From 57afaf9d92eb7d34d51d89ba7af350531f2e0fde Mon Sep 17 00:00:00 2001
From: Robert Speicher <rspeicher@gmail.com>
Date: Wed, 8 Apr 2015 14:26:04 -0400
Subject: Upon successful login, clear `reset_password_token` field

Closes #1942
---
 app/controllers/sessions_controller.rb | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'app/controllers')

diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 7b6982c5074..3f11d7afe6f 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -26,6 +26,12 @@ class SessionsController < Devise::SessionsController
   end
 
   def create
-    super
+    super do |resource|
+      # User has successfully signed in, so clear any unused reset tokens
+      if resource.reset_password_token.present?
+        resource.update_attributes(reset_password_token: nil,
+                                   reset_password_sent_at: nil)
+      end
+    end
   end
 end
-- 
cgit v1.2.3