From be2c2598c75180d18eb7b49f60894a11aee8836d Mon Sep 17 00:00:00 2001
From: Kyle Drake <kyle@kyledrake.net>
Date: Wed, 25 Jan 2017 20:45:00 -0800
Subject: [PATCH] Flush password reset token when email changes

---
 app/settings.rb                            | 1 +
 tests/acceptance/settings/account_tests.rb | 5 ++++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/app/settings.rb b/app/settings.rb
index 673b5fdb..2bccb8b6 100644
--- a/app/settings.rb
+++ b/app/settings.rb
@@ -213,6 +213,7 @@ post '/settings/change_email' do
   parent_site.email = params[:email]
   parent_site.email_confirmation_token = SecureRandom.hex 3
   parent_site.email_confirmed = false
+  parent_site.password_reset_token = nil
 
   if parent_site.valid?
     parent_site.save_changes
diff --git a/tests/acceptance/settings/account_tests.rb b/tests/acceptance/settings/account_tests.rb
index 0c57be7c..92257ce7 100644
--- a/tests/acceptance/settings/account_tests.rb
+++ b/tests/acceptance/settings/account_tests.rb
@@ -13,6 +13,8 @@ describe 'site/settings' do
     end
 
     it 'should change email' do
+      @site.password_reset_token = 'shouldgoaway'
+      @site.save
       @new_email = "#{SecureRandom.uuid.gsub('-', '')}@exampleedsdfdsf.com"
       fill_in 'email', with: @new_email
       click_button 'Change Email'
@@ -26,6 +28,7 @@ describe 'site/settings' do
 
       @site.reload
       @site.email.must_equal @new_email
+      @site.password_reset_token.must_equal nil
       EmailWorker.jobs.length.must_equal 1
       args = EmailWorker.jobs.first['args'].first
       args['to'].must_equal @new_email
@@ -149,4 +152,4 @@ describe 'site/settings' do
       @site.valid_password?('derpie2').must_equal false
     end
   end
-end
\ No newline at end of file
+end