GIT-3085: Fixed the resetting password link constent active state after use (Fixes #3085). (#3087)

app/controllers/password_resets_controller.rb

@@ -55,9 +55,8 @@ class PasswordResetsController < ApplicationController
     elsif @user.update_attributes(user_params)
       # Clear the user's social uid if they are switching from a social to a local account
       @user.update_attribute(:social_uid, nil) if @user.social_uid.present?
-
-      # Mark password as secure
-      @user.update(secure_password: true)
+      # Mark password as secure and deactivate the reset digest in use.
+      @user.update(reset_digest: nil, reset_sent_at: nil, secure_password: true)
       # Successfully reset password
       return redirect_to root_path, flash: { success: I18n.t("password_reset_success") }
     end

spec/controllers/password_resets_controller_spec.rb

@@ -158,6 +158,7 @@ describe PasswordResetsController, type: :controller do
         user.reload
 
         expect(old_digest.eql?(user.password_digest)).to be false
+        expect(user.reset_digest.nil? && user.reset_sent_at.nil?).to be
         expect(response).to redirect_to(root_path)
       end
     end