Commit b6a7c862 authored by jplang's avatar jplang

Redirect with token in session (#24416).

git-svn-id: e93f8b46-1217-0410-a6f0-8f06a7374b81
parent 51518ce8
...@@ -60,12 +60,20 @@ class AccountController < ApplicationController ...@@ -60,12 +60,20 @@ class AccountController < ApplicationController
# Lets user choose a new password # Lets user choose a new password
def lost_password def lost_password
(redirect_to(home_url); return) unless Setting.lost_password? (redirect_to(home_url); return) unless Setting.lost_password?
if params[:token] if prt = (params[:token] || session[:password_recovery_token])
@token = Token.find_token("recovery", params[:token].to_s) @token = Token.find_token("recovery", prt.to_s)
if @token.nil? || @token.expired? if @token.nil? || @token.expired?
redirect_to home_url redirect_to home_url
return return
end end
# redirect to remove the token query parameter from the URL and add it to the session
if request.query_parameters[:token].present?
session[:password_recovery_token] = @token.value
redirect_to lost_password_url
@user = @token.user @user = @token.user
unless @user && unless @user &&
redirect_to home_url redirect_to home_url
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment