summaryrefslogtreecommitdiff
path: root/app/controllers
diff options
context:
space:
mode:
authorVinnie Okada <vokada@mrvinn.com>2015-05-13 20:29:15 -0600
committerVinnie Okada <vokada@mrvinn.com>2015-05-16 14:03:18 -0600
commitc68c23210bdf9f0d7212fa55e7bef71ac0f87bcf (patch)
treeafcf9557fe7c629f588d91d55b2e0685236726b1 /app/controllers
parent0bfab084a811d7dad1f1929ee7b5c2bc59015173 (diff)
downloadgitlab-ce-c68c23210bdf9f0d7212fa55e7bef71ac0f87bcf.tar.gz
Redirect if password reset token is expired
Don't display the password editing form if the user's token is expired; redirect to the form that allows users to request a new password reset token.
Diffstat (limited to 'app/controllers')
-rw-r--r--app/controllers/passwords_controller.rb20
1 files changed, 20 insertions, 0 deletions
diff --git a/app/controllers/passwords_controller.rb b/app/controllers/passwords_controller.rb
index 88459d4080a..fbb9d371a79 100644
--- a/app/controllers/passwords_controller.rb
+++ b/app/controllers/passwords_controller.rb
@@ -36,4 +36,24 @@ class PasswordsController < Devise::PasswordsController
end
end
end
+
+ def edit
+ super
+ reset_password_token = Devise.token_generator.digest(
+ User,
+ :reset_password_token,
+ resource.reset_password_token
+ )
+
+ unless reset_password_token.nil?
+ user = User.where(
+ reset_password_token: reset_password_token
+ ).first_or_initialize
+
+ unless user.reset_password_period_valid?
+ flash[:alert] = 'Your password reset token has expired.'
+ redirect_to(new_user_password_url)
+ end
+ end
+ end
end