diff --git a/src/controllers/authentication.js b/src/controllers/authentication.js
index aabbcea44e..09fb7d7e78 100644
--- a/src/controllers/authentication.js
+++ b/src/controllers/authentication.js
@@ -360,6 +360,7 @@ authenticationController.onSuccessfulLogin = async function (req, uid) {
 		await meta.blacklist.test(req.ip);
 		await user.logIP(uid, req.ip);
 		await user.bans.unbanIfExpired([uid]);
+		await user.reset.cleanByUid(uid);
 
 		req.session.meta = {};
 
diff --git a/test/authentication.js b/test/authentication.js
index 1769fd5712..ce92392d9d 100644
--- a/test/authentication.js
+++ b/test/authentication.js
@@ -556,4 +556,11 @@ describe('authentication', () => {
 			},
 		], done);
 	});
+
+	it('should clear all reset tokens upon successful login', async () => {
+		const code = await user.reset.generate(regularUid);
+		await loginUserPromisified('regular', 'regularpwd');
+		const valid = await user.reset.validate(code);
+		assert.strictEqual(valid, false);
+	});
 });