diff options
author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2017-01-29 10:42:58 +0000 |
---|---|---|
committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2017-01-29 10:42:58 +0000 |
commit | a170c3d93c955242908815bd7e5b013334befde4 (patch) | |
tree | 069bb00862718b4950a1519379f5dc9cb12ff0ad /app/controllers | |
parent | 83921f27d4aff8b24c3a3e4685b92196d3439424 (diff) | |
download | redmine-a170c3d93c955242908815bd7e5b013334befde4.tar.gz redmine-a170c3d93c955242908815bd7e5b013334befde4.zip |
Merged r16287 to r16289 (#24416).
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@16299 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app/controllers')
-rw-r--r-- | app/controllers/account_controller.rb | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb index 504ca6013..10516bc8c 100644 --- a/app/controllers/account_controller.rb +++ b/app/controllers/account_controller.rb @@ -58,12 +58,20 @@ class AccountController < ApplicationController # Lets user choose a new password def lost_password (redirect_to(home_url); return) unless Setting.lost_password? - if params[:token] - @token = Token.find_token("recovery", params[:token].to_s) + if prt = (params[:token] || session[:password_recovery_token]) + @token = Token.find_token("recovery", prt.to_s) if @token.nil? || @token.expired? redirect_to home_url return end + + # redirect to remove the token query parameter from the URL and add it to the session + if request.query_parameters[:token].present? + session[:password_recovery_token] = @token.value + redirect_to lost_password_url + return + end + @user = @token.user unless @user && @user.active? redirect_to home_url |