From f09b1acfb74840c4e1350e80e8aad2f0ace81781 Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@nodebb.org>
Date: Wed, 4 Jul 2018 09:52:20 -0400
Subject: [PATCH] closes #6627

---
 src/controllers/index.js | 59 +++++++++++++++++++++++-----------------
 1 file changed, 34 insertions(+), 25 deletions(-)

diff --git a/src/controllers/index.js b/src/controllers/index.js
index 052995c60b..a91636dfc7 100644
--- a/src/controllers/index.js
+++ b/src/controllers/index.js
@@ -39,32 +39,41 @@ Controllers.errors = require('./errors');
 Controllers.composer = require('./composer');
 
 Controllers.reset = function (req, res, next) {
+	const renderReset = function (code, valid) {
+		res.render('reset_code', {
+			valid: valid,
+			displayExpiryNotice: req.session.passwordExpired,
+			code: code,
+			minimumPasswordLength: parseInt(meta.config.minimumPasswordLength, 10),
+			minimumPasswordStrength: parseInt(meta.config.minimumPasswordStrength, 10),
+			breadcrumbs: helpers.buildBreadcrumbs([
+				{
+					text: '[[reset_password:reset_password]]',
+					url: '/reset',
+				},
+				{
+					text: '[[reset_password:update_password]]',
+				},
+			]),
+			title: '[[pages:reset]]',
+		});
+		delete req.session.passwordExpired;
+	};
+
 	if (req.params.code) {
-		async.waterfall([
-			function (next) {
-				user.reset.validate(req.params.code, next);
-			},
-			function (valid) {
-				res.render('reset_code', {
-					valid: valid,
-					displayExpiryNotice: req.session.passwordExpired,
-					code: req.params.code,
-					minimumPasswordLength: parseInt(meta.config.minimumPasswordLength, 10),
-					minimumPasswordStrength: parseInt(meta.config.minimumPasswordStrength, 10),
-					breadcrumbs: helpers.buildBreadcrumbs([
-						{
-							text: '[[reset_password:reset_password]]',
-							url: '/reset',
-						},
-						{
-							text: '[[reset_password:update_password]]',
-						},
-					]),
-					title: '[[pages:reset]]',
-				});
-				delete req.session.passwordExpired;
-			},
-		], next);
+		// Save to session and redirect
+		req.session.reset_code = req.params.code;
+		res.redirect(nconf.get('relative_path') + '/reset');
+	} else if (req.session.reset_code) {
+		// Validate and save to local variable before removing from session
+		user.reset.validate(req.session.reset_code, function (err, valid) {
+			if (err) {
+				return next(err);
+			}
+
+			renderReset(req.session.reset_code, valid);
+			delete req.session.reset_code;
+		});
 	} else {
 		res.render('reset', {
 			code: null,