Skip to content
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions src/Routers/UsersRouter.js
Original file line number Diff line number Diff line change
Expand Up @@ -578,6 +578,12 @@ export class UsersRouter extends ClassesRouter {

// We can find the user using token
if (token) {
// Match only EXPIRED tokens (`$lt` now) on purpose. This branch powers the
// "resend password reset email" flow: when a reset link has expired, PagesRouter
// preserves the expired token on the link-expired page, and the user resends from
// it to get a fresh token + email. A still-valid token needs no resend. Do NOT
// change `$lt` to `$gt` — that breaks this flow and the
// 'can resend email using an expired reset password token' spec. (#9935)
userResults = await req.config.database.find('_User', {
_perishable_token: token,
_perishable_token_expires_at: { $lt: Parse._encode(new Date()) },
Expand Down
Loading