Delete any outstanding tokens when a user changes their email

[rails.git] / app / controllers / users_controller.rb

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index b3596b376634d84341046ad304d56b550f48b57a..e5a57f47ef85439262c727db842570ede3d6a2b6 100644 (file)
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -146,11 +146,11 @@ class UsersController < ApplicationController
   def lost_password
     @title = t "users.lost_password.title"
 
-    if params[:user] && params[:user][:email]
-      user = User.visible.find_by(:email => params[:user][:email])
+    if params[:email]
+      user = User.visible.find_by(:email => params[:email])
 
       if user.nil?
-        users = User.visible.where("LOWER(email) = LOWER(?)", params[:user][:email])
+        users = User.visible.where("LOWER(email) = LOWER(?)", params[:email])
 
         user = users.first if users.count == 1
       end
@@ -366,7 +366,7 @@ class UsersController < ApplicationController
         else
           flash[:errors] = current_user.errors
         end
-        token.destroy
+        current_user.tokens.delete_all
         session[:user] = current_user.id
         redirect_to :action => "account", :display_name => current_user.display_name
       elsif token