After a user resets their password, the original link that was sent to them will still direct the user to the ResetPasswordPage. When the user tries to reset their password using the same link (and the same token), the reset password operation will fail.
However, the ResetPassword page doesn't currently check if the reset password token is still valid.
Expected behavior
We should check if the reset password token from the associated link is still valid. If it isn't, we should direct the user to the login page and state that the reset password link is invalid.
To Reproduce
Steps to reproduce the behavior:
Click on an old reset password email (ex. via MailHog)
Click on the reset password link
The user will be directed to the Reset Password page.
Describe the bug
After a user resets their password, the original link that was sent to them will still direct the user to the
ResetPasswordPage. When the user tries to reset their password using the same link (and the same token), the reset password operation will fail.However, the ResetPassword page doesn't currently check if the reset password token is still valid.
Expected behavior
We should check if the reset password token from the associated link is still valid. If it isn't, we should direct the user to the login page and state that the reset password link is invalid.
To Reproduce
Steps to reproduce the behavior:
Desktop:
Additional context
Notes from the original ticket can be found here: When an inactivated user sends themselves a forgot password email, make sure that the interactions work correctly.