From 299da42ec0a55d8db76938769df55c0b8d51c755 Mon Sep 17 00:00:00 2001
From: Zachary Carter <zack.carter@gmail.com>
Date: Fri, 20 Jul 2012 12:50:27 -0700
Subject: [PATCH] fix regression with original patch for initiating/verifying
 forgotten password in same browser

---
 lib/wsapi/email_for_token.js | 2 +-
 tests/forgotten-pass-test.js | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/wsapi/email_for_token.js b/lib/wsapi/email_for_token.js
index 4b3c837fb..05bf4e2e4 100644
--- a/lib/wsapi/email_for_token.js
+++ b/lib/wsapi/email_for_token.js
@@ -46,7 +46,7 @@ exports.process = function(req, res) {
       // browser as the initiator
       var must_auth = true;
 
-      if (uid && req.session.userid === uid &&
+      if (((uid && req.session.userid === uid) || !req.session.userid) &&
                typeof req.session.pendingReset === 'string' &&
                req.params.token === req.session.pendingReset) {
         must_auth = false;
diff --git a/tests/forgotten-pass-test.js b/tests/forgotten-pass-test.js
index e4e2407e8..b13b5ddc1 100755
--- a/tests/forgotten-pass-test.js
+++ b/tests/forgotten-pass-test.js
@@ -232,6 +232,7 @@ suite.addBatch({
       assert.equal(r.code, 200);
       var body = JSON.parse(r.body);
       assert.strictEqual(body.success, true);
+      assert.strictEqual(body.must_auth, false);
     }
   }
 });
-- 
GitLab