| @@ -60,12 +60,20 class AccountController < ApplicationController | |||||
| 60 | # Lets user choose a new password |
|
60 | # Lets user choose a new password | |
| 61 | def lost_password |
|
61 | def lost_password | |
| 62 | (redirect_to(home_url); return) unless Setting.lost_password? |
|
62 | (redirect_to(home_url); return) unless Setting.lost_password? | |
| 63 | if params[:token] |
|
63 | if prt = (params[:token] || session[:password_recovery_token]) | |
| 64 |
@token = Token.find_token("recovery", p |
|
64 | @token = Token.find_token("recovery", prt.to_s) | |
| 65 | if @token.nil? || @token.expired? |
|
65 | if @token.nil? || @token.expired? | |
| 66 | redirect_to home_url |
|
66 | redirect_to home_url | |
| 67 | return |
|
67 | return | |
| 68 | end |
|
68 | end | |
|
|
69 | ||||
|
|
70 | # redirect to remove the token query parameter from the URL and add it to the session | |||
|
|
71 | if request.query_parameters[:token].present? | |||
|
|
72 | session[:password_recovery_token] = @token.value | |||
|
|
73 | redirect_to lost_password_url | |||
|
|
74 | return | |||
|
|
75 | end | |||
|
|
76 | ||||
| 69 | @user = @token.user |
|
77 | @user = @token.user | |
| 70 | unless @user && @user.active? |
|
78 | unless @user && @user.active? | |
| 71 | redirect_to home_url |
|
79 | redirect_to home_url | |
General Comments 0
You need to be logged in to leave comments.
Login now