Upon successful login, clear `reset_password_token` field

Closes #1942

1 files changed, 7 insertions, 1 deletions

diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 7b6982c5074..3f11d7afe6f 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -26,6 +26,12 @@ class SessionsController < Devise::SessionsController
   end
 
   def create
-    super
+    super do |resource|
+      # User has successfully signed in, so clear any unused reset tokens
+      if resource.reset_password_token.present?
+        resource.update_attributes(reset_password_token: nil,
+                                   reset_password_sent_at: nil)
+      end
+    end
   end
 end