diff options
author | Vinnie Okada <vokada@mrvinn.com> | 2015-05-13 20:29:15 -0600 |
---|---|---|
committer | Vinnie Okada <vokada@mrvinn.com> | 2015-05-16 14:03:18 -0600 |
commit | c68c23210bdf9f0d7212fa55e7bef71ac0f87bcf (patch) | |
tree | afcf9557fe7c629f588d91d55b2e0685236726b1 /app/controllers | |
parent | 0bfab084a811d7dad1f1929ee7b5c2bc59015173 (diff) | |
download | gitlab-ce-c68c23210bdf9f0d7212fa55e7bef71ac0f87bcf.tar.gz |
Redirect if password reset token is expired
Don't display the password editing form if the user's token is expired;
redirect to the form that allows users to request a new password reset
token.
Diffstat (limited to 'app/controllers')
-rw-r--r-- | app/controllers/passwords_controller.rb | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/app/controllers/passwords_controller.rb b/app/controllers/passwords_controller.rb index 88459d4080a..fbb9d371a79 100644 --- a/app/controllers/passwords_controller.rb +++ b/app/controllers/passwords_controller.rb @@ -36,4 +36,24 @@ class PasswordsController < Devise::PasswordsController end end end + + def edit + super + reset_password_token = Devise.token_generator.digest( + User, + :reset_password_token, + resource.reset_password_token + ) + + unless reset_password_token.nil? + user = User.where( + reset_password_token: reset_password_token + ).first_or_initialize + + unless user.reset_password_period_valid? + flash[:alert] = 'Your password reset token has expired.' + redirect_to(new_user_password_url) + end + end + end end |