summaryrefslogtreecommitdiffstats
path: root/app/controllers
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers')
-rw-r--r--app/controllers/account_controller.rb12
1 files changed, 10 insertions, 2 deletions
diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb
index 504ca6013..10516bc8c 100644
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@@ -58,12 +58,20 @@ class AccountController < ApplicationController
# Lets user choose a new password
def lost_password
(redirect_to(home_url); return) unless Setting.lost_password?
- if params[:token]
- @token = Token.find_token("recovery", params[:token].to_s)
+ if prt = (params[:token] || session[:password_recovery_token])
+ @token = Token.find_token("recovery", prt.to_s)
if @token.nil? || @token.expired?
redirect_to home_url
return
end
+
+ # redirect to remove the token query parameter from the URL and add it to the session
+ if request.query_parameters[:token].present?
+ session[:password_recovery_token] = @token.value
+ redirect_to lost_password_url
+ return
+ end
+
@user = @token.user
unless @user && @user.active?
redirect_to home_url
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-10 23:40:26 +0000