At present, a user may attempt to reset a password or validate a code where the code is expired, and will be warned that the code is incorrect, stating the number of attempts remaining (if applicable) or that the code is incorrect until the correct code is given, at which point the user will be warned that the code has expired.
This order should be reviewed to determine if this is the correct order, or if expired codes should simply not be validated.
At present, a user may attempt to reset a password or validate a code where the code is expired, and will be warned that the code is incorrect, stating the number of attempts remaining (if applicable) or that the code is incorrect until the correct code is given, at which point the user will be warned that the code has expired.
This order should be reviewed to determine if this is the correct order, or if expired codes should simply not be validated.