Reset password tokens: user errors lead to confusion (multiple reset password requests)

Description

Allow looking up of old reset password tokens from the version table (if it hasn't been disabled). If the token in the link clicked is no longer valid but exists in version table then either:

1. Display a specific message such as: "Your reset password link has expired because a new one was generated at x:x:x time", or "Your reset password link is no longer valid as you successfully set your password at x:x:x time".
2. If the old token has not expired, allow it to be used to validate the user

Allow users to configure whether this feature is used at all and which of the above two options should be used.

Assignee

Dominic Watson

Reporter

Dominic Watson

Labels

None

Accepted

Yes

Fix versions

Priority

Medium
Configure