reset_password.rb in rodauth-1.12.0

- old
+ new

@@ -142,21 +142,17 @@
         reset_password_view
       end
     end
 
     def create_reset_password_key
-      ds = password_reset_ds
       transaction do
-        ds.where(Sequel::CURRENT_TIMESTAMP > reset_password_deadline_column).delete
-        if ds.empty?
-          if e = raised_uniqueness_violation{ds.insert(reset_password_key_insert_hash)}
-            # If inserting into the reset password table causes a violation, we can pull the 
-            # existing reset password key from the table, or reraise.
-            raise e unless @reset_password_key_value = get_password_reset_key(account_id)
-          end
-        else
-          @reset_password_key_value = get_password_reset_key(account_id)
+        if reset_password_key_value = get_password_reset_key(account_id)
+          @reset_password_key_value = reset_password_key_value
+        elsif e = raised_uniqueness_violation{password_reset_ds.insert(reset_password_key_insert_hash)}
+          # If inserting into the reset password table causes a violation, we can pull the 
+          # existing reset password key from the table, or reraise.
+          raise e unless @reset_password_key_value = get_password_reset_key(account_id)
         end
       end
     end
 
     def remove_reset_password_key
@@ -174,10 +170,12 @@
     def reset_password_email_link
       token_link(reset_password_route, reset_password_key_param, reset_password_key_value)
     end
 
     def get_password_reset_key(id)
-      password_reset_ds(id).get(reset_password_key_column)
+      ds = password_reset_ds(id)
+      ds.where(Sequel::CURRENT_TIMESTAMP > reset_password_deadline_column).delete
+      ds.get(reset_password_key_column)
     end
 
     def login_form_footer
       super + reset_password_request_link
     end