get email from passwordResetOrder

src/server/middlewares/password-reset.js

@@ -2,18 +2,20 @@ module.exports = (crowi, app) => {
   const PasswordResetOrder = crowi.model('PasswordResetOrder');
 
   return async(req, res, next) => {
-    const { token, email } = req.query;
+    const { token } = req.query;
 
-    if (token == null || email == null) {
+    if (token == null) {
       return res.redirect('/login');
     }
 
-    const passwordResetOrder = await PasswordResetOrder.findOne({ token, email });
+    const passwordResetOrder = await PasswordResetOrder.findOne({ token });
     // check the oneTimeToken is valid
     if (passwordResetOrder == null || passwordResetOrder.isExpired()) {
       return res.redirect('/login');
     }
 
+    req.DataFromPasswordResetOrderMiddleware = passwordResetOrder;
+
     return next();
   };
 };

src/server/routes/forgot-password.js

@@ -14,7 +14,9 @@ module.exports = function(crowi, app) {
   };
 
   actions.resetPassword = async function(req, res) {
-    return res.render('reset-password', { email: req.query.email });
+
+    const { email } = req.DataFromPasswordResetOrderMiddleware;
+    return res.render('reset-password', { email });
   };
 
   async function sendPasswordResetEmail(email, url, i18n) {