Commit b6a7c862 authored by jplang's avatar jplang

Redirect with token in session (#24416).

git-svn-id: https://svn.redmine.org/redmine/trunk@16287 e93f8b46-1217-0410-a6f0-8f06a7374b81
parent 51518ce8
......@@ -60,12 +60,20 @@ class AccountController < ApplicationController
# Lets user choose a new password
def lost_password
(redirect_to(home_url); return) unless Setting.lost_password?
if params[:token]
@token = Token.find_token("recovery", params[:token].to_s)
if prt = (params[:token] || session[:password_recovery_token])
@token = Token.find_token("recovery", prt.to_s)
if @token.nil? || @token.expired?
redirect_to home_url
return
end
# redirect to remove the token query parameter from the URL and add it to the session
if request.query_parameters[:token].present?
session[:password_recovery_token] = @token.value
redirect_to lost_password_url
return
end
@user = @token.user
unless @user && @user.active?
redirect_to home_url
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment