Redirect to PasswordController#new when reset_password_token is invalid (#4506)

author: nullkal <nullkal@users.noreply.github.com> 2017-08-04 00:45:45 +0900
committer: Eugen Rochko <eugen@zeonfederated.com> 2017-08-03 17:45:45 +0200
commit: dfcd2834f9589bda573eb133057588f351f570b5 (patch)
tree: bb6515cc278cab6e00ca9a607eebedee1a47e57e /app
parent: 09e86ef90b1e220bca54b5b3cb270d7672237c13 (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/app/controllers/auth/passwords_controller.rb b/app/controllers/auth/passwords_controller.rb
index 54ee1c39c..171b997dc 100644
--- a/app/controllers/auth/passwords_controller.rb
+++ b/app/controllers/auth/passwords_controller.rb
@@ -1,5 +1,20 @@
 # frozen_string_literal: true
 
 class Auth::PasswordsController < Devise::PasswordsController
+  before_action :check_validity_of_reset_password_token, only: :edit
+
   layout 'auth'
+
+  private
+
+  def check_validity_of_reset_password_token
+    unless reset_password_token_is_valid?
+      flash[:error] = I18n.t('auth.invalid_reset_password_token')
+      redirect_to new_password_path(resource_name)
+    end
+  end
+
+  def reset_password_token_is_valid?
+    resource_class.with_reset_password_token(params[:reset_password_token]).present?
+  end
 end
author	nullkal <nullkal@users.noreply.github.com>	2017-08-04 00:45:45 +0900
committer	Eugen Rochko <eugen@zeonfederated.com>	2017-08-03 17:45:45 +0200
commit	dfcd2834f9589bda573eb133057588f351f570b5 (patch)
tree	bb6515cc278cab6e00ca9a607eebedee1a47e57e /app
parent	09e86ef90b1e220bca54b5b3cb270d7672237c13 (diff)