lib/generators/authentication/templates/controllers/api/password_resets_controller.rb.tt in authentication-zero-2.1.1 vs lib/generators/authentication/templates/controllers/api/password_resets_controller.rb.tt in authentication-zero-2.2.1

@@ -1,15 +1,15 @@
 class PasswordResetsController < ApplicationController
-  skip_before_action :authenticate
-
   before_action :set_<%= singular_table_name %>, only: :update
 
+  skip_before_action :authenticate
+
   def create
-    if @<%= singular_table_name %> = <%= class_name %>.find_by_email(params[:email])
-      PasswordMailer.with(<%= singular_table_name %>: @<%= singular_table_name %>).reset.deliver_later
+    if @<%= singular_table_name %> = <%= class_name %>.find_by(email: params[:email], verified: true)
+      IdentityMailer.with(<%= singular_table_name %>: @<%= singular_table_name %>).password_reset_provision.deliver_later
     else
-      render json: { error: "Sorry, we didn't recognize that email address" }, status: :not_found
+      render json: { error: "You can't reset your password until you verify your email" }, status: :not_found
     end
   end
 
   def update
     if @<%= singular_table_name %>.update(<%= "#{singular_table_name}_params" %>)
@@ -21,10 +21,10 @@
 
   private
     def set_<%= singular_table_name %>
       @<%= singular_table_name %> = <%= class_name %>.find_signed!(params[:token], purpose: :password_reset)
     rescue ActiveSupport::MessageVerifier::InvalidSignature
-      render json: { error: "Your token has expired, please request a new one" }, status: :bad_request
+      render json: { error: "That password reset link is invalid" }, status: :bad_request
     end
 
     def <%= "#{singular_table_name}_params" %>
       params.permit(:password, :password_confirmation)
     end