Explain reset token expiration in emails

Tell new users when their password reset token expires and provide a
link to get a new one.

3 files changed, 23 insertions, 0 deletions

diff --git a/app/helpers/emails_helper.rb b/app/helpers/emails_helper.rb
index 0df3ecc90b7..12aa561a14e 100644
--- a/app/helpers/emails_helper.rb
+++ b/app/helpers/emails_helper.rb
@@ -35,4 +35,23 @@ module EmailsHelper
     lexer = Rugments::Lexers::Diff.new
     raw formatter.format(lexer.lex(diffcontent))
   end
+
+  def password_reset_token_valid_time
+    valid_hours = Devise.reset_password_within / 60 / 60
+    if valid_hours >= 24
+      unit = 'day'
+      valid_length = (valid_hours / 24).floor
+    else
+      unit = 'hour'
+      valid_length = valid_hours.floor
+    end
+
+    pluralize(valid_length, unit)
+  end
+
+  def reset_token_expire_message
+    link_tag = link_to('request a new one', new_user_password_url)
+    msg = "This link is valid for #{password_reset_token_valid_time}.  "
+    msg << "After it expires, you can #{link_tag}."
+  end
 end
diff --git a/app/views/notify/new_user_email.html.haml b/app/views/notify/new_user_email.html.haml
index ebbe98dd472..39cb01d4d29 100644
--- a/app/views/notify/new_user_email.html.haml
+++ b/app/views/notify/new_user_email.html.haml
@@ -12,3 +12,5 @@
 - if @user.created_by_id
   %p
     = link_to "Click here to set your password", edit_password_url(@user, :reset_password_token => @token)
+  %p
+    = reset_token_expire_message
diff --git a/app/views/notify/new_user_email.text.erb b/app/views/notify/new_user_email.text.erb
index 96b26879a77..dd9b71e3b84 100644
--- a/app/views/notify/new_user_email.text.erb
+++ b/app/views/notify/new_user_email.text.erb
@@ -5,4 +5,6 @@ The Administrator created an account for you. Now you are a member of the compan
 login.................. <%= @user.email %>
 <% if @user.created_by_id %>
   <%= link_to "Click here to set your password", edit_password_url(@user, :reset_password_token => @token) %>
+
+  <%= reset_token_expire_message %>
 <% end %>