
|
||||
reset_password_token: reset_password_token
|
||||
).first_or_initialize
|
||||
|
||||
unless user.reset_password_period_valid?
|
||||
flash[:alert] = 'Your password reset token has expired.'
|
||||
redirect_to(new_user_password_url)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue